Modeling security requirements of target of evaluation and vulnerabilities in UML

Nedanstående innehåll är skapat av Mimers Brunns besökare. Kommentera arbete

The Common Criteria (CC) provides Protection Profile (PP) for any organization or user to express their security requirements without considering implementation. PP is a template for specifying security features for different products. However, the problems arise when user or organization develops the security requirement for Target of Evaluation (TOE) because Common Criteria (CC) expresses the security requirements in text. It is difficult for the PP developer to provide security measures without understanding the behavior of threats and threat agents. Therefore, there is a need to develop tools or methods for describing security requirements of the TOE graphically. The object of the thesis is to provide graphic description for the TOE security requirements. The corresponding research questions are to model Security Requirements of TOE focusing on assumptions and threats and vulnerabilities that are foundations of attacks. In order to fulfill the object, the Unified Modeling Language (UML) is chosen as the research tool to capture the behavior of different threats in the operational environment. Application Firewall is used as a case study to show the connection among the assumptions of the TOE and how threat agents...