rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780387773230

Open Source Systems Security Certification

by ; ;
  • ISBN13:

    9780387773230

  • ISBN10:

    0387773231

  • Format: Hardcover
  • Copyright: 2008-11-01
  • Publisher: Springer-Verlag New York Inc

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $149.99 Save up to $114.35
  • Buy Used
    $112.49
    Add to Cart Free Shipping Icon Free Shipping

    USUALLY SHIPS IN 2-4 BUSINESS DAYS

Summary

"Open Source Systems Security Certification provides an introduction to the notion of the Security Certification, including test-based and model-based approaches to the certification of software products. Several Security Certification standards are presented, including the international standard for the certification of IT products Common Criteria (ISO/IEC 15408) (CC 2006), a certification officially adopted by the governments of 18 nations." "This book discusses Security Certification as a way to foster adoption and deployment of Open Source Software (OSS) in security-sensible markets, such as telecommunications, government and the military. Scientific and technical issues of OSS security certification are highlighted through case studies." "This volume is designed for professionals and companies trying to implement an Open Source Systems (OSS) aware IT governance strategy, and SMEs looking for ways to use OSS in order to enter new security-conscious markets traditionally held by proprietary products. This book is also suitable for researchers and advanced-level students interested in OSS development, deployment and adoption issues."--BOOK JACKET.

Table of Contents

Introductionp. 1
Context and motivationp. 1
Software certificationp. 4
Certification vs. standardizationp. 5
Certification authoritiesp. 5
Software security certificationp. 6
The state of the artp. 8
Changing scenariosp. 9
Certifying Open sourcep. 9
Conclusionsp. 12
Referencesp. 12
Basic Notions on Access Controlp. 15
Introductionp. 15
Access Controlp. 17
Discretionary Access Controlp. 18
Mandatory Access Controlp. 19
Role Based Access Controlp. 24
Conclusionsp. 24
Referencesp. 25
Test based security certificationsp. 27
Basic Notions on Software Testingp. 27
Types of Software Testingp. 30
Automation of Test Activitiesp. 34
Fault Terminologyp. 34
Test Coveragep. 36
Test-based Security Certificationp. 37
The Trusted Computer System Evaluation Criteria (TCSEC) standardp. 39
CTCPECp. 46
ITSECp. 46
The Common Criteria: A General Model for Test-based Certificationp. 47
CC componentsp. 48
Conclusionsp. 59
Referencesp. 60
Formal methods for software verificationp. 63
Introductionp. 63
Formal methods for software verificationp. 65
Model Checkingp. 65
Static Analysisp. 69
Untrusted codep. 73
Security by contractp. 74
Formal Methods for Error Detection in OS C-based Softwarep. 75
Static Analysis for C code verificationp. 76
Model Checking for large-scale C-based Software verificationp. 81
Symbolic approximation for large-scale OS software verificationp. 83
Conclusionp. 86
Referencesp. 86
OSS security certificationp. 89
Open source software (OSS)p. 89
Open Source Licensesp. 90
Specificities of Open Source Developmentp. 93
OSS securityp. 97
OSS certificationp. 99
State of the artp. 100
Security driven OSS developmentp. 104
Security driven OSS development: A case study on Single Sign-Onp. 105
Single Sign-On: Basic Conceptsp. 105
A ST-based definition of trust models and requirements for SSO solutionsp. 107
Requirementsp. 116
A case study: CAS++p. 118
Conclusionsp. 121
Referencesp. 122
Case Study 1: Linux certificationp. 125
The Controlled Access Protection Profile and the SLES8 Security Targetp. 125
SLES8 Overviewp. 126
Target of Evaluation (TOE)p. 127
Security environmentp. 128
Security objectivesp. 129
Security requirementsp. 130
Evaluation processp. 132
Producing the Evidencep. 133
The Linux Test Projectp. 134
Writing a LTP test casep. 135
Evaluation Testsp. 141
Running the LTP test suitep. 141
Test suite mappingp. 142
Automatic Test Selection Example Based on SLES8 Security Functionsp. 146
Evaluation Resultsp. 148
Horizontal and Vertical reuse of SLES8 evaluationp. 149
Across distribution extensionp. 149
SLES8 certification within a composite productp. 151
Conclusionsp. 153
Referencesp. 153
Case Study 2: ICSA and CCHIT Certificationsp. 155
Introductionp. 155
ICSA Dynamic Certification Frameworkp. 157
A closer look to ICSA certificationp. 158
Certification processp. 158
A case study: the ICSA certification of the Endian firewallp. 159
Endian Test Planp. 161
Hardware configurationp. 161
Software configurationp. 161
Features to testp. 161
Testing toolsp. 163
Testingp. 164
Configurationp. 164
Loggingp. 165
Administrationp. 166
Security testingp. 166
The CCHIT certificationp. 168
The CCHIT certification processp. 170
Conclusionsp. 170
Referencesp. 171
The role of virtual testing labsp. 173
Introductionp. 173
An Overview of Virtualization Internalsp. 176
Virtualization Environmentsp. 177
Comparing technologiesp. 179
Virtual Testing Labsp. 180
The Open Virtual Testing Labp. 180
Xen Overviewp. 181
OVL key aspectsp. 181
Hardware and Software Requirementsp. 182
OVL Administration Interfacep. 184
Using OVL to perform LTP testsp. 184
Conclusionsp. 186
Referencesp. 186
Long-term OSS security certifications: An Outlookp. 187
Introductionp. 187
Long-term Certificationsp. 189
Long-lived systemsp. 189
Long-term certificatesp. 190
On-demand certificate checkingp. 192
The certificate composition problemp. 194
Conclusionsp. 195
Referencesp. 196
An example of a grep-based search/match phasep. 199
Indexp. 201
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program