Security Functional Requirements Research Articles

DEVELOPMENT OF PROTECTION PROFILE FOR SECOND-LEVEL E-KTP CARD READER BASED ON ISO/IEC 15408:2022 AND ISO/IEC TS 19608:2018

The second level e-KTP reader device is an electronic data reader device stored in the e-KTP chip by applying a verification device in the form of a fingerprint/face scan. The data stored in the e-KTP chip is personal data that is general and specific, as stated in Law Number 27 of 2022. Therefore, users of e-KTP readers as controllers and processors of personal data are obliged to prevent unauthorised access lawfully by using a security system reliably, safely and responsibly. Permendagri Number 76 of 2020 requires compliance with product standards by involving relevant K/L agencies in the security sector as a form of supervision. Based on BSSN Regulation 15 of 2019, implementing the evaluation process in Indonesia's common criteria scheme requires a Protection Profile document to support the evaluation of IT device security. However, there is no Protection Profile document for e-KTP reader devices that have been certified so that it can be used as a reference in developing IT devices to support the evaluation of IT device security. Therefore, in this study, developing Protection Profiles for e-KTP readers based on ISO/IEC 15408 and ISO/IEC TS 19608: 2018 was carried out to prepare functional security requirements and security guarantees by considering the protection of personal data. While the developing method used is based on ISO/IEC TR 15446:2017. The results of this study are preparing a Protection Profile document consisting of 25 functional security requirements to fulfil 8 device security objectives with a level of security assurance at Evaluation Assurance Level (EAL) 4. Then the design results are tested based on the Assurance Protection Profile Evaluation class (APE) ISO/IEC 18045:2022 and declared to meet the criteria based on the ISO/IEC 15408 series.

On the Development of a Protection Profile Module for Encryption Key Management Components

The ability of a cryptographic system to protect information from attacks depends on many factors, including the secrecy of the encryption key. A crucial aspect of any cryptosystem is how it manages the encryption keys. Encryption Key Management (EKM) spans the entire life cycle of the key, including the key’s generation, usage, distribution, renewal, and destruction. Given the security sensitivity, it is desirable to adopt a widely accepted standard when developing an encryption key management system. Through rigorous development of security requirements and following standardized validation, evaluation, and certification, the consumers’ confidence in the security of the EKM system will be enhanced. The Protection Profile (PP), defined in the Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC), specifies the security functional and assurance requirements for a specific technology. In this work, we propose a PP Module that is the new evolution of the PP covering trusted security features for EKM, which is based on its compliance with the Network Device collaborative Protection Profile (NDcPP). In particular, by analyzing threats and vulnerabilities of EKM systems, corresponding security objectives and requirements are proposed in the PP, along with the specification of evaluation activities. The quantum-safe aspect of key distribution protocols is further investigated to support EKM products with quantum-resistant algorithms and quantum key distribution features. In addition to presenting the development methodology and implementation process for the PP Module of EKM, we distill lessons learned from developing and validating the PP Module to inspire future research efforts on defining security requirements with the CC.

A classification approach for software requirements towards maintainable security

As trends continue to move toward the introduction of intelligent methods to automate software engineering processes, security requirements classification is rapidly turning into a highly potent field for the software engineering community. There are several models for classifying security requirements proposed in the literature. However, their adoption and use is constrained by the absence of substantial datasets to allow for the replication and generalization of studies, using more advanced machine-learning techniques. Furthermore, most researchers in this area, consider Maintainability as purely a non-functional requirement with no relation to security. This has been identified to be a major source of security concerns. The main objective of this study is to propose a software requirements classification approach that considers maintainability as a security requirement. This seeks to ensure that maintenance efforts don't lead to new software vulnerabilities that were previously not present during deployment. A mixed research methodology is adopted as qualitative data is collected from students’ project documentation, labelled, and transformed into quantitative form during analysis. As a culmination of this process, a validated original publicly accessible, labelled software requirements dataset of student software project requirements (DOSSPRE) is obtained and presented to support the approach. It contains 1317 software requirements, including security requirements, functional requirements, and other non-functional requirements. Two versions of the dataset are presented: one for binary classification of security requirements vs. non-security requirements and the other for multi-class classification tasks with various more granular security requirements vs. non-security requirements. In both instances, well-known machine learning algorithms are used to verify the dataset. Support Vector Machine (SVM) and Logistic Regression were the top performers in multi-class classification with an average Accuracy of 86% in both cases. Multinomial Nave Bayes topped the other machine learning techniques in binary classification with 91% Precision, 69% Recall, 78% F1-Score, and Accuracy of 86%. The dataset is accessible on this link https://data.mendeley.com/datasets/23xtbvk6yp/1

Blockchain-based healthcare management system with two-side verifiability.

The lack of data outsourcing in healthcare management systems slows down the intercommunication and information sharing between different entities. A standard solution is outsourcing the electronic health record (EHR) to a cloud service provider (CSP). The outsourcing of the EHR should be performed securely without compromising the CSP functionalities. Searchable encryption would be a viable approach to ensure the confidentiality of the data without compromising searchability and accessibility. However, most existing searchable encryption solutions use centralised architecture. These systems have trust issues as not all the CSPs are fully trusted or honest. To address these problems, we explore blockchain technology with smart contract applications to construct a decentralised system with auditable yet immutable data storage and access. First, we propose a blockchain-based searchable encryption scheme for EHR storage and updates in a decentralised fashion. The proposed scheme supports confidentiality of the outsourced EHR, keyword search functionalities, verifiability of the user and the server, storage immutability, and dynamic updates of EHRs. Next, we implement a prototype using JavaScript and Solidity on the Ethereum platform to demonstrate the practicality of the proposed solution. Finally, we compare the performance and security of the proposed scheme against existing solutions. The result indicates that the proposed scheme is practical while providing the desired security features and functional requirements.

Multifunctional and Multidimensional Secure Data Aggregation Scheme in WSNs

In wireless sensor networks (WSNs), data aggregation (DA) has become one of the most practical techniques to reduce processing delay and improve energy efficiency. To support intelligent applications, sensor nodes need to report heterogeneous and diverse data, which induce the demand for multidimensional DA and multifunctional data analysis. To solve the current security problems and functional requirements, we propose a multifunctional and multidimensional secure DA scheme to strike the balance between data availability and privacy. First, we design a Chinese remainder theorem conversion method with the counter to encode multidimensional data into large integers, which can be operated by linear homomorphic encryption schemes. Then, we introduce a multifunctional data analysis method supporting diversified aggregation functions, including linear, polynomial, and continuous functions. Moreover, we demonstrate that the proposed scheme can achieve confidentiality, integrity, authentication, and resistance against false data injection attacks. The experimental results show that the supported max dimension of one ciphertext in our scheme is at least twice that of existing schemes. Thus, in scenarios with high dimensions, our scheme is superior to the existing schemes in terms of computation and communication costs.

Формирование методологии разработки безопасного системного программного обеспечения на примере операционных систем

System software is a cornerstone of any software system, so building secure system software in accordance with requirements of certification authorities and state-of-the-art practices is an important scientific and technical problem. One of possible approaches to cope with the problem is to build a methodology for secure system software development including advanced scientific technologies and industry best practices. The paper presents current results achieved in building such methodology in the following directions. The first one is regulatory framework improvement including development of GOST R specifications defining requirements to formal models of access control policies and their formal verification. The second direction is design and verification of formal models of corresponding security functional requirements. The third direction is application of new and well established technologies of static and run-time analysis of systems software. The considered technologies include static analysis, fuzzing, functional and unit testing as well as testing the system software against formal models of its functional security requirements. The forth direction is development of methods for acquisition of results of all kinds of the analysis and for its analytical processing. All the directions are illustrated by practical examples of application of the methodology to development of Astra Linux operating system distribution that is certified according to the highest evaluation assurance levels.

A Study on Analysis of Security Functional Requirements for Virtualization Products through Comparison with Foreign Countries’ Cases

A Study on Analysis of Security Functional Requirements for Virtualization Products through Comparison with Foreign Countries’ Cases

Complementary test selection criteria for model-based testing of security components

This article presents a successful industrial application of a model-based testing approach to the validation of security components. We present a smart combination of three test selection criteria applied to testing security requirements of components such as Hardware Security Modules. This combination relies on the use of static test selection criteria, namely structural model coverage, complemented by dynamic test selection criteria, based on abstract test scenarios or temporal properties, designed to target corner cases of security functional requirements. Our approach is implemented in an industrial and scalable MBT tool. We evaluated and successfully applied it on three real-world security components. The outcome of these experiences showed that the three test selection criteria target distinct kinds of errors in the software and are able to reveal inconsistencies in the specification. Moreover, a 5-year experience of working with both manufacturers and evaluators of security components, along with other industrial collaborations, showed that the approach is easy to adopt in the industry and the time spent to learn the methodology is negligible with respect to its benefits. Finally, the approach can be completely applied in a more general context on systems that underlay thorough validation of compliance to specifications or audits.

A Design of Trusted Computing Supporting Software based on Security Function

Most of existing TCSS have defined the functional interface of software in accordance with TCG specification. However, there is no clear definition of the security functional requirements and security targets that TCSS needs to meet in TCG specification. An implementation scheme for TCSS was proposed, and a TCSS prototype on the basis of Common Criteria (CC), combining with TCSS security function division and practical application demands was implemented. The experimental results show that the proposed software prototype can support the interface call of the TPM 2.0 and the SM4 cipher algorithm of China.

A Design for Security Functional Requirements of IoT Middleware System

A Design for Security Functional Requirements of IoT Middleware System

A scientific evaluation of the misuse case diagrams visual syntax

ContextMisuse case modeling is a well-known technique in the domain of capturing and specifying functional security requirements. Misuse case modeling provides a mechanism for security analysts to consider and account for security requirements in the early stages of a development process instead of relying on generic defensive mechanisms that are augmented to software systems towards the latter stages of development. ObjectiveMany research contributions in the area of misuse case modeling have been devoted to extending the notation to increase its coverage of additional security related semantics. However, there lacks research that evaluates the perception of misuse case models by its readers. A misread or misinterpreted misuse case model can have dire consequences downstream leading to the development of an insecure system. MethodThis paper presents an assessment of the design of the original misuse case modeling notation based on the Physics of Notations framework. A number of improvements to the notation were suggested. A survey and a controlled experiment were carried out to compare the cognitive effectiveness of the new notation in comparison to the original notation. ResultsThe survey had 55 participants for have mostly indicated that the new notation is more semantically transparent than the original notation. The results of the experiment show that subjects reading diagrams developed using the new notation performed their tasks an average 6min quicker, while in general the subjects performed their tasks in approximately 14.5min. The experimental tasks only required subjects reading diagrams and not creating them. ConclusionThe main finding of this paper is that the use of colors and icons has improved the readability of misuse case diagrams. Software engineering notations are usually black and white. It is expected that the readability of other software notations will improve if they utilize colors and icons.

보안관제시스템 보호프로파일 개발

보안관제시스템은 보안관제를 위해 보안관제센터에서 운영하고 있는 시스템이다. 최근 인터넷 가입자의 급격한 증가와 더불어 생활 전반의 모든 일들이 웹 서비스를 통하여 이루어짐에 따라 네트워크 보안에 대한 필요성이 급격히 증가하였고, 이에 따라 사이버 보안관제가 큰 이슈가 되어 각 기관에서는 보안관제시스템을 구축하여 보안관제 업무를 수행하고 있다. 하지만 보안관제시스템에 대한 보안 기능 요구사항이 정확히 명시되지 않아, 보안관제시스템을 구축 및 설계 개발 하는데 있어 많은 어려움이 있어 보호프로파일이 필요성이 요구된 실정이다. 본 논문에서는 보안관제시스템의 보안 기능 요구사항 명세를 위한 보안관제시스템 보호프로파일을 개발 하였다. Security Management System is a system which operates in the security control center for security control. All living things across the Internet in recent years, with the rapid increase in the subscriber base has increased the need for network security dramatically depending on yirueojim through web services, thus cyber security sheriff, I have a big issue to build a security management system, each agency and perform control tasks. But the security functional requirements for security management system would not specified exactly, in developing a security management system to build and design a situation that PP's needs require a lot of trouble. In this paper, we develop a Managed Security System Protection Profile for the security functional requirements specification of the security management system.

Using security robustness analysis for early-stage validation of functional security requirements

Security is nowadays an indispensable requirement in software systems. Traditional software engineering processes focus primarily on business requirements, leaving security as an afterthought to be addressed via generic “patched-on” defensive mechanisms. This approach is insufficient, and software systems need to have security functionality engineered within in a similar fashion as ordinary business functional requirements. Functional security requirements need to be elicited, analyzed, specified and validated at the early stages of the development life cycle. If the functional security requirements were not properly validated, then there is a risk of developing a system that is insecure, deeming it unusable. Acceptance testing is an effective technique to validate requirements. However, an ad hoc approach to develop acceptance tests will suffer the omission of important tests. This paper presents a systematic approach to develop executable acceptance tests that is specifically geared for model-based secure software engineering processes. The approach utilizes early-stage artifacts, namely misuse case and domain models, and robustness diagrams. The feasibility of the proposed approach is demonstrated by applying it to a real-world system. The results show that a comprehensive set of security acceptance tests can be developed based upon misuse case models for early-stage validation of functional security requirements.

Security requirements engineering for specifying security requirements of an e-voting system as a legitimate solution to e-governance

The changes in technology have put an increased pressure on e-governance to modernise its election process. In India, after several elections, we have noticed many problems such as long lines, sensitive polling booth and other polling problems. As a solution, we have moved to the electronic electoral process throughout the country, but a recent study revealed that various e-voting systems show serious failure due to specification, design and implementation flaws. In this paper, we propose to consider security requirements as functional requirements and security requirements engineering process in the early phases of e-voting system development as a legitimate solution for e-governance. As the result of adopting model-oriented security requirements engineering framework, the security requirements specification was complete and correct. High level of security was achieved by identifying more traces of vulnerabilities in turn identifying and specifying security requirements for e-voting system at the early phases of the software development life cycle.

Using SMCD to reduce inconsistencies in misuse case models: A subject-based empirical evaluation

Security is a crucial requirement in software systems which need to be addressed as early as the requirements phase. The technique of misuse case modeling has been introduced slightly over a decade ago to elicit and specify functional security requirements. Development efforts downstream will be driven by the functional security requirements specified in misuse case models. Consequently, the quality of a misuse case model influences the effectiveness of downstream development efforts. Inconsistencies are an undesired attribute that can severely reduce the quality of misuse case models. In this paper, a controlled experiment involving students is presented which evaluates the reduction of inconsistencies in misuse case models resulting from utilizing a structure called SMCD (Structured Misuse Case Descriptions). The experiment also examines the impact of using SMCD upon other quality attributes of misuse case models. The results of the experiment indicate that using SMCD improves the consistency levels of the developed misuse case models.

ENHANCING GOAL-ORIENTED SECURITY REQUIREMENTS ANALYSIS USING COMMON CRITERIA-BASED KNOWLEDGE

Goal-oriented requirements analysis (GORA) is one of the promising techniques to elicit software requirements, and it is natural to consider its application to security requirements analysis. In this paper, we proposed a method for goal-oriented security requirements analysis using security knowledge which is derived from several security targets (STs) compliant to Common Criteria (CC, ISO/IEC 15408). We call such knowledge security ontology for an application domain (SOAD). Three aspects of security such as confidentiality, integrity and availability are included in the scope of our method because the CC addresses these three aspects. We extract security-related concepts such as assets, threats, countermeasures and their relationships from STs, and utilize these concepts and relationships for security goal elicitation and refinement in GORA. The usage of certificated STs as knowledge source allows us to reuse efficiently security-related concepts of higher quality. To realize our proposed method as a supporting tool, we use an existing method GOORE (goal-oriented and ontology-driven requirements elicitation method) combining with SOAD. In GOORE, terms and their relationships in a domain ontology play an important role of semantic processing such as goal refinement and conflict identification. SOAD is defined based on concepts in STs. In contrast with other goal-oriented security requirements methods, the knowledge derived from actual STs contributes to eliciting security requirements in our method. In addition, the relationships among the assets, threats, objectives and security functional requirements can be directly reused for the refinement of security goals. We show an illustrative example to show the usefulness of our method and evaluate the method in comparison with other goal-oriented security requirements analysis methods.

국방정보보호를 위한 군(軍) SNS 보호프로파일(PP) 개발에 관한 연구

Social Network Service(SNS) have become very popular during the past few years. Also SNS, an current communication platform, greatly contributes to transmit the information rapidly and strengthen a sense of community and fellowship in military service. however it has vulnerable factors. For example, invasion of privacy, exposure of personal information and military data. In this particular case, it is a deathblow to the military service. Military Social Network Service require to protect the military security threats and disclosure of defense secrets. For such reasons we need the secure SNS that protects from any attacks or vulnerable factors. We present classification of functional type and analysis the SNS architecture. The goal of this work is propose military SNS security functional requirements for practical use safely.

From misuse cases to mal-activity diagrams: bridging the gap between functional security analysis and design

Secure software engineering is concerned with developing software systems that will continue delivering its intended functionality despite a multitude of harmful software technologies that can attack these systems from anywhere and at anytime. Misuse cases and mal-activity diagrams are two techniques to model functional security requirements address security concerns early in the development life cycle. This allows system designers to equip their systems with security mechanisms built within system design rather than relying on external defensive mechanisms. In a model-driven engineering process, misuse cases are expected to drive the construction of mal-activity diagrams. However, a systematic approach to transform misuse cases into mal-activity diagrams is missing. Therefore, this process remains dependent on human skill and judgment, which raises the risk of developing mal-activity diagrams that are inconsistent with the security requirements described in misuse cases, leading to the development of an insecure system. This paper presents an authoring structure for misuse cases and a transformation technique to systematically perform this desired model transformation. A study was conducted to evaluate the proposed technique using 46 attack stories outlined in a book by a former well-known hacker (Mitnick and Simon in The art of deception: controlling the human element of security, Wiley, Indianapolis, 2002). The results indicate that applying the proposed technique produces correct mal-activity diagrams from misuse cases.

Auto-Selection of Security Functional Components Based on Common Criteria

With the development of software engineering, security problems have become more and more serious through all phases in software development life circle. This paper proposes an automatic method of selecting security functional components by mapping threats and components. Firstly, we extract the information of threats from the published documents of Protect Profiles. In order to defend these threats, we obtain security objectives from security functional class. Then, we consider security functional requirements based on security objectives. Finally, we extract security functional components from security requirements. We take a students’ course selection system as a working example and prove how our auto-selecting method can reduce the working capacity and improve work efficiency.

Towards developing consistent misuse case models

Secure software development should begin at the early stages of the development life cycle. Misuse case modeling is a technique that stems from traditional use case modeling, which facilitates the elicitation and modeling functional security requirements at the requirements phase. Misuse case modeling is an effective vehicle to potentially identify a large subset of these threats. It is therefore crucial to develop high quality misuse case models otherwise end system developed will be vulnerable to security threats. Templates to describe misuse cases are populated with syntax-free natural language content. The inherent ambiguity of syntax-free natural language coupled with the crucial role of misuse case models in development can have a very detrimental effect. This paper proposes a structure that will guide misuse case authors towards developing consistent misuse case models. This paper also presents a process that utilizes this structure to ensure the consistency of misuse case models as they evolve, eliminating potential damages caused by inconsistencies. A tool was developed to provide automation support for the proposed structure and process. The feasibility and application of this approach were demonstrated using two real-world case studies.