Tools for information security assurance arguments

J. S. Park, B. Montrose, J. N. Froscher

Research output: Chapter in Book/Entry/PoemConference contribution

6 Scopus citations

Abstract

To design a system that can be trusted or assess security properties in a system, the related assurance arguments need to be developed and described effectively in an understandable way. To meet this pressing need, we have developed a prototype tool, VNRM (Visual Network Rating Methodology), to help users develop a map to assurance arguments and document it with related descriptions in a common environment. This map depicts the claim trees for the assurance arguments related to the enterprise security objective. VNRM supports ECM (Enterprise Certification Methodology) for deriving and organizing the related assurance arguments effectively and uses CAML (Composite Assurance Mapping Language) for describing the assurance arguments in the map. After the successful development of VNRM, we have started to develop a more robust tool, SANE (Security Assurance Navigation and Environment), providing more features, reusability of assurance arguments, and access control to CAML maps.

Original languageEnglish (US)
Title of host publicationProceedings - DARPA Information Survivability Conference and Exposition II, DISCEX 2001
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages287-296
Number of pages10
ISBN (Electronic)0769512127, 9780769512129
DOIs
StatePublished - 2001
Externally publishedYes
EventDARPA Information Survivability Conference and Exposition II, DISCEX 2001 - Anaheim, United States
Duration: Jun 12 2001Jun 14 2001

Publication series

NameProceedings - DARPA Information Survivability Conference and Exposition II, DISCEX 2001
Volume1

Other

OtherDARPA Information Survivability Conference and Exposition II, DISCEX 2001
Country/TerritoryUnited States
CityAnaheim
Period6/12/016/14/01

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'Tools for information security assurance arguments'. Together they form a unique fingerprint.

Cite this