Naval Postgraduate School
Dudley Knox Library
NPS Dudley Knox Library
View Item 
  •   Calhoun Home
  • Faculty and Researchers
  • Faculty and Researchers' Publications
  • View Item
  •   Calhoun Home
  • Faculty and Researchers
  • Faculty and Researchers' Publications
  • View Item
  • How to search in Calhoun
  • My Accounts
  • Ask a Librarian
JavaScript is disabled for your browser. Some features of this site may not work without it.

Browse

All of CalhounCollectionsThis Collection

My Account

LoginRegister

Statistics

Most Popular ItemsStatistics by CountryMost Popular Authors

Use of Evaluation Criteria in Security Education

Thumbnail
Download
Icon08paper_eval_criteria.pdf (67.55Kb)
Download Record
Download to EndNote/RefMan (RIS)
Download to BibTex
Author
Nguyen, Thuy D.
Irvine, Cynthia E.
Date
2008-04-01
Metadata
Show full item record
Abstract
Success in information warfare will depend on resilient, reconstitutable cyber assets and the ability to assess and respond to attacks. A cornerstone of this success will be the ability of Information Assurance professionals to develop sound security requirements and determine the suitability of evaluated security products for mission-specific systems. Recognizing the pedagogical value of applying security evaluation criteria such as the Common Criteria (CC) to information security education, we recently introduced a graduate-level Computer Science course focusing on methodical security requirements engineering based on the CC. This course aims to provide students with an understanding of how security evaluation criteria can be used to specify system security objectives, derive security requirements from security objectives, establish life cycle and development processes, and provide an organizational framework for research and development. Although imperfect, the paradigmatic process of the CC provides a usable framework for in-depth study of various tasks relating to system requirements derivation and verification activities: system requirements elicitation, threat analysis, security objectives definition and security requirements expression. In-class discussions address fundamental security design principles and disciplines for information and software assurance (e.g., formal methods and life cycle management) as applied to security requirements derivation. Coverage of advanced CC topics includes high assurance evaluation, international and U.S. scheme interpretation processes, guidance for Protection Profile development, CC evaluation methodology, and composite evaluation. This paper describes the scope and design of a pilot course offering. Laboratory projects focus on the differences between security functional and assurance requirements, mock evaluation of a draft Protection Profile, examination of the interpretation process in the U.S. scheme, and development of a preliminary sketch of a Composed Assurance Package for a hypothetical composed target system that is suitable for use in operational environments requiring medium robustness. Lessons learned and planned refinements of course material and focus are also discussed.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
URI
http://hdl.handle.net/10945/7157
Collections
  • Center for Cybersecurity and Cyber Operations (C3O) Papers
  • Faculty and Researchers' Publications

Related items

Showing items related by title, author, creator and subject.

  • Thumbnail

    Configuration management evaluation guidance for high robustness systems 

    Gross, Michael E. (Monterey, California. Naval Postgraduate School, 2004-03);
    Configuration Management (CM) plays a vital role in the development of trusted computing systems. The Common Criteria (CC) provides a framework for performing Information Technology (IT) security evaluations of these systems ...
  • Thumbnail

    A Case Study in Security Requirements Engineering for a High Assurance System 

    Irvine, Cynthia E.; Levin, Timothy; Wilson, Jeffery D.; Shifflett, David; Pereira, Bereira (2001);
    Requirements specifications for high assurance secure systems are rare in the open literature. This paper presents a case study in the development of a requirements document for a multilevel secure system that must meet ...
  • Thumbnail

    An Approach to Security Requirements Engineering for a High Assurance System 

    Irvine, Cynthia E.; Levin, Timothy E.; Wilson, J. D.; Shifflett, D.; Pereira, B. (Requirements Engineering Journal, 2002-07-02);
    Requirements specifications for high assurance secure systems are rare in the open literature. This paper examines the development of a requirements document for a multilevel secure system that must meet stringent assurance ...
NPS Dudley Knox LibraryDUDLEY KNOX LIBRARY
Feedback

411 Dyer Rd. Bldg. 339
Monterey, CA 93943
circdesk@nps.edu
(831) 656-2947
DSN 756-2947

    Federal Depository Library      


Start Your Research

Research Guides
Academic Writing
Ask a Librarian
Copyright at NPS
Graduate Writing Center
How to Cite
Library Liaisons
Research Tools
Thesis Processing Office

Find & Download

Databases List
Articles, Books & More
NPS Theses
NPS Faculty Publications: Calhoun
Journal Titles
Course Reserves

Use the Library

My Accounts
Request Article or Book
Borrow, Renew, Return
Tech Help
Remote Access
Workshops & Tours

For Faculty & Researchers
For International Students
For Alumni

Print, Copy, Scan, Fax
Rooms & Study Spaces
Floor Map
Computers & Software
Adapters, Lockers & More

Collections

NPS Archive: Calhoun
Restricted Resources
Special Collections & Archives
Federal Depository
Homeland Security Digital Library

About

Hours
Library Staff
About Us
Special Exhibits
Policies
Our Affiliates
Visit Us

NPS-Licensed Resources—Terms & Conditions
Copyright Notice

Naval Postgraduate School

Naval Postgraduate School
1 University Circle, Monterey, CA 93943
Driving Directions | Campus Map

This is an official U.S. Navy Website |  Please read our Privacy Policy Notice  |  FOIA |  Section 508 |  No FEAR Act |  Whistleblower Protection |  Copyright and Accessibility |  Contact Webmaster

Export search results

The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

A logged-in user can export up to 15000 items. If you're not logged in, you can export no more than 500 items.

To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.