๐”– Scriptorium
โœฆ   LIBER   โœฆ
๐Ÿ“

Open source systems security certification

โœ Scribed by Damiani, Ernesto; Ioini, Nabil El; Ardagna, Claudio Agostino

Publisher
Springer
Year
2009
Tongue
English
Leaves
211
Edition
1
Category
Library
โฌ‡  Acquire This Volume

No coin nor oath required. For personal study only.

โœฆ Synopsis

Open Source Systems Security Certification discusses Security Certification Standards and establishes the need to certify open source tools and applications. This includes the international standard for the certification of IT products (software, firmware and hardware) Common Criteria (ISO/IEC 15408) (CC 2006), a certification officially adopted by the governments of 18 nations.

Without security certification, open source tools and applications are neither secure nor trustworthy. Open Source Systems Security Certification addresses and analyzes the urgency of security certification for security-sensible markets, such as telecommunications, government and the military, through provided case studies.

This volume is designed for professionals and companies trying to implement an Open Source Systems (OSS) aware IT governance strategy, and SMEs looking to attract new markets traditionally held by proprietary products or to reduce costs. This book is also suitable for researchers and advanced-level students.

โœฆ Table of Contents

Content: Cover --
Contents --
1 Introduction --
1.1 Context and motivation --
1.2 Software certification --
1.2.1 Certification vs. standardization --
1.2.2 Certification authorities --
1.3 Software security certification --
1.3.1 The state of the art --
1.3.2 Changing scenarios --
1.4 Certifying Open source --
1.5 Conclusions --
References --
2 Basic Notions on Access Control --
2.1 Introduction --
2.2 Access Control --
2.2.1 Discretionary Access Control --
2.2.2 Mandatory Access Control --
2.2.3 Role Based Access Control --
2.3 Conclusions --
References --
3 Test based security certifications --
3.1 Basic Notions on Software Testing --
3.1.1 Types of Software Testing --
3.1.2 Automation of Test Activities --
3.1.3 Fault Terminology --
3.1.4 Test Coverage --
3.2 Test-based Security Certification --
3.2.1 The Trusted Computer System Evaluation Criteria (TCSEC) standard --
3.2.2 CTCPEC --
3.2.3 ITSEC --
3.3 The Common Criteria : A General Model for Test-based Certification --
3.3.1 CC components --
3.4 Conclusions --
References --
4 Formal methods for software verification --
4.1 Introduction --
4.2 Formal methods for software verification --
4.2.1 Model Checking --
4.2.2 Static Analysis --
4.2.3 Untrusted code --
4.2.4 Security by contract --
4.3 Formal Methods for Error Detection in OS C-based Software --
4.3.1 Static Analysis for C code verification --
4.3.2 Model Checking for large-scale C-based Software verification --
4.3.3 Symbolic approximation for large-scale OS software verification --
4.4 Conclusion --
References --
5 OSS security certification --
5.1 Open source software (OSS) --
5.1.1 Open Source Licenses --
5.1.2 Specificities of Open Source Development --
5.2 OSS security --
5.3 OSS certification --
5.3.1 State of the art --
5.4 Security driven OSS development --
5.5 Security driven OSS development: A case study on Single Sign-On --
5.5.1 Single Sign-On: Basic Concepts --
5.5.2 A ST-based definition of trust models and requirements for SSO solutions --
5.5.3 Requirements --
5.5.4 A case study: CAS++ --
5.6 Conclusions --
References --
6 Case Study 1: Linux certification --
6.1 The Controlled Access Protection Profile and the SLES8 Security Target --
6.1.1 SLES8 Overview --
6.1.2 Target of Evaluation (TOE) --
6.1.3 Security environment --
6.1.4 Security objectives --
6.1.5 Security requirements --
6.2 Evaluation process --
6.2.1 Producing the Evidence --
6.3 The Linux Test Project --
6.3.1 Writing a LTP test case --
6.4 Evaluation Tests --
6.4.1 Running the LTP test suite --
6.4.2 Test suite mapping --
6.4.3 Automatic Test Selection Example Based on SLES8 Security Functions --
6.5 Evaluation Results --
6.6 Horizontal and Vertical reuse of SLES8 evaluation --
6.6.1 Across distribution extension --
6.6.2 SLES8 certification within a composite product --
6.7 Conclusions --
References --
7 Case Study 2: ICSA and CCHIT Certifications --
7.1 Introduction --
7.2 ICSA Dynamic Certification Framework --
7.3 A closer look to ICSA certification --
7.3.1 Certification process --
7.4 A case study: the ICSA certification of the Endian firewall --
7.5 Endian Test Plan --
7.5.1 Hardware configuration --
7.5.2 Software configuration --
7.5.3 Features to test --
7.5.

๐Ÿ“œ SIMILAR VOLUMES

Open Source Systems Security Certificati
๐Ÿ“ Open Source Systems Security Certification
โœ Ernesto Damiani, Claudio Agostino Ardagna, Nabil El Ioini ๐Ÿ“‚ Library ๐Ÿ“… 2008 ๐ŸŒ English

Open Source Systems Security Certification discusses Security Certification Standards and establishes the need to certify open source tools and applications. This includes the international standard for the certification of IT products (software, firmware and hardware) Common Criteria (ISO/IEC 15408

Open Source Systems Security Certificati
๐Ÿ“ Open Source Systems Security Certification
โœ Ernesto Damiani, Claudio Agostino Ardagna, Nabil El Ioini (auth.) ๐Ÿ“‚ Library ๐Ÿ“… 2009 ๐Ÿ› Springer US ๐ŸŒ English

<p><P><STRONG>Open Source Systems Security Certification</STRONG> provides an introduction to the notion of the Security Certification, including test-based and model-based approaches to the certification of software products. Several Security Certification standards are presented, including the int

Open Source Security Tools: Securing You
๐Ÿ“ Open Source Security Tools: Securing Your Unix or Windows Systems
โœ Tony Howlett ๐Ÿ“‚ Library ๐Ÿ“… 2004 ๐Ÿ› Prentice Hall ๐ŸŒ English

Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses.Written with the harried IT manager in mind, Open Source Security Tools is a practical, h