EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Security Service Packages: Partitioning the Security Space

Donald G. Marks and John Hale

Journal of Information Privacy and Security, 2006, vol. 2, issue 4, 30-44

Abstract: The Common Criteria has been developed, through an international effort, to represent elementary security specifications. Protection Profiles for Security Service Packages (SSPs) are being investigated as a way to bundle these security specifications into larger packages than currently provided by the Common Criteria. The basic utility of an SSP is to provide some assistance in selecting appropriate security functional requirements (SFRs) in the construction of Protection Profiles and Security Targets. As a consequence, the principal challenge in using and evaluating an SSP is to understand the subtle relationships between the SSP under consideration and any unresolved Target of Evaluation (TOE) environmental threats and assumptions. This article describes a project that produced a draft SSP for access control and used the draft SSP to help write a Security Target.A Security Target was developed for the Axalto Cryptoflextm smart card using the access control SSP. While the SSP did make this task easier, it also illustrated the problem of choosing to write an SSP aimed at a “typical” system utilization versus a “minimal” system. The Cryptoflextm is a minimal system implementing access control. As a result, there were some problems discriminating between requirements for the card and requirements for the system using the card. Our experience with SSPs indicates that some systems will have to augment the SSP’s security requirements; others (such as the smart card) will delete requirements from the SSP. The value of using a Security Service Package to write an ST is therefore to make documents easier and quicker to write, to enhance completeness, and to promote consistency across the set of SSPs.

Date: 2006
References: Add references at CitEc
Citations:

Downloads: (external link)
http://hdl.handle.net/10.1080/15536548.2006.10855802 (text/html)
Access to full text is restricted to subscribers.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:taf:uipsxx:v:2:y:2006:i:4:p:30-44

Ordering information: This journal article can be ordered from
http://www.tandfonline.com/pricing/journal/uips20

DOI: 10.1080/15536548.2006.10855802

Access Statistics for this article

Journal of Information Privacy and Security is currently edited by Chuleeporn Changchit

More articles in Journal of Information Privacy and Security from Taylor & Francis Journals
Bibliographic data for series maintained by Chris Longhurst ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-20
Handle: RePEc:taf:uipsxx:v:2:y:2006:i:4:p:30-44