Beta 1


Title A CC Approach to Secure Workflow Systems
Author Friis-Jensen, Rune
Supervisor Sharp, Robin (Computer Science and Engineering, Informatics and Mathematical Modelling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Institution Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
Thesis level Master's thesis
Year 2007
Abstract Secure workflow systems are used to maintain secure and non-repudiable records of possibly very complex transactions or other business processes within a business or organisation. Such systems are coming more and more into focus, as requirements for electronically documentable business practices increase. Possible applications include areas as diverse as maintaining secure accounting records, processing of examination answers and handling laboratory records. This thesis analyses the security requirements of such a system using an approach based on the Common Criteria for Information Technology Security Evaluation (CC). A Protection Profile (PP) is developed which in an implementationindependent manner describes the security requirements of a Secure Workflow System. On the basis of the PP a Security Target (ST), which conforms to the PP is developed. The ST identifies and describes the security requirements of a specific Secure Workflow System, which uses a centralised architecture. The ST is used to produce concrete specifications for this system which may be used for implementing a concrete system.
Series IMM-Thesis-2007-11
Keywords Common Criteria; Protection Profile; Security Target; Security Evaluation; Workflow; Workflow system
Fulltext
Original PDF imm5127.pdf (1.49 MB)
Admin Creation date: 2007-06-11    Update date: 2007-09-21    Source: dtu    ID: 200695    Original MXD