TY - GEN
T1 - Tools for information security assurance arguments
AU - Park, J. S.
AU - Montrose, B.
AU - Froscher, J. N.
N1 - Publisher Copyright:
© 2001 IEEE.
PY - 2001
Y1 - 2001
N2 - To design a system that can be trusted or assess security properties in a system, the related assurance arguments need to be developed and described effectively in an understandable way. To meet this pressing need, we have developed a prototype tool, VNRM (Visual Network Rating Methodology), to help users develop a map to assurance arguments and document it with related descriptions in a common environment. This map depicts the claim trees for the assurance arguments related to the enterprise security objective. VNRM supports ECM (Enterprise Certification Methodology) for deriving and organizing the related assurance arguments effectively and uses CAML (Composite Assurance Mapping Language) for describing the assurance arguments in the map. After the successful development of VNRM, we have started to develop a more robust tool, SANE (Security Assurance Navigation and Environment), providing more features, reusability of assurance arguments, and access control to CAML maps.
AB - To design a system that can be trusted or assess security properties in a system, the related assurance arguments need to be developed and described effectively in an understandable way. To meet this pressing need, we have developed a prototype tool, VNRM (Visual Network Rating Methodology), to help users develop a map to assurance arguments and document it with related descriptions in a common environment. This map depicts the claim trees for the assurance arguments related to the enterprise security objective. VNRM supports ECM (Enterprise Certification Methodology) for deriving and organizing the related assurance arguments effectively and uses CAML (Composite Assurance Mapping Language) for describing the assurance arguments in the map. After the successful development of VNRM, we have started to develop a more robust tool, SANE (Security Assurance Navigation and Environment), providing more features, reusability of assurance arguments, and access control to CAML maps.
UR - http://www.scopus.com/inward/record.url?scp=84964452143&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84964452143&partnerID=8YFLogxK
U2 - 10.1109/DISCEX.2001.932223
DO - 10.1109/DISCEX.2001.932223
M3 - Conference contribution
AN - SCOPUS:84964452143
T3 - Proceedings - DARPA Information Survivability Conference and Exposition II, DISCEX 2001
SP - 287
EP - 296
BT - Proceedings - DARPA Information Survivability Conference and Exposition II, DISCEX 2001
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - DARPA Information Survivability Conference and Exposition II, DISCEX 2001
Y2 - 12 June 2001 through 14 June 2001
ER -