Open source systems security certification [electronic resource] / Ernesto Damiani, Claudio Agostino Ardagna, Nabil el Ioini.
This title discusses security certification standards and establishes the need to certify open source tools and applications. It is suitable for researchers and advanced-level students in computer science.
Saved in:
| Online Access: |
Full Text (via Springer) |
|---|---|
| Main Author: | |
| Other Authors: | , |
| Format: | Electronic eBook |
| Language: | English |
| Published: |
New York :
Springer,
2009.
|
| Subjects: |
MARC
| LEADER | 00000cam a2200000xa 4500 | ||
|---|---|---|---|
| 001 | b8707302 | ||
| 006 | m o d | ||
| 007 | cr ||||||||||| | ||
| 008 | 090223s2009 nyua ob 001 0 eng d | ||
| 005 | 20240418142917.7 | ||
| 019 | |a 316003721 |a 405547006 |a 427857000 |a 500974192 |a 607355668 |a 613495517 |a 618409335 |a 646765629 |a 723099135 |a 728693944 |a 771426284 |a 771426285 |a 880311601 | ||
| 020 | |a 9780387773247 | ||
| 020 | |a 038777324X | ||
| 020 | |z 0387773231 |q (Cloth) | ||
| 020 | |z 9780387773230 | ||
| 024 | 7 | |a 10.1007/978-0-387-77324-7 | |
| 028 | 5 | 2 | |a 12196401 |
| 035 | |a (OCoLC)spr310335619 | ||
| 035 | |a (OCoLC)310335619 |z (OCoLC)316003721 |z (OCoLC)405547006 |z (OCoLC)427857000 |z (OCoLC)500974192 |z (OCoLC)607355668 |z (OCoLC)613495517 |z (OCoLC)618409335 |z (OCoLC)646765629 |z (OCoLC)723099135 |z (OCoLC)728693944 |z (OCoLC)771426284 |z (OCoLC)771426285 |z (OCoLC)880311601 | ||
| 037 | |a spr10.1007/978-0-387-77324-7 | ||
| 040 | |a GW5XE |b eng |e pn |c GW5XE |d YDXCP |d WAU |d IDEBK |d OCLCQ |d N$T |d CDX |d UAB |d E7B |d UBC |d OCLCQ |d OCLCF |d BEDGE |d COO |d MNU |d COA |d MHW |d SLY |d OCLCQ |d SOI | ||
| 049 | |a GWRE | ||
| 050 | 4 | |a QA76.9.A25 |b D36 2009eb | |
| 100 | 1 | |a Damiani, Ernesto, |d 1960- |0 http://id.loc.gov/authorities/names/n00014850 |1 http://isni.org/isni/0000000114560541. | |
| 245 | 1 | 0 | |a Open source systems security certification |h [electronic resource] / |c Ernesto Damiani, Claudio Agostino Ardagna, Nabil el Ioini. |
| 260 | |a New York : |b Springer, |c 2009. | ||
| 300 | |a 1 online resource (xix, 202 pages) : |b illustrations. | ||
| 336 | |a text |b txt |2 rdacontent. | ||
| 337 | |a computer |b c |2 rdamedia. | ||
| 338 | |a online resource |b cr |2 rdacarrier. | ||
| 504 | |a Includes bibliographical references and index. | ||
| 505 | 0 | |a Cover -- Contents -- 1 Introduction -- 1.1 Context and motivation -- 1.2 Software certification -- 1.2.1 Certification vs. standardization -- 1.2.2 Certification authorities -- 1.3 Software security certification -- 1.3.1 The state of the art -- 1.3.2 Changing scenarios -- 1.4 Certifying Open source -- 1.5 Conclusions -- References -- 2 Basic Notions on Access Control -- 2.1 Introduction -- 2.2 Access Control -- 2.2.1 Discretionary Access Control -- 2.2.2 Mandatory Access Control -- 2.2.3 Role Based Access Control -- 2.3 Conclusions -- References -- 3 Test based security certifications -- 3.1 Basic Notions on Software Testing -- 3.1.1 Types of Software Testing -- 3.1.2 Automation of Test Activities -- 3.1.3 Fault Terminology -- 3.1.4 Test Coverage -- 3.2 Test-based Security Certification -- 3.2.1 The Trusted Computer System Evaluation Criteria (TCSEC) standard -- 3.2.2 CTCPEC -- 3.2.3 ITSEC -- 3.3 The Common Criteria : A General Model for Test-based Certification -- 3.3.1 CC components -- 3.4 Conclusions -- References -- 4 Formal methods for software verification -- 4.1 Introduction -- 4.2 Formal methods for software verification -- 4.2.1 Model Checking -- 4.2.2 Static Analysis -- 4.2.3 Untrusted code -- 4.2.4 Security by contract -- 4.3 Formal Methods for Error Detection in OS C-based Software -- 4.3.1 Static Analysis for C code verification -- 4.3.2 Model Checking for large-scale C-based Software verification -- 4.3.3 Symbolic approximation for large-scale OS software verification -- 4.4 Conclusion -- References -- 5 OSS security certification -- 5.1 Open source software (OSS) -- 5.1.1 Open Source Licenses -- 5.1.2 Specificities of Open Source Development -- 5.2 OSS security -- 5.3 OSS certification -- 5.3.1 State of the art -- 5.4 Security driven OSS development -- 5.5 Security driven OSS development: A case study on Single Sign-On -- 5.5.1 Single Sign-On: Basic Concepts -- 5.5.2 A ST-based definition of trust models and requirements for SSO solutions -- 5.5.3 Requirements -- 5.5.4 A case study: CAS++ -- 5.6 Conclusions -- References -- 6 Case Study 1: Linux certification -- 6.1 The Controlled Access Protection Profile and the SLES8 Security Target -- 6.1.1 SLES8 Overview -- 6.1.2 Target of Evaluation (TOE) -- 6.1.3 Security environment -- 6.1.4 Security objectives -- 6.1.5 Security requirements -- 6.2 Evaluation process -- 6.2.1 Producing the Evidence -- 6.3 The Linux Test Project -- 6.3.1 Writing a LTP test case -- 6.4 Evaluation Tests -- 6.4.1 Running the LTP test suite -- 6.4.2 Test suite mapping -- 6.4.3 Automatic Test Selection Example Based on SLES8 Security Functions -- 6.5 Evaluation Results -- 6.6 Horizontal and Vertical reuse of SLES8 evaluation -- 6.6.1 Across distribution extension -- 6.6.2 SLES8 certification within a composite product -- 6.7 Conclusions -- References -- 7 Case Study 2: ICSA and CCHIT Certifications -- 7.1 Introduction -- 7.2 ICSA Dynamic Certification Framework -- 7.3 A closer look to ICSA certification -- 7.3.1 Certification process -- 7.4 A case study: the ICSA certification of the Endian firewall -- 7.5 Endian Test Plan -- 7.5.1 Hardware configuration -- 7.5.2 Software configuration -- 7.5.3 Features to test -- 7.5. | |
| 520 | |a This title discusses security certification standards and establishes the need to certify open source tools and applications. It is suitable for researchers and advanced-level students in computer science. | ||
| 588 | 0 | |a Print version record. | |
| 650 | 0 | |a Open source software. |0 http://id.loc.gov/authorities/subjects/sh99003437. | |
| 650 | 0 | |a Computer security. |0 http://id.loc.gov/authorities/subjects/sh90001862. | |
| 650 | 7 | |a Computer security. |2 fast |0 (OCoLC)fst00872484. | |
| 650 | 7 | |a Open source software. |2 fast |0 (OCoLC)fst01046097. | |
| 700 | 1 | |a Ardagna, Claudio Agostino. |0 http://id.loc.gov/authorities/names/no2009035679. | |
| 700 | 1 | |a Ioini, Nabil El. |0 http://id.loc.gov/authorities/names/no2009032045 |1 http://isni.org/isni/0000000080197317. | |
| 776 | 0 | 8 | |i Print version: |a Damiani, Ernesto, 1960- |t Open source systems security certification. |d New York : Springer, 2009 |z 9780387773230 |z 0387773231 |w (DLC) 2008935406 |w (OCoLC)233932842. |
| 856 | 4 | 0 | |u https://colorado.idm.oclc.org/login?url=http://link.springer.com/10.1007/978-0-387-77324-7 |z Full Text (via Springer) |
| 907 | |a .b8707302x |b 03-19-20 |c 06-30-16 | ||
| 998 | |a web |b 07-01-17 |c g |d b |e - |f eng |g nyu |h 0 |i 1 | ||
| 907 | |a .b8707302x |b 07-02-19 |c 06-30-16 | ||
| 944 | |a MARS - RDA ENRICHED | ||
| 907 | |a .b8707302x |b 01-17-18 |c 06-30-16 | ||
| 907 | |a .b8707302x |b 07-06-17 |c 06-30-16 | ||
| 907 | |a .b8707302x |b 05-23-17 |c 06-30-16 | ||
| 915 | |a I | ||
| 956 | |a Springer e-books | ||
| 956 | |b Springer Nature - Springer Computer Science eBooks 2009 English International | ||
| 999 | f | f | |i 38b5b876-a550-5802-805b-de6e8805ebb3 |s 24942829-0de5-5d8c-a276-5ea3e7e04c9d |
| 952 | f | f | |p Can circulate |a University of Colorado Boulder |b Online |c Online |d Online |e QA76.9.A25 D36 2009eb |h Library of Congress classification |i Ebooks, Prospector |n 1 |