Abstract
Evaluation has been the traditional means of providing assurance. The Common Criteria (CC) defines a Protection Profile (PP) that defines the security environments and specifies the security requirements and protections of the product to be evaluated. The security environments consist of assumptions, threats, and organizational security policies, so the editor of the PP must describe the threats for the PP. In this paper, we propose a new method for the description of the threats for the PP by introducing the concept of the assets protected by Target of Evaluations (TOE), and show some merits by applying that concept to the Network-based Intrusion Detection System (NIDS).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO. ISO/IEC 15408-1:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model
ISO. ISO/IEC 15408-2:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements
ISO. ISO/IEC 15408-3:1999 Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements
KISA. Information Security Systems & Certification Guide (2002)
ISO. ISO/IEC WD 18045 Methodology for IT Security Evaluation
Science Applications International Corporation. Intrusion Detection System System Protection Profile, Version 1.4, February 4 (2002)
DGA. Protection Profile Firewall à exigences réduites, Version 2.2 (1999)
NSA and SPARTA. U.S. Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (2000)
NSA. Virtual Private Network Boundary Gateway Protection Profile for Basic Robustness Environments, Version 0.6 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, Th., Lee, D.C. (2004). Reduction Method of Threat Phrases by Classifying Assets. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_118
Download citation
DOI: https://doi.org/10.1007/978-3-540-24707-4_118
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22054-1
Online ISBN: 978-3-540-24707-4
eBook Packages: Springer Book Archive