A Threat Model for Security Specification in Security Evaluation by ISO/IEC 19791
スポンサーリンク
概要
- 論文の詳細を見る
ISO/IEC TR 19791 is an international standard that must be used as the basis for the security evaluation of operational systems. This standard has been recently developed, and the first version was made available in May 2006. ISO/IEC TR 19791 is intended to be an extension of ISO/IEC 15408, known as "Common Criteria" (CC). In order to evaluate an IT product or system using CC or ISO/IEC TR 19791, developers must create a Security Target (ST), or a System Security Target (SST). However, a problem encountered in creating these is the determination of the Security Problem Definitions (SPDs), because the SPDs fall outside of the scope of CC. Neither ISO/IEC 15408 nor ISO/IEC TR 19791 provides a framework for risk analysis or the specification of threats. In this paper, we propose a threat model based on multiple international standards and evaluated ST information, and describe a Web application that can be used for security specifications in the production of STs and SSTs which are to be evaluated by CC and ISO/IEC TR 19791, respectively.
著者
-
Caceres Guillermo
Graduate School Of Engineering Soka University
-
Teshigawara Yoshimi
Graduate School Of Engineering Soka University
関連論文
- BS-10-17 Study on a Threat Modeling for Security Specification in Production of Security Targets
- BS-7-30 A Proposal of Evaluation on the Effect of International Exchange Learning using Bloom's Taxonomy(BS-7. Network Planning, Control and Management)
- BS-12-22 A Proposal of a Knowledge Based System to Support Acquisition of Security International Standards(BS-12. Network Planning, Control, and Management)
- BS-10-19 Study on the information technology security policy implementation in an organization with the contrast of optimum network accessibility
- BS-3-16 A Proposal of Threat Modeling Based on International Standards(BS-3. Network Management Technologies for Next Generation Network)
- BS-10-18 Security Guideline Tool by Using Knowledge-base Information Based on International Standards(BS-10.Network Planning, Control, and Management,symposium)
- BS-3-7 A study on TCP throughput improvement in an integrated sensing and communications network(BS-3. Network Management Technologies for Next Generation Network)
- A Threat Model for Security Specification in Security Evaluation by ISO/IEC 19791
- A Threat Model for Security Specification in Security Evaluation by ISO/IEC 19791