Open Source Systems Security Certification

This book discusses Security Certification Standards and establishes the need to certify open source tools and applications. This includes the international standard for the certification of IT products Common Criteria (ISO/IEC 15408) (CC 2006).

Open Source Systems Security Certification discusses Security Certification Standards and establishes the need to certify open source tools and applications. This includes the international standard for the certification of IT products (software, firmware and hardware) Common Criteria (ISO/IEC 15408) (CC 2006), a certification officially adopted by the governments of 18 nations.

Without security certification, open source tools and applications are neither secure nor trustworthy. Open Source Systems Security Certification addresses and analyzes the urgency of security certification for security-sensible markets, such as telecommunications, government and the military, through provided case studies.

This volume is designed for professionals and companies trying to implement an Open Source Systems (OSS) aware IT governance strategy, and SMEs looking to attract new markets traditionally held by proprietary products or to reduce costs. This book is also suitable for researchers and advanced-level students.

One of the first books that covers security certification standards for open source systems exclusively The primary author, Professor Ernesto Damiani of the University of Milan, is highly respected world wide in this field

Autorentext
Ernesto Damiani is a professor at the Department of Information Technology of the University of Milan. He is the Vice-Chair of the ACM Special Interest Group on Applied Computing (SIGAPP).

Klappentext

Open Source Systems Security Certification provides an introduction to the notion of the Security Certification, including test-based and model-based approaches to the certification of software products. Several Security Certification standards are presented, including the international standard for the certification of IT products Common Criteria (ISO/IEC 15408) (CC 2006), a certification officially adopted by the governments of 18 nations.

This book discusses Security Certification as a way to foster adoption and deployment of Open Source Software (OSS) in security-sensible markets, such as telecommunications, government and the military. Scientific and technical issues of OSS security certification are highlighted through case studies.

This volume is designed for professionals and companies trying to implement an Open Source Systems (OSS) aware IT governance strategy, and SMEs looking for ways to use OSS in order to enter new security-conscious markets traditionally held by proprietary products. This book is also suitable for researchers and advanced-level students interested in OSS development, deployment and adoption issues.

Zusammenfassung

Open Source Systems Security Certification discusses Security Certification Standards and establishes the need to certify open source tools and applications. This includes the international standard for the certification of IT products (software, firmware and hardware) Common Criteria (ISO/IEC 15408) (CC 2006), a certification officially adopted by the governments of 18 nations.

Without security certification, open source tools and applications are neither secure nor trustworthy. Open Source Systems Security Certification addresses and analyzes the urgency of security certification for security-sensible markets, such as telecommunications, government and the military, through provided case studies.

This volume is designed for professionals and companies trying to implement an Open Source Systems (OSS) aware IT governance strategy, and SMEs looking to attract new markets traditionally held by proprietary products or to reduce costs. This book is also suitable for researchers and advanced-level students.

Inhalt
Basic Notions on Access Control.- Test based security certifications.- Formal methods for software verification.- OSS security certification.- Case Study 1: Linux certification.- Case Study 2: ICSA and CCHIT Certifications.- The role of virtual testing labs.- Long-term OSS security certifications: An Outlook.