A probe quality metric taxonomy for assurance evaluation

摘要

Commonly, assurance is considered as "something said or done to inspire confidence". Itis clear from this definition that the fundamental part of assurance is confidence. However, the levelof confidence inspired from a statement or an action depends on the ―quality‖ of its source. Inspiredby the Systems Security Engineering Capability Maturity Model (SSE-CMM) and the CommonCriteria, we tailored five ordinal levels of quality levels for probes performing the verification ofsystem security measures; different levels of quality being possible depending on the coverage, rigor,depth and Independence of the verification. The metric taxonomy is intended to assist IT Productsmanufacturers in developing their products or systems and in identifying security requirements to besatisfied for their products or systems to be assured at some level of quality as far as assuranceevaluation is concerned. It could also benefit consumers in supporting them in selecting IT securityproducts depending on their organizational needs, while IT security evaluators may use it as referencewhen forming judgments about the quality of a security product.