Redefining security criteria for networking devices with case studies

Ying-Dar Lin; Chia Yin Lee; Hao Chuan Tsai

doi:10.1109/MSP.2013.76

Redefining security criteria for networking devices with case studies

Ying-Dar Lin, Chia Yin Lee, Hao Chuan Tsai

Department of Computer Science

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

Common Criteria, ICSA Labs, and NSS Labs-three well-known standard security criteria-emphasize document review of a product's life cycle, false negative and positive rates of malicious and benign traffic, and performance and self-protection of security functions, respectively. The authors combine test cases from these security criteria with the RealFlow stability test to form a set of lightweight total security criteria that provide a wider coverage on documentation, security functionality, performance, self-protection, and stability. Even with more coverage, the evaluation period is much shorter than Common Criteria and comparable to ICSA and NSS. A pilot run on firewalls and intrusion detection and prevention systems found parts of the criteria where most products tend to fail. Test results show that the new criteria effectively expose product defects.

Original language	English
Article number	6756777
Pages (from-to)	43-53
Number of pages	11
Journal	IEEE Security and Privacy
Volume	12
Issue number	1
DOIs	https://doi.org/10.1109/MSP.2013.76
State	Published - 2014

Keywords

Common Criteria
ICSA
NSS
security criteria
self-protection
stability
stress

Access to Document

10.1109/MSP.2013.76

Cite this

@article{e5c8204d6bd0486aa268c5839e01fcbf,

title = "Redefining security criteria for networking devices with case studies",

abstract = "Common Criteria, ICSA Labs, and NSS Labs-three well-known standard security criteria-emphasize document review of a product's life cycle, false negative and positive rates of malicious and benign traffic, and performance and self-protection of security functions, respectively. The authors combine test cases from these security criteria with the RealFlow stability test to form a set of lightweight total security criteria that provide a wider coverage on documentation, security functionality, performance, self-protection, and stability. Even with more coverage, the evaluation period is much shorter than Common Criteria and comparable to ICSA and NSS. A pilot run on firewalls and intrusion detection and prevention systems found parts of the criteria where most products tend to fail. Test results show that the new criteria effectively expose product defects.",

keywords = "Common Criteria, ICSA, NSS, security criteria, self-protection, stability, stress",

author = "Ying-Dar Lin and Lee, {Chia Yin} and Tsai, {Hao Chuan}",

year = "2014",

doi = "10.1109/MSP.2013.76",

language = "English",

volume = "12",

pages = "43--53",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "1",

}

TY - JOUR

T1 - Redefining security criteria for networking devices with case studies

AU - Lin, Ying-Dar

AU - Lee, Chia Yin

AU - Tsai, Hao Chuan

PY - 2014

Y1 - 2014

N2 - Common Criteria, ICSA Labs, and NSS Labs-three well-known standard security criteria-emphasize document review of a product's life cycle, false negative and positive rates of malicious and benign traffic, and performance and self-protection of security functions, respectively. The authors combine test cases from these security criteria with the RealFlow stability test to form a set of lightweight total security criteria that provide a wider coverage on documentation, security functionality, performance, self-protection, and stability. Even with more coverage, the evaluation period is much shorter than Common Criteria and comparable to ICSA and NSS. A pilot run on firewalls and intrusion detection and prevention systems found parts of the criteria where most products tend to fail. Test results show that the new criteria effectively expose product defects.

AB - Common Criteria, ICSA Labs, and NSS Labs-three well-known standard security criteria-emphasize document review of a product's life cycle, false negative and positive rates of malicious and benign traffic, and performance and self-protection of security functions, respectively. The authors combine test cases from these security criteria with the RealFlow stability test to form a set of lightweight total security criteria that provide a wider coverage on documentation, security functionality, performance, self-protection, and stability. Even with more coverage, the evaluation period is much shorter than Common Criteria and comparable to ICSA and NSS. A pilot run on firewalls and intrusion detection and prevention systems found parts of the criteria where most products tend to fail. Test results show that the new criteria effectively expose product defects.

KW - Common Criteria

KW - ICSA

KW - NSS

KW - security criteria

KW - self-protection

KW - stability

KW - stress

UR - http://www.scopus.com/inward/record.url?scp=84898417116&partnerID=8YFLogxK

U2 - 10.1109/MSP.2013.76

DO - 10.1109/MSP.2013.76

M3 - Article

AN - SCOPUS:84898417116

SN - 1540-7993

VL - 12

SP - 43

EP - 53

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 1

M1 - 6756777

ER -

Redefining security criteria for networking devices with case studies

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this