Title :
Tools for information security assurance arguments
Author :
Park, Joon S. ; Montrose, Bruce ; Froscher, Judith N.
Author_Institution :
Naval Res. Lab., USA
Abstract :
To design a system that can be trusted or assess security properties in a system, the related assurance arguments need to be developed and described effectively in an understandable way. To meet this pressing need, we have developed a prototype tool, VNRM (Visual Network Rating Methodology), to help users develop a map to assurance arguments and document it with related descriptions in a common environment. This map depicts the claim trees for the assurance arguments related to the enterprise security objective. VNRM supports ECM (Enterprise Certification Methodology) for deriving and organizing the related assurance arguments effectively and uses CAML (Composite Assurance Mapping Language) for describing the assurance arguments in the map. After the successful development of VNRM, we have started to develop a more robust tool, SANE (Security Assurance Navigation and Environment), providing more features, reusability of assurance arguments, and access control to CAML maps
Keywords :
computer networks; security of data; telecommunication security; CAML; Composite Assurance Mapping Language; ECM; Enterprise Certification Methodology; SANE; Security Assurance Navigation and Environment; VNRM; Visual Network Rating Methodology; access control; claim trees; enterprise security; information security assurance arguments; prototype tool; Certification; Computer security; Distributed computing; Information security; Information systems; Information technology; Laboratories; Navigation; Pressing; Prototypes;
Conference_Titel :
DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings
Conference_Location :
Anaheim, CA
Print_ISBN :
0-7695-1212-7
DOI :
10.1109/DISCEX.2001.932223
