Open Source Systems Security Certification

By: Ernesto Damiani, Claudio Agostino Ardagna, Nabil El Ioini

Write A Review

Hardcover | 5 March 2009

At a Glance

Hardcover
224 Pages

Dimensions(cm)
24.13 x 15.88 x 1.27

Hardcover

$169.00

or 4 interest-free payments of $42.25 with

Ships in 5 to 7 business days

Open Source Systems Security Certification discusses Security Certification Standards and establishes the need to certify open source tools and applications. This includes the international standard for the certification of IT products (software, firmware and hardware) Common Criteria (ISO/IEC 15408) (CC 2006), a certification officially adopted by the governments of 18 nations.

Without security certification, open source tools and applications are neither secure nor trustworthy. Open Source Systems Security Certification addresses and analyzes the urgency of security certification for security-sensible markets, such as telecommunications, government and the military, through provided case studies.

This volume is designed for professionals and companies trying to implement an Open Source Systems (OSS) aware IT governance strategy, and SMEs looking to attract new markets traditionally held by proprietary products or to reduce costs. This book is also suitable for researchers and advanced-level students.

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

Orders over $89.00 qualify for free shipping.

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Computer Security Data Encryption Computer Programming & Software Development Software Engineering Computer Science Programming & Scripting Languages Computer Networking & Communications Network Security Business Applications Compilers & Interpreters

Databases

Other Editions and Formats

Paperback

Published: 4th November 2010

View Product

Introduction	p. 1
Context and motivation	p. 1
Software certification	p. 4
Certification vs. standardization	p. 5
Certification authorities	p. 5
Software security certification	p. 6
The state of the art	p. 8
Changing scenarios	p. 9
Certifying Open source	p. 9
Conclusions	p. 12
References	p. 12
Basic Notions on Access Control	p. 15
Introduction	p. 15
Access Control	p. 17
Discretionary Access Control	p. 18
Mandatory Access Control	p. 19
Role Based Access Control	p. 24
Conclusions	p. 24
References	p. 25
Test based security certifications	p. 27
Basic Notions on Software Testing	p. 27
Types of Software Testing	p. 30
Automation of Test Activities	p. 34
Fault Terminology	p. 34
Test Coverage	p. 36
Test-based Security Certification	p. 37
The Trusted Computer System Evaluation Criteria (TCSEC) standard	p. 39
CTCPEC	p. 46
ITSEC	p. 46
The Common Criteria: A General Model for Test-based Certification	p. 47
CC components	p. 48
Conclusions	p. 59
References	p. 60
Formal methods for software verification	p. 63
Introduction	p. 63
Formal methods for software verification	p. 65
Model Checking	p. 65
Static Analysis	p. 69
Untrusted code	p. 73
Security by contract	p. 74
Formal Methods for Error Detection in OS C-based Software	p. 75
Static Analysis for C code verification	p. 76
Model Checking for large-scale C-based Software verification	p. 81
Symbolic approximation for large-scale OS software verification	p. 83
Conclusion	p. 86
References	p. 86
OSS security certification	p. 89
Open source software (OSS)	p. 89
Open Source Licenses	p. 90
Specificities of Open Source Development	p. 93
OSS security	p. 97
OSS certification	p. 99
State of the art	p. 100
Security driven OSS development	p. 104
Security driven OSS development: A case study on Single Sign-On	p. 105
Single Sign-On: Basic Concepts	p. 105
A ST-based definition of trust models and requirements for SSO solutions	p. 107
Requirements	p. 116
A case study: CAS++	p. 118
Conclusions	p. 121
References	p. 122
Case Study 1: Linux certification	p. 125
The Controlled Access Protection Profile and the SLES8 Security Target	p. 125
SLES8 Overview	p. 126
Target of Evaluation (TOE)	p. 127
Security environment	p. 128
Security objectives	p. 129
Security requirements	p. 130
Evaluation process	p. 132
Producing the Evidence	p. 133
The Linux Test Project	p. 134
Writing a LTP test case	p. 135
Evaluation Tests	p. 141
Running the LTP test suite	p. 141
Test suite mapping	p. 142
Automatic Test Selection Example Based on SLES8 Security Functions	p. 146
Evaluation Results	p. 148
Horizontal and Vertical reuse of SLES8 evaluation	p. 149
Across distribution extension	p. 149
SLES8 certification within a composite product	p. 151
Conclusions	p. 153
References	p. 153
Case Study 2: ICSA and CCHIT Certifications	p. 155
Introduction	p. 155
ICSA Dynamic Certification Framework	p. 157
A closer look to ICSA certification	p. 158
Certification process	p. 158
A case study: the ICSA certification of the Endian firewall	p. 159
Endian Test Plan	p. 161
Hardware configuration	p. 161
Software configuration	p. 161
Features to test	p. 161
Testing tools	p. 163
Testing	p. 164
Configuration	p. 164
Logging	p. 165
Administration	p. 166
Security testing	p. 166
The CCHIT certification	p. 168
The CCHIT certification process	p. 170
Conclusions	p. 170
References	p. 171
The role of virtual testing labs	p. 173
Introduction	p. 173
An Overview of Virtualization Internals	p. 176
Virtualization Environments	p. 177
Comparing technologies	p. 179
Virtual Testing Labs	p. 180
The Open Virtual Testing Lab	p. 180
Xen Overview	p. 181
OVL key aspects	p. 181
Hardware and Software Requirements	p. 182
OVL Administration Interface	p. 184
Using OVL to perform LTP tests	p. 184
Conclusions	p. 186
References	p. 186
Long-term OSS security certifications: An Outlook	p. 187
Introduction	p. 187
Long-term Certifications	p. 189
Long-lived systems	p. 189
Long-term certificates	p. 190
On-demand certificate checking	p. 192
The certificate composition problem	p. 194
Conclusions	p. 195
References	p. 196
An example of a grep-based search/match phase	p. 199
Index	p. 201
Table of Contents provided by Ingram. All Rights Reserved.

Open Source Systems Security Certification

At a Glance

Hardcover

Shipping

How to return your order

Defective items

You Can Find This Book In

Other Editions and Formats

Paperback

More in Software Engineering

Pega Agentic AI on Cloud 3

Architecture, Governance, and Operating Models for Modern Enterprises

Pega Agentic AI on Cloud 3

Architecture, Governance, and Operating Models for Modern Enterprises

Intersection of Machine Learning and Computational Social Sciences

Future Generation Information Systems

Mobile and Ubiquitous Systems: Computing, Networking and Services

22nd EAI International Conference, MobiQuitous 2025, Shanghai, China, November 7-9, 2025, Proceedings, Part I

The Essence of Software Engineering

Design Patterns

Elements of Reusable Object-Oriented Software

Building Microservices

Designing Fine-Grained Systems 2nd Edition

The Manager`s Path

A Guide for Tech Leaders Navigating Growth and Change

Code

2nd Edition - The Hidden Language of Computer Hardware and Software

Git : Pocket Guide

A Working Introduction

Coding All-in-One For Dummies

2nd Edition

The Pragmatic Programmer 2nd edition

your journey to mastery, 20th Anniversary Edition

Refactoring 2ed

Improving the Design of Existing Code

Architecture Patterns with Python

Enabling Test-Driven Development, Domain-Driven Design, and Event-Driven Microservices

Arduino for Dummies

Blackwell Philosophy Anthologies

Swim Training Patterns

1st Edition - Plan your Training Sessions with the Power of Mathematics

Hacking For Dummies

For Dummies (Computer/Tech)

Site Reliability Engineering

How Google Runs Production Systems

User Story Mapping

Discover the Whote Story, Build the Right Product

The Engineering Leader

Strategies for Scaling Teams and Yourself

C# 12 in a Nutshell

The Definitive Reference

Web Application Security

2nd Eidtion - Exploitation and Countermeasures for Modern Web Applications

Learning Modern C++ for Finance

Foundations for Quantitative Programming

C# 12 Pocket Reference

Instant Help for C# 12 Programmers

This product is categorised by