A Quantitative Evaluation Framework for Component Security in Distributed Information Systems / Ett kvantitativt utvärderingsramverk för komponenters säkerhet i distribuerade informationssystem

Bond, Anders, Påhlsson, Nils

January 2004

<p>The Heimdal Framework presented in this thesis is a step towards an unambiguous framework that reveals the objective strength and weaknesses of the security of components. It provides a way to combine different aspects affecting the security of components - such as category requirements, implemented security functionality and the environment in which it operates - in a modular way, making each module replaceable in the event that a more accurate module is developed. </p><p>The environment is assessed and quantified through a methodology presented as a part of the Heimdal Framework. The result of the evaluation is quantitative data, which can be presented with varying degrees of detail, reflecting the needs of the evaluator. </p><p>The framework is flexible and divides the problem space into smaller, more accomplishable subtasks with the means to focus on specific problems, aspects or system scopes. The evaluation method is focusing on technological components and is based on, but not limited to, the Security Functional Requirements (SFR) of the Common Criteria.</p>

Informationsteknik

Quantitative

Security Evaluation

Threat Assessment

Distributed Information Systems

Common Criteria

Evaluation Framework

Component Security

Informationsteknik

Information technology

Informationsteknik

A Quantitative Evaluation Framework for Component Security in Distributed Information Systems / Ett kvantitativt utvärderingsramverk för komponenters säkerhet i distribuerade informationssystem

Bond, Anders, Påhlsson, Nils

January 2004

The Heimdal Framework presented in this thesis is a step towards an unambiguous framework that reveals the objective strength and weaknesses of the security of components. It provides a way to combine different aspects affecting the security of components - such as category requirements, implemented security functionality and the environment in which it operates - in a modular way, making each module replaceable in the event that a more accurate module is developed. The environment is assessed and quantified through a methodology presented as a part of the Heimdal Framework. The result of the evaluation is quantitative data, which can be presented with varying degrees of detail, reflecting the needs of the evaluator. The framework is flexible and divides the problem space into smaller, more accomplishable subtasks with the means to focus on specific problems, aspects or system scopes. The evaluation method is focusing on technological components and is based on, but not limited to, the Security Functional Requirements (SFR) of the Common Criteria.

Informationsteknik

Quantitative

Security Evaluation

Threat Assessment

Distributed Information Systems

Common Criteria

Evaluation Framework

Component Security

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap