• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Management in the big data amp; loT Era. >A threat model for security specification in security evaluation by ISO/IEC 19791
【24h】

A threat model for security specification in security evaluation by ISO/IEC 19791

机译:ISO / IEC 19791中的安全评估中的安全规范威胁模型

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

ISO/IEC TR 19791 is an international standard that must be used as the basis for the security evaluation of operational systems. This standard has been recently developed, and the first version was made available in May 2006. ISO/IEC TR 19791 is intended to be an extension of ISO/IEC 15408, known as “Common Criteria” (CC). In order to evaluate an IT product or system using CC or ISO/IEC TR 19791, developers must create a Security Target (ST), or a System Security Target (SST). However, a problem encountered in creating these is the determination of the Security Problem Definitions (SPDs), because the SPDs fall outside of the scope of CC. Neither ISO/IEC 15408 nor ISO/IEC TR 19791 provides a framework for risk analysis or the specification of threats. In this paper, we propose a threat model based on multiple international standards and evaluated ST information, and describe a Web application that can be used for security specifications in the production of STs and SSTs which are to be evaluated by CC and ISO/IEC TR 19791, respectively.
机译:ISO / IEC TR 19791是国际标准,必须用作操作系统安全评估的基础。该标准是最近开发的,并且第一个版本已于2006年5月提供。ISO / IEC TR 19791旨在作为ISO / IEC 15408的扩展,被称为“通用标准”(CC)。为了使用CC或ISO / IEC TR 19791评估IT产品或系统,开发人员必须创建安全目标(ST)或系统安全目标(SST)。但是,创建这些漏洞时遇到的问题是安全问题定义(SPD)的确定,因为SPD不在CC的范围之内。 ISO / IEC 15408和ISO / IEC TR 19791均未提供用于风险分析或威胁说明的框架。在本文中,我们提出了一种基于多种国际标准和经过评估的ST信息的威胁模型,并描述了可用于生产CC和ISO / IEC TR评估的ST和SST的安全规范的Web应用程序分别为19791年。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号