Ontological approach to the motion sensor security development

• Autorzy: Bialas A.

Warianty tytułu

PL

Podejście ontologiczne do projektowania zabezpieczeń ruchu

• Języki publikacji: EN

Abstrakty

EN

The paper deals with the IT security development process of the digital tachograph motion sensor having a claimed assurance level. The method, based on the Common Criteria standard and knowledge engineering, is presented and exemplified on the elaboration of the motion sensor security target and the evidences provided for the evaluation. The presented approach improves the preciseness of the security specifications and their reusability. The specifications elements can be considered as design patterns for other projects of similar intelligent electronic devices.

PL

Artykuł dotyczy procesu konstruowania zabezpieczeń czujnika ruchu tachografu cyfrowego o mierzalnym poziomie uzasadnionego zaufania (wiarygodności). Przedstawiono podejście oparte na standardzie Common Criteria oraz metodach inżynierii wiedzy. Opracowano ontologię oraz bazę wiedzy, które zastosowano do wypracowania specyfikacji bezpieczeństwa oraz materiału dowodowego przedkładanego do oceny i certyfikacji. Podejście zapewnia większą dokładność specyfikacji i możliwość jej ponownego wykorzystania w podobnych projektach, jako wzorców projektowych zapisanych w bazie wiedzy.

Słowa kluczowe

EN

IT security; motion sensor; digital tachograph

PL

zabezpieczenia informatyczne; czujnik ruchu; tachograf cyfrowy

• Wydawca: Wydawnictwo SIGMA-NOT
• Czasopismo: Przegląd Elektrotechniczny
• Rocznik: 2009
• Tom: R. 85, nr 11
• Strony: 36--44
• Opis fizyczny: Bibliogr. 28 poz., rys.

Twórcy

autor

Bialas A.

• Research and Development Centre of Electrical Engineering and Automation in Mining EMAG, Leopolda 31, 40-189 Katowice,

Bibliografia

• [1] Commission Regulation No.1360/2002 on recording equipment in road transport, Annex 1B Requirements for Construction, Testing, Installation and Inspection, Official Journal of the European Communities, L 207, (2002), 204-252
• [2] ISO/IEC 15408 Common Criteria for IT security evaluation
• [3] ISO/IEC 16844-3 Road Vehicles – Tachograph systems, Part 3: Motion sensor interface
• [4] http://www.emag.pl/
• [5] Common Criteria portal, http://www.commoncriteriaportal.org/
• [6] Bialas A., Security-related design patterns for intelligent sensors requiring measurable assurance, Przegląd Elektrotechniczny (Electrical Review), 85 (2009), nr 7, 92-99.
• [7] Noy N.F., McGuines s D.L., Ontology Development 101: A Guide to Creating Your First Ontology, Knowledge Systems Laboratory (2001) www-ksl.stanford.edu/people/dlm/papers/ontology-tutorial-noymcguinness- abstract.html
• [8] Improving Automotive Security by Evaluation – From Security Health Check to Common Criteria (2004), http://www.srcgmbh. de/whitepapers/automotive_security_amendola.pdf
• [9] Eriksson M. , Konsult I ., How to develop secure IT products using Common Criteria, Engineering Management Conference, IEEE International (2006), 297-299
• [10] Paar Ch., Weimerskirch A., Embedded security in a pervasive world, Information Security Technical Report, vol. 12 (2007), Issue 3, 155-161
• [11] Furgel I., Lemke K., A Review of the Digital Tachograph System, In: Embedded Security in Cars, Springer Berlin Heidelberg (2006), 69-94
• [12] Security Target IS2000 Smartach SRES, P206412, (2005), Actia, Toulouse
• [13] Security Target EFAS-3 V01 Digital Tachograph device, (2008), EFKONmobility GmbH
• [14] Yavagal D.S., Lee S.W., Ahn G-J., Gandhi R.A., Common Criteria Requirements Modeling and its Uses for Quality of Information Assurance. In: Proc. of the 43rd Annual ACM Southeast Conf. (ACMSE‘05), Vol. 2 (2005), 130-135
• [15] Ekelhart A., Fenz, S., Goluch, G., and Weippl, E., Ontological Mapping of Common Criteria’s Security Assurance Requirements, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H-, Eloff, M-, Labuschagne, L., Eloff, J., von Solms, R., Boston: Springer (2007), 85-95
• [16] Vorobiev A., Bekmamedova N., An Ontological Approach Applied to Information Security and Trust, 18th Australasian Conf. on Information Systems, Toowoomba, 2007, www.acis2007.usq.edu.au/assets/papers/144.pdf
• [17] Kim A., Luo J., Kang M., Security Ontology for Annotating Resources, Naval Research Laboratory, Washington, (2005), http://chacs.nrl.navy.mil/publications/CHACS/2005/2005kim- NRLOntologyFinal.pdf
• [18] Elahi, G. & Yu, E., A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs, Proceedings of the 26th Int. Conf. on Conceptual Modeling, Auckland, 2007, LNCS, Springer Berlin / Heidelberg, (2008), 375-390
• [19] Ekelhart A., Fenz S., Klemen M., Weippl E., Security Ontologies: Improving Quantitative Risk Analysis, Proc. of the 40th Hawaii Int. Conf. on System Sciences, Big Island, Hawaii, IEEE Computer Society Press (2007), 156-162
• [20] Bialas A., Semiformal framework for ICT security development, The 8th International Common Criteria Conference, Rome (2007), http://www.8iccc.com/index.php
• [21] Bialas A., Semiformal Approach to the IT Security Development, In: Zamojski W., Mazurkiewicz J., Sugier J., Walkowiak T., Proc. of the Int. Conf. on Dependability of Comp. Sys. DepCoS-RELCOMEX, IEEE Comp. Society, Los Alamitos, Washington, Tokyo (2007), ISBN 0-7695-2850-3, 3-11
• [22] Bialas A., Semiformal Common Criteria Compliant IT Security Development Framework, Studia Informatica, vol. 29 (2008) Number 2B(77), Silesian Univ. of Technology Press, Gliwice, www.znsi.aei.polsl.pl/
• [23] Protégé Ontology Editor and Knowledge Acquisition System, Stanford University, http://protege.stanford.edu/
• [24] Bialas A., Ontology-based Approach to the Common Criteria Compliant IT Security Development, In: Proceedings of the 2008 Int. Conf. on Security and Management – SAM'08, Las Vegas (2008), 586-592
• [25] Bialas A., Ontology-based Security Problem Definition and Solution for the Common Criteria Compliant Development Process In: Proc. of the Int. Conf. on Dependability of Comp. Systems DepCoS-RELCOMEX’2009, IEEE Computer Society (2009), Los Alamitos, Washington, Tokyo, 3-10
• [26] Guidelines for Developer Documentation according to Common Criteria Version 3.1, Bundesamt für Sicherheit in der Informationstechnik (2007)
• [27] Maśnicki R. , Implementacja sieci M2M w przyrządzie wirtualnym, Przegląd Elektrotechniczny, 84 (2008), nr 12, 308-311
• [28] Pławniak-Mowna A., Krawczyk A., Duraj A., Electromagnetic Field and Home Monitoring In Cardiac Device Technology, Przegląd Elektrotechniczny, 84 (2008), nr 12, 224- 226