The Common Criteria for Information Technology Security Evaluation (CCITSE), usually referred to as the Common Criteria (CC), establishes a level of trustworthiness and confidence that should be placed in the security functions of products or systems and the assurance measures applied to them. CC achieves this by evaluating the product or system conformance with a common set of requirements set forth by it. To engineer a product that meets the information assurance goals of CC, a structured and comprehensive methodology is required to drive the activities undertaken in all the stages of the software requirements engineering (RE) process. Such a methodology is inevitable to understand and attain the Quality of Information Assurance (QoIA). As an effort in this direction, we focus on the use of object-oriented ontology modeling as an effective way of representing and enforcing the given common set of requirements established by CC. Our methodology leverages novel techniques from software requirement engineering and knowledge engineering. This paper also describes how this methodology can effectively realize CC-related requirements of the target systems and help evaluate such systems for conformance to the certification and accreditation (C&A) process.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Karen Koogan Breitman , Julio Cesar Sampaio do Prado Leite, Ontology as a Requirements Engineering Product, Proceedings of the 11th IEEE International Conference on Requirements Engineering, p.309, September 08-12, 2003
	2	Carroll, J. J., Dickinson, I., Dollin, C., Reynolds, D., Seaborne, A., Jena: Implementing the Semantic Web Recommendations, Kevin Wilkinson Digital Media Systems Laboratory HP Laboratories Bristol, 2003
	3	CC ToolBox#8482;. Developed by SPARTA, Inc. for the National Information Assurance Partnership (NIAP) http://cctoolbox.sparta.com
	4	Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model, Part 2: Security functional requirements, Part 3: Security assurance requirements, August 1999 Version 2.1
	5	Hearn, J., Does the common criteria paradigm have a future?, National Cryptologic Museum, Security & Privacy Magazine, IEEE, Jan-Feb. 2004
	6	Michael Jackson, The meaning of requirements, Annals of Software Engineering, 3, p.5-21, 1997
	7	Lee, S. W. and Yavagal, D., GenOM User's Guide, Technical Report, Department of Software and Information Systems, University of North Carolina at Charlotte, 2004
	8	William Swartout , Austin Tate, Guest Editors' Introduction: Ontologies, IEEE Intelligent Systems, v.14 n.1, p.18-19, January 1999  [doi>10.1109/MIS.1999.747901]
	9	Monika Vetterling , Guido Wimmel , Alexander Wisspeintner, Secure systems development based on the common criteria: the PalME project, Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering, November 18-22, 2002, Charleston, South Carolina, USA  [doi>10.1145/587051.587071]