<電子ブック>
Open source systems security certification

責任表示
著者
本文言語
出版者
出版年
出版地
概要 This title discusses security certification standards and establishes the need to certify open source tools and applications. It is suitable for researchers and advanced-level students in computer sci...ence.--続きを見る
目次 Cover
TOC. Contents
CH. 1 Introduction
1.1 Context and motivation
1.2 Software certification
1.2.1 Certification vs. standardization
1.2.2 Certification authorities
1.3 Software security certification
1.3.1 The state of the art
1.3.2 Changing scenarios
1.4 Certifying Open source
1.5 Conclusions
References
CH. 2 Basic Notions on Access Control
2.1 Introduction
2.2 Access Control
2.2.1 Discretionary Access Control
2.2.2 Mandatory Access Control
2.2.3 Role Based Access Control
2.3 Conclusions
References
CH. 3 Test based security certifications
3.1 Basic Notions on Software Testing
3.1.1 Types of Software Testing
3.1.2 Automation of Test Activities
3.1.3 Fault Terminology
3.1.4 Test Coverage
3.2 Test-based Security Certification
3.2.1 The Trusted Computer System Evaluation Criteria (TCSEC) standard
3.2.2 CTCPEC
3.2.3 ITSEC
3.3 The Common Criteria : A General Model for Test-based Certification
3.3.1 CC components
3.4 Conclusions
References
CH. 4 Formal methods for software verification
4.1 Introduction
4.2 Formal methods for software verification
4.2.1 Model Checking
4.2.2 Static Analysis
4.2.3 Untrusted code
4.2.4 Security by contract
4.3 Formal Methods for Error Detection in OS C-based Software
4.3.1 Static Analysis for C code verification
4.3.2 Model Checking for large-scale C-based Software verification
4.3.3 Symbolic approximation for large-scale OS software verification
4.4 Conclusion
References
CH. 5 OSS security certification
5.1 Open source software (OSS)
5.1.1 Open Source Licenses
5.1.2 Specificities of Open Source Development
5.2 OSS security
5.3 OSS certification
5.3.1 State of the art
5.4 Security driven OSS development
5.5 Security driven OSS development: A case study on Single Sign-On
5.5.1 Single Sign-On: Basic Concepts
5.5.2 A ST-based definition of trust models and requirements for SSO solutions
5.5.3 Requirements
5.5.4 A case study: CAS++
5.6 Conclusions
References
CH. 6 Case Study 1: Linux certification
6.1 The Controlled Access Protection Profile and the SLES8 Security Target
6.1.1 SLES8 Overview
6.1.2 Target of Evaluation (TOE)
6.1.3 Security environment
6.1.4 Security objectives
6.1.5 Security requirements
6.2 Evaluation process
6.2.1 Producing the Evidence
6.3 The Linux Test Project
6.3.1 Writing a LTP test case
6.4 Evaluation Tests
6.4.1 Running the LTP test suite
6.4.2 Test suite mapping
6.4.3 Automatic Test Selection Example Based on SLES8 Security Functions
6.5 Evaluation Results
6.6 Horizontal and Vertical reuse of SLES8 evaluation
6.6.1 Across distribution extension
6.6.2 SLES8 certification within a composite product
6.7 Conclusions
References
CH. 7 Case Study 2: ICSA and CCHIT Certifications
7.1 Introduction
7.2 ICSA Dynamic Certification Framework
7.3 A closer look to ICSA certification
7.3.1 Certification process
7.4 A case study: the ICSA certification of the Endian firewall
7.5 Endian Test Plan
7.5.1 Hardware configuration
7.5.2 Software configuration
7.5.3 Features to test .
続きを見る
本文を見る Full text available from Springer Computer Science eBooks 2009 English/International

詳細

レコードID
刊行頻度
主題
SSID
LCCN
NBN
eISBN
XISBN
登録日 2020.06.27
更新日 2020.06.28