摘要
Common Criteria, ICSA Labs, and NSS Labs-three well-known standard security criteria-emphasize document review of a product's life cycle, false negative and positive rates of malicious and benign traffic, and performance and self-protection of security functions, respectively. The authors combine test cases from these security criteria with the RealFlow stability test to form a set of lightweight total security criteria that provide a wider coverage on documentation, security functionality, performance, self-protection, and stability. Even with more coverage, the evaluation period is much shorter than Common Criteria and comparable to ICSA and NSS. A pilot run on firewalls and intrusion detection and prevention systems found parts of the criteria where most products tend to fail. Test results show that the new criteria effectively expose product defects.
| 原文 | English |
|---|---|
| 文章編號 | 6756777 |
| 頁(從 - 到) | 43-53 |
| 頁數 | 11 |
| 期刊 | IEEE Security and Privacy |
| 卷 | 12 |
| 發行號 | 1 |
| DOIs | |
| 出版狀態 | Published - 2014 |