Research Catalog

Open source systems security certification

Title
Open source systems security certification / Ernesto Damiani, Claudio Agostino Ardagna, Nabil El Ioini.
Author
Damiani, Ernesto, 1960-
Publication
New York : Springer, ©2009.

Items in the Library & Off-site

Filter by

1 Item

StatusFormatAccessCall NumberItem Location
Request for On-site UseRequest Scan
How do I pick up this item and when will it be ready?
TextUse in library QA76.9.A25 D36 2009Off-site

Details

Additional Authors
  • Ardagna, Claudio Agostino.
  • Ioini, Nabil El.
Description
xix, 202 pages : illustrations; 25 cm
Summary
This title discusses security certification standards and establishes the need to certify open source tools and applications. It is suitable for researchers and advanced-level students in computer science.--
Subject
  • Open source software
  • Computer security
  • Computer Security
  • Computersicherheit
  • Open Source
  • Zertifizierung
Bibliography (note)
  • Includes bibliographical references and index.
Contents
Cover -- TOC. Contents -- CH. 1 Introduction -- 1.1 Context and motivation -- 1.2 Software certification -- 1.2.1 Certification vs. standardization -- 1.2.2 Certification authorities -- 1.3 Software security certification -- 1.3.1 The state of the art -- 1.3.2 Changing scenarios -- 1.4 Certifying Open source -- 1.5 Conclusions -- References -- CH. 2 Basic Notions on Access Control -- 2.1 Introduction -- 2.2 Access Control -- 2.2.1 Discretionary Access Control -- 2.2.2 Mandatory Access Control -- 2.2.3 Role Based Access Control -- 2.3 Conclusions -- References -- CH. 3 Test based security certifications -- 3.1 Basic Notions on Software Testing -- 3.1.1 Types of Software Testing -- 3.1.2 Automation of Test Activities -- 3.1.3 Fault Terminology -- 3.1.4 Test Coverage -- 3.2 Test-based Security Certification -- 3.2.1 The Trusted Computer System Evaluation Criteria (TCSEC) standard -- 3.2.2 CTCPEC -- 3.2.3 ITSEC -- 3.3 The Common Criteria : A General Model for Test-based Certification -- 3.3.1 CC components -- 3.4 Conclusions -- References -- CH. 4 Formal methods for software verification -- 4.1 Introduction -- 4.2 Formal methods for software verification -- 4.2.1 Model Checking -- 4.2.2 Static Analysis -- 4.2.3 Untrusted code -- 4.2.4 Security by contract -- 4.3 Formal Methods for Error Detection in OS C-based Software -- 4.3.1 Static Analysis for C code verification -- 4.3.2 Model Checking for large-scale C-based Software verification -- 4.3.3 Symbolic approximation for large-scale OS software verification -- 4.4 Conclusion -- References -- CH. 5 OSS security certification -- 5.1 Open source software (OSS) -- 5.1.1 Open Source Licenses -- 5.1.2 Specificities of Open Source Development -- 5.2 OSS security -- 5.3 OSS certification -- 5.3.1 State of the art -- 5.4 Security driven OSS development -- 5.5 Security driven OSS development: A case study on Single Sign-On -- 5.5.1 Single Sign-On: Basic Concepts -- 5.5.2 A ST-based definition of trust models and requirements for SSO solutions -- 5.5.3 Requirements -- 5.5.4 A case study: CAS++ -- 5.6 Conclusions -- References -- CH. 6 Case Study 1: Linux certification -- 6.1 The Controlled Access Protection Profile and the SLES8 Security Target -- 6.1.1 SLES8 Overview -- 6.1.2 Target of Evaluation (TOE) -- 6.1.3 Security environment -- 6.1.4 Security objectives -- 6.1.5 Security requirements -- 6.2 Evaluation process -- 6.2.1 Producing the Evidence -- 6.3 The Linux Test Project -- 6.3.1 Writing a LTP test case -- 6.4 Evaluation Tests -- 6.4.1 Running the LTP test suite -- 6.4.2 Test suite mapping -- 6.4.3 Automatic Test Selection Example Based on SLES8 Security Functions -- 6.5 Evaluation Results -- 6.6 Horizontal and Vertical reuse of SLES8 evaluation -- 6.6.1 Across distribution extension -- 6.6.2 SLES8 certification within a composite product -- 6.7 Conclusions -- References -- CH. 7 Case Study 2: ICSA and CCHIT Certifications -- 7.1 Introduction -- 7.2 ICSA Dynamic Certification Framework -- 7.3 A closer look to ICSA certification -- 7.3.1 Certification process -- 7.4 A case study: the ICSA certification of the Endian firewall -- 7.5 Endian Test Plan -- 7.5.1 Hardware configuration -- 7.5.2 Software configuration -- 7.5.3 Features to test.
ISBN
  • 9780387773230
  • 0387773231
  • 038777324X
  • 9780387773247
  • 9780387773247 (canceled/invalid)
LCCN
2008935406
OCLC
  • ocn660992319
  • 660992319
  • SCSB-9181568
Owning Institutions
Princeton University Library