Measuring IT security - A method based on Common Criteria's security functional requirements

Proceedings fron the Fifth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC

Volumn , Issue , 2004, Pages 226-233

  Hunstad, Amund ^a   Hallberg, Jonas ^a   Andersson, Richard ^a  

^a SWEDISH DEFENCE RESEARCH AGENCY   (Sweden)

Author keywords

CC's security functional requirements; Common Criteria (CC); Distributed information systems; IT security; Securability

Indexed keywords

COMMON CRITERIA (CC); COMMON CRITERIA'S (CC) SECURITY FUNCTIONAL REQUIREMENTS; DISTRIBUTED INFORMATION SYSTEMS; IT SECURITY; SECURABILITY;

ALGORITHMS; COMPUTER NETWORKS; CORRELATION METHODS; DISTRIBUTED COMPUTER SYSTEMS; ESTIMATION; HUMAN COMPUTER INTERACTION; INFORMATION TECHNOLOGY; PROBABILITY;

SECURITY OF DATA;

EID: 15944391638     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (20)

1. ACSA (2002), Proc. Workshop on Information Security System Scoring and Ranking. Applied Computer Security Associates, http://www.acsac.org/measurement/ proceedings/wisssr1-proceedings.pdf
2. Andersson, R., Hunstad H., & Hallberg, J. (2003). Evaluation of the security of components in distributed information systems, Scientific report FOI-R-1042-SE, FOI, Linköping, Sweden.
3. Bottomly, R. (2002), CC Part 2: Security Functional Requirements.
4. CC (1999). Common Criteria for Information Technology Security Evaluation. Part I: Introduction and general model, Part 2: Security functional requirements, Part 3: Security assurance requirements.
5. Gollmann, D. (1999). Computer Security. John Wiley & Sons.
6. Gula, R. (1999). Broadening the scope of penetration-testing techniques - The Top 14 Things Your Ethical Hackers-for-Hire Didn't Test., http://www.enterasys.com/products/whitepapers/security/9012542.pdf
7. Hunstad, A. & Hallberg, J. (2002). Design for securability - Applying engineering principles to the design of security architectures. ACSA workshop on the application of engineering principles to system security design. Boston, Nov. 6-8, 2002. Linköping, FOI 2002, 8 p. (FOI-S-0721-SE)
8. Jelen, G. F. & Williams, J. R. (1998). A practical approach to measuring assurance. 14th Annual Computer Security Applications Conference, December 7-11, 1998 Phoenix, Arizona
9. Kruger, R. & Eloff, J. (1997). A Common Criteria framework for the evaluation of Information Technology systems security. IFIP TC11 13 international conference on Information Security (SEC '97). Copenhagen, Denmark. Chapman & Hall.
10. NIAP, National Information Assurance Partnership (2001), Validation Report Smart Card Protection Profile (SCPP), Version 3.0, CCEVS-VR-01-0007, October 2001.
11. Olthoff, K. (2000). Thoughts and Questions on Common Criteria Evaluations. 23rd National Information Systems Security Conference.
12. Object Management Group (2001). OMG - Unified Modeling Language, v1.4. September 2001.
13. Schudel, G. & Wood, B. (2000). Adversary Work Factor as a Metric for Information Assurance. Proceedings of the New Security Paradigms Workshop. Cork, Ireland, Sep. 18-22, 2000.
14. Schneier, B. (2000). Secrets & Lies - Digital Security in a Networked World. John Wiley & Sons.
15. Shapiro, J. S. (2003), Understanding the Windows EAL4 Evaluation, IEEE Security & Privacy, February 2003, pp 103-105.
16. Smith, S.W. (2003), Humans in the Loop: Human-Computer Interaction and Security, IEEE Security & Privacy, May/June 2003, pp 75-79.
17. Sony Corporation (2002), FeliCa Contactless Smart Card RC-5560, EAL4, March 2002.
18. Wang, C. and Wulf, W. (1997). A Framework for Security Measurement. Proceedings of the National Information Systems Security Conference, Baltimore, MD, pp. 522-533, Oct. 1997.
19. Ware, W. H. (1997), New vistas on info-system security, Chapman & Hall.
20. Whitmore, J.J. (2001). A method for designing secure solutions. IBM Systems Journal, Armonk 2001, Vol. 40, Issue 3.