Change search
ReferencesLink to record
Permanent link

Direct link
Modeling security requirements of target of evaluation and vulnerabilities in UML
2006 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

The Common Criteria (CC) provides Protection Profile (PP) for any organization or user to express their security requirements without considering implementation. PP is a template for specifying security features for different products. However, the problems arise when user or organization develops the security requirement for Target of Evaluation (TOE) because Common Criteria (CC) expresses the security requirements in text. It is difficult for the PP developer to provide security measures without understanding the behavior of threats and threat agents. Therefore, there is a need to develop tools or methods for describing security requirements of the TOE graphically. The object of the thesis is to provide graphic description for the TOE security requirements. The corresponding research questions are to model Security Requirements of TOE focusing on assumptions and threats and vulnerabilities that are foundations of attacks. In order to fulfill the object, the Unified Modeling Language (UML) is chosen as the research tool to capture the behavior of different threats in the operational environment. Application Firewall is used as a case study to show the connection among the assumptions of the TOE and how threat agents explore different vulnerabilities and access different assets. It is expected that the research results will help any user to develope PP.

Place, publisher, year, edition, pages
Keyword [en]
Technology, Common Criteria, Protection Profile, Application Level, Firewall, Security Requirement Engineering
Keyword [sv]
URN: urn:nbn:se:ltu:diva-54747ISRN: LTU-PB-EX--06/31--SELocal ID: bacbd5d5-9493-4873-bd1e-e013e4849081OAI: diva2:1028129
Subject / course
Student thesis, at least 15 credits
Educational program
Computer and Information Systems Science, master's level
Validerat; 20101217 (root)Available from: 2016-10-04 Created: 2016-10-04Bibliographically approved

Open Access in DiVA

fulltext(460 kB)0 downloads
File information
File name FULLTEXT01.pdfFile size 460 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

ReferencesLink to record
Permanent link

Direct link