Abstract
Evaluation has been the traditional means of providing assurance and is the basis for prior evaluation criteria documents such as ITSEC. The Common Criteria (CC) defines a Protection Profile (PP) that defines the security environments and specifies the security requirements and protections of the product to be evaluated. The security environments consist of assumptions, threats, and organizational security policies, so the editor of the PP must describe the threats for the PP. In this paper, we propose a method for the description of the threats for the PP by introducing the concept of the assets protected by Target of Evaluations (TOE).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
ISO. ISO/IEC 15408-1:1999 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
ISO. ISO/IEC 15408-2:1999 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements
ISO. ISO/IEC 15408-3:1999 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements
KISA. Information Security Systems & Certification Guide, 2002
ISO. ISO/IEC 15292:2001 Information technology — Security techniques — Protection Profile registration procedures
ISO. ISO/IEC PDTR 15446 Guide for the Production of PPs and STs, Version 0.92
Russell Dean Vines. Wireless Security Essentials, 2002
Brian Carter and Russell Shumway. Wireless Security End-To-End, 2002
Randall K. Nichols and Panos C. Lekkas. Wireless Security Models, Threats, and Solutions, 2002
ISO. ISO/IEC WD 18045 Methodology for IT Security Evaluation
ISO. ISO/IEC WD 18028 Information Technology — Security techniques — IT Network Security
Science Applications International Corporation. Intrusion Detection System System Protection Profile, Version 1.4, February 4, 2002
Science Applications International Corporation. Intrusion Detection System Scanner Protection Profile, Version 1.1, December 10, 2001
Science Applications International Corporation. Intrusion Detection System Sensor Protection Profile, Version 1.1, December 10, 2001
Science Applications International Corporation. Intrusion Detection System Analyzer Protection Profile, Version 1.1, December 10, 2001
DGA. Protection Profile Firewall a exigences reduites, Version 2.2, 1999
NSA and SPARTA. U.S. Department of Defense Traffic-Filter Firewall Protection Profile For Medium Robustness Environments, Version 1.4, 2000
NSA. Mobile Code Desktop Draft, Version 1.0, 2000
NSA. Protection Profile For Multilevel Operating Systems In Environments Requiring Medium Robustness, Version 1.22, 2001
Schlumberger. Smartcard Embedded Software Protection Profile, Version 1.2, 1999
Atmel Smart Card Ics. Smartcard IC Platform Protection Profile, Version1.0, 2001
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, Th., No, Bg., Lee, D.C. (2003). Threat Description for the PP by Using the Concept of the Assets Protected by TOE. In: Sloot, P.M.A., Abramson, D., Bogdanov, A.V., Gorbachev, Y.E., Dongarra, J.J., Zomaya, A.Y. (eds) Computational Science — ICCS 2003. ICCS 2003. Lecture Notes in Computer Science, vol 2660. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44864-0_63
Download citation
DOI: https://doi.org/10.1007/3-540-44864-0_63
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40197-1
Online ISBN: 978-3-540-44864-8
eBook Packages: Springer Book Archive