System evaluation lifecycle: chasing windmills
Pages 57 - 61
Abstract
Research abounds in the general field of computer security, and the specific area of the system evaluation life cycle. While the importance of this work cannot be overstated, it appears to miss the larger point of creating systems that are inherently secure as a matter of course, rather than adding consideration of 'security' to a pre-existent process. Until this utopian ideal of systems with intrinsic security can be realized, current use of best practices and continued research along existing lines should continue, and further improvements sought to make "bolt-on security" as effective as possible. This paper studies what elements such a utopian system may contain, and presents three incremental improvements.
References
[1]
P. G. Neumann, "Computer system - Security evaluation," in 1978 Proceedings of the National Computer Conference, Anaheim, California, 1978.
[2]
M. F. Theofanos and S. L. Pfleeger, "Guest Editors' Introduction: Shouldn't All Security Be Usable," IEEE Security and Privacy, vol. 9, no. March/April, 2011, pp. 12--17, March/April 2011.
[3]
A. Nagarajan, V. Varadharajan and M. Hitchens, "Analysis of Property Based Attestation in Trusted Platforms," in Embedded and Ubiquitous Computing, IEEE/IFIP International Conference on, Honk Kong, China, 2010.
[4]
P. G. Neumann, L. Robinson, K. N. Levitt, R. S. Boyer and A. R. Saxena, "A Provably Secure Operating System," Stanford Research Institute, Menlo Park, California, 1975.
[5]
P. G. Neumann and R. J. Feoertag, "PSOS revisited," in Computer Security Applications Conference, 2003. Proceedings. 19th Annual, Las Vegas, Nevada, 2003.
[6]
M. Schaefer, "If A1 is the Answer, What was the Question? An Edgy Naïf's Retrospective on Promulgating the Trusted Computer Systems Evaluation Criteria," in 20th Annual Computer Security Applications Conference (ACSAC'04), Tuscon, Arizona, 2004.
[7]
K. Jeom-Goo, "The Efficiency Elevation Method of IT Security System Evaluation via Process Improvement," in Information Science and Security, 2008. ICISS. International Conference on, Seoul, 2008.
[8]
B. Ouchenne and O. Kone, "A Security Control Architecture for SOAP-Based Services," in Fourth International Conference on Emerging Security Information, Systems and Technologies, Venice, Italy, 2010.
[9]
F. Amato, V. Casola, A. Mazzeo and V. Vittorini, "The REM Framework for Security Evaluation," in Third International Conference on Availability, Reliability and Security, 2008, Barcelona, Spain, 2008.
[10]
Y.-t. Kim, G.-c. Park, T.-h. Kim and S.-h. Lee, "Security Evaluation for Information Assurance," in Computational Science and its Applications, International Conference, Kuala Lumpur, Malaysia, 2007.
[11]
K.-S. Kou, S.-Y. Hur and L. Gang-Soo, "Survey and Analysis on Security Control Schemes for Operational System Evaluation," in 2008 International Conference on Convergence and Hybrid Information Technology, Daejeon, Korea, 2008.
Index Terms
- System evaluation lifecycle: chasing windmills
Recommendations
A secure and efficient certificateless signature scheme for Internet of Things
AbstractThe Internet of Things (IoT) is a new technological innovation, which makes things intelligent and our life more convenient. To ensure secure communication between smart objects in the IoT, certificateless signature is a feasible ...
TBVPAKE: An efficient and provably secure verifier-based PAKE protocol for IoT applications
AbstractPassword-authenticated key exchange (PAKE) is an important cryptographic primitive by which two parties are allowed to authenticate each other and establish a cryptographically strong key using a low-entropy password over an insecure ...
Evaluation of Security Lifecycle for the Quantitative Analysis
ICHIT '08: Proceedings of the 2008 International Conference on Convergence and Hybrid Information TechnologyThis paper is intended to evaluate security lifecycle and efficiency in ISO/IEC 15408, Common Criteria. There are many risk items that cause the security requirement problems during software development. This paper evaluates the efficiency of security ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2012
84 pages
ISBN:9781450315388
DOI:10.1145/2390317
- Conference Chair:
- Michael E. Whitman,
- Program Chair:
- Humayun Zafar
Copyright © 2012 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- KSU - CISE: KSU Center for InfoSec Education
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 12 October 2012
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
InfoSecCD'12
Sponsor:
- KSU - CISE
InfoSecCD'12: Information Security Curriculum Development Conference
October 12 - 13, 2012
Georgia, Kennesaw
Acceptance Rates
Overall Acceptance Rate 18 of 23 submissions, 78%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 118Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 04 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in