Issue No. 02 - March/April (2006 vol. 4)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.35
Feisal Keblawi , Federal Aviation Administration
Dick Sullivan , Science Applications International Corporation
The National Institute of Standards and Technology has proposed using the Common Criteria and system-level protection profiles (SLPPs) to specify security requirements in large systems, such as those used in air traffic management. This article summarizes experience with SLPP and security targets for the US Federal Aviation Administration's National Airspace System. The authors review the FAA efforts, highlight the problems encountered, and offer suggestions for future work, calling for more research on linking systems, software, and security requirements engineering with SLPP; clearer ties between security specifications and system certification; and better guidance on the appropriate use of SLPP as a prerequisite to widespread use.
systems engineering, software engineering, security engineering, requirements analysis, requirements specifications, Common Criteria, protection profiles, aviation security
D. Sullivan and F. Keblawi, "Applying the Common Criteria in Systems Engineering," in IEEE Security & Privacy, vol. 4, no. , pp. 50-55, 2006.