• Title/Summary/Keyword: threats statement

Search Result 3, Processing Time 0.022 seconds

A Threats Statement Generation Method for Security Environment of Protection Profile (PP의 보안환경을 위한 위협문장 생성방법)

  • 고정호;이강수
    • The Journal of Society for e-Business Studies
    • /
    • v.8 no.3
    • /
    • pp.69-86
    • /
    • 2003
  • A Protection Profile(PP) is a common security and assurance requirements for a specific class of Information Technology security products such as firewall and smart card. A PP should be included "TOE(Target of Evaluation) Security Environment", which is consisted of subsections: assumptions, treat, organizational security policies. This paper presents a new threats statement generation method for developing TOE security environment section of PP. Our survey guides the statement of threats in CC(Common Criteria) scheme through collected and analysed hundred of threat statements from certified and published real PPs and CC Tool Box/PKB that is included a class of pre-defined threat and attack statements. From the result of the survey, we present a new asset classification method and propose a threats statement generation model. The former is a new asset classification method, and the later is a production rule for a well formed statement of threats.

  • PDF

Attribute-Based Threats Statement Generation Model (속성기반 위협문장 생성 모델)

  • 최승;최상수;이강수
    • Proceedings of the Korea Multimedia Society Conference
    • /
    • 2004.05a
    • /
    • pp.74-77
    • /
    • 2004
  • PP/ST의 보안환경 개발은 정보보호제품에 대하여 이력서라고 할 수 있다. 이에 기존의 위협문장 생성모델을 개선하여 속성기반 위협문장 생성모델을 제시한다. 본 모델은 PKB의 속성들을 이용하여 위협문장 생성시 각 항목(주어, 목적어, 동기, 동사, 결과)에 속성을 추가·확장하여, 문장이 컨텐츠 뿐만 아니라 특수성을 갖게 된다. 본 논문에서 제시된 모델은 PP/ST 개발시 위헙문장을 생성할 때 활용될 수 있다.

  • PDF

A Security Policy Statements Generation Method for Development of Protection Profile (PP 개발을 위한 보안정책 문장 생성방법)

  • 고정호;이강수
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.4
    • /
    • pp.13-28
    • /
    • 2003
  • The Protection Profile(PP) is a common security function and detailed statement of assurance requirements in a specific class of Information Technology security products such as firewall and smart card. The parts of TOE security environment in the PP have to be described about assumption, treat and security policy through analyzing purpose of TOE. In this paper, we present a new security policy derivation among TOE security environment parts in the PP. Our survey guides the organizational security policy statements in CC scheme through collected and analyzed hundred of real policy statements from certified and published real PPs and CC Toolbox/PKB that is included security policy statements for DoD. From the result of the survey, we present a new generic organizational policy statements list and propose a organizational security policy derivation method by using the list.