Conference paper
Incorporating User-oriented Security into CC
Current versions of the Common Criteria concentrate very heavily on technical security issues which are relevant for the design of secure systems. This approach largely ignores a number of questions which can have great significance for whether or not the system can be operated securely in an environment which contains not only other computer systems, but also human users.
A case study involving the design of a secure medical instrumentation system will be used to illustrate the problems involved in incorporating user requirements into a secure design, so that system, when implemented, will help users to understand whether they are operating the system in a secure manner, thus avoiding user-related pitfalls such as leaking of confidential data as a result of inappropriate input, loss of patient privacy, inappropriate user reactions due to slow system response, or other similar threats not currently dealt with in CC.
Tentative proposals for extensions to the current classes of SFRs will be made on the basis of the analysis of the case.
Language: | English |
---|---|
Year: | 2009 |
Proceedings: | 10th International Common Criteria Conference |
Types: | Conference paper |
ORCIDs: | Sharp, Robin |