The Common Criteria standard provides an infrastructure for evaluating security functions of IT products and for certifying that security policies claimed by product suppliers are correctly enforced by the security functions themselves. Certifying Open Source software (OSS) can pave the way to OSS adoption in a number of security-conscious application environments. Recent experiences in certifying Linux distributions has pointed out the problem of finding a mapping between descriptions of OSS security functions and existingtest suites developed independently, such as the Linux Test Project. In this paper, we describe a mechanism, based on matching techniques, which semiautomatically associates security functions to existing test suite such as the ones developed by Open Source communities.

Mapping Linux security targets to existing test suites / C.A. Ardagna, E. Damiani, N. El Ioini, F. Frati, P. Giovannini, R. Tchokpon - In: Open source development, communities and quality : IFIP 20. world computer congress, working group 2.3 on open source software : september 7-10, 2008, Milano, Italy / [a cura di] Barbara Russo ... [et al.]. - New York : Springer, 2008. - ISBN 9780387096834. - pp. 29-45 (( Intervento presentato al 4. convegno IFIP International Conference on Open Source Systems (OSS) tenutosi a Milano nel 2008.

Mapping Linux security targets to existing test suites

C.A. Ardagna
Primo
;
E. Damiani
Secondo
;
F. Frati;
2008

Abstract

The Common Criteria standard provides an infrastructure for evaluating security functions of IT products and for certifying that security policies claimed by product suppliers are correctly enforced by the security functions themselves. Certifying Open Source software (OSS) can pave the way to OSS adoption in a number of security-conscious application environments. Recent experiences in certifying Linux distributions has pointed out the problem of finding a mapping between descriptions of OSS security functions and existingtest suites developed independently, such as the Linux Test Project. In this paper, we describe a mechanism, based on matching techniques, which semiautomatically associates security functions to existing test suite such as the ones developed by Open Source communities.
Settore INF/01 - Informatica
2008
IFIP
Book Part (author)
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/45297
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
social impact