| Introduction / 1: |
| Context and motivation / 1.1: |
| Software certification / 1.2: |
| Certification vs. standardization / 1.2.1: |
| Certification authorities / 1.2.2: |
| Software security certification / 1.3: |
| The state of the art / 1.3.1: |
| Changing scenarios / 1.3.2: |
| Certifying Open source / 1.4: |
| Conclusions / 1.5: |
| References |
| Basic Notions on Access Control / 2: |
| Access Control / 2.1: |
| Discretionary Access Control / 2.2.1: |
| Mandatory Access Control / 2.2.2: |
| Role Based Access Control / 2.2.3: |
| Test based security certifications / 2.3: |
| Basic Notions on Software Testing / 3.1: |
| Types of Software Testing / 3.1.1: |
| Automation of Test Activities / 3.1.2: |
| Fault Terminology / 3.1.3: |
| Test Coverage / 3.1.4: |
| Test-based Security Certification / 3.2: |
| The Trusted Computer System Evaluation Criteria (TCSEC) standard / 3.2.1: |
| CTCPEC / 3.2.2: |
| ITSEC / 3.2.3: |
| The Common Criteria: A General Model for Test-based Certification / 3.3: |
| CC components / 3.3.1: |
| Formal methods for software verification / 3.4: |
| Model Checking / 4.1: |
| Static Analysis / 4.2.2: |
| Untrusted code / 4.2.3: |
| Security by contract / 4.2.4: |
| Formal Methods for Error Detection in OS C-based Software / 4.3: |
| Static Analysis for C code verification / 4.3.1: |
| Model Checking for large-scale C-based Software verification / 4.3.2: |
| Symbolic approximation for large-scale OS software verification / 4.3.3: |
| Conclusion / 4.4: |
| OSS security certification / 5: |
| Open source software (OSS) / 5.1: |
| Open Source Licenses / 5.1.1: |
| Specificities of Open Source Development / 5.1.2: |
| OSS security / 5.2: |
| OSS certification / 5.3: |
| State of the art / 5.3.1: |
| Security driven OSS development / 5.4: |
| Security driven OSS development: A case study on Single Sign-On / 5.5: |
| Single Sign-On: Basic Concepts / 5.5.1: |
| A ST-based definition of trust models and requirements for SSO solutions / 5.5.2: |
| Requirements / 5.5.3: |
| A case study: CAS++ / 5.5.4: |
| Case Study 1: Linux certification / 5.6: |
| The Controlled Access Protection Profile and the SLES8 Security Target / 6.1: |
| SLES8 Overview / 6.1.1: |
| Target of Evaluation (TOE) / 6.1.2: |
| Security environment / 6.1.3: |
| Security objectives / 6.1.4: |
| Security requirements / 6.1.5: |
| Evaluation process / 6.2: |
| Producing the Evidence / 6.2.1: |
| The Linux Test Project / 6.3: |
| Writing a LTP test case / 6.3.1: |
| Evaluation Tests / 6.4: |
| Running the LTP test suite / 6.4.1: |
| Test suite mapping / 6.4.2: |
| Automatic Test Selection Example Based on SLES8 Security Functions / 6.4.3: |
| Evaluation Results / 6.5: |
| Horizontal and Vertical reuse of SLES8 evaluation / 6.6: |
| Across distribution extension / 6.6.1: |
| SLES8 certification within a composite product / 6.6.2: |
| Case Study 2: ICSA and CCHIT Certifications / 6.7: |
| ICSA Dynamic Certification Framework / 7.1: |
| A closer look to ICSA certification / 7.3: |
| Certification process / 7.3.1: |
| A case study: the ICSA certification of the Endian firewall / 7.4: |
| Endian Test Plan / 7.5: |
| Hardware configuration / 7.5.1: |
| Software configuration / 7.5.2: |
| Features to test / 7.5.3: |
| Testing tools / 7.5.4: |
| Testing / 7.6: |
| Configuration / 7.6.1: |
| Logging / 7.6.2: |
| Administration / 7.6.3: |
| Security testing / 7.6.4: |
| The CCHIT certification / 7.7: |
| The CCHIT certification process / 7.7.1: |
| The role of virtual testing labs / 7.8: |
| An Overview of Virtualization Internals / 8.1: |
| Virtualization Environments / 8.2.1: |
| Comparing technologies / 8.2.2: |
| Virtual Testing Labs / 8.3: |
| The Open Virtual Testing Lab / 8.3.1: |
| Xen Overview / 8.3.2: |
| OVL key aspects / 8.3.3: |
| Hardware and Software Requirements / 8.3.4: |
| OVL Administration Interface / 8.3.5: |
| Using OVL to perform LTP tests / 8.4: |
| Long-term OSS security certifications: An Outlook / 8.5: |
| Long-term Certifications / 9.1: |
| Long-lived systems / 9.2.1: |
| Long-term certificates / 9.2.2: |
| On-demand certificate checking / 9.3: |
| The certificate composition problem / 9.4: |
| An example of a grep-based search/match phase / 9.5: |
| Index |
| Introduction / 1: |
| Context and motivation / 1.1: |
| Software certification / 1.2: |
