Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Modeling security requirements of target of evaluation and vulnerabilities in UML
2006 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

The Common Criteria (CC) provides Protection Profile (PP) for any organization or user to express their security requirements without considering implementation. PP is a template for specifying security features for different products. However, the problems arise when user or organization develops the security requirement for Target of Evaluation (TOE) because Common Criteria (CC) expresses the security requirements in text. It is difficult for the PP developer to provide security measures without understanding the behavior of threats and threat agents. Therefore, there is a need to develop tools or methods for describing security requirements of the TOE graphically. The object of the thesis is to provide graphic description for the TOE security requirements. The corresponding research questions are to model Security Requirements of TOE focusing on assumptions and threats and vulnerabilities that are foundations of attacks. In order to fulfill the object, the Unified Modeling Language (UML) is chosen as the research tool to capture the behavior of different threats in the operational environment. Application Firewall is used as a case study to show the connection among the assumptions of the TOE and how threat agents explore different vulnerabilities and access different assets. It is expected that the research results will help any user to develope PP.

Place, publisher, year, edition, pages
2006.
Keyword [en]
Technology, Common Criteria, Protection Profile, Application Level, Firewall, Security Requirement Engineering
Keyword [sv]
Teknik
Identifiers
URN: urn:nbn:se:ltu:diva-54747ISRN: LTU-PB-EX--06/31--SELocal ID: bacbd5d5-9493-4873-bd1e-e013e4849081OAI: oai:DiVA.org:ltu-54747DiVA, id: diva2:1028129
Subject / course
Student thesis, at least 15 credits
Educational program
Computer and Information Systems Science, master's level
Examiners
Note
Validerat; 20101217 (root)Available from: 2016-10-04 Created: 2016-10-04Bibliographically approved

Open Access in DiVA

fulltext(460 kB)21 downloads
File information
File name FULLTEXT01.pdfFile size 460 kBChecksum SHA-512
41942f687a7934022b6c2cbb2992c53432b0f0c30e235f1a39926f7f530cccf54fe3b86b6766da6065a7068798dd6f2937b8e4d56dc988e930b6e78a819c56cc
Type fulltextMimetype application/pdf

Search outside of DiVA

GoogleGoogle Scholar
Total: 21 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 18 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf