Applying the Common Criteria in Systems Engineering
IEEE Security and Privacy
Security Assurance Aggregation for IT Infrastructures
ICSNC '07 Proceedings of the Second International Conference on Systems and Networks Communications
Does the Common Criteria Paradigm Have a Future?
IEEE Security and Privacy
Multi-agent based security assurance monitoring system for telecommunication infrastructures
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
eTVRA: a threat, vulnerability and risk assessment tool for eEurope
iTrust'06 Proceedings of the 4th international conference on Trust Management
Appraisal and reporting of security assurance at operational systems level
Journal of Systems and Software
Taxonomy of quality metrics for assessing assurance of security correctness
Software Quality Control
A stochastic model of attack process for the evaluation of security metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
In this paper, we introduce and discuss the system security assurance assessment problematic. We first define and position security assurance in the context of modern networked IT systems. We then motivate and discuss its use. Next, we define the problem of the operational security assurance evaluation. We present and compare two orthogonal approaches to such an evaluation: a spec-based approach, which is an extension of the Common Criteria to systems in operation, and a direct approach, which relies on network management. Finally, we show examples and the pros and the cons of both approaches.