Developer-focused assurance requirements [Evaluation Assurance Level and Common Criteria for IT system evaluation]

In 1999, the International Organization for Standardization and the International Electrotechnical Commission jointly published the Common Criteria for Information Technology Security revaluation to provide IT security evaluation guidelines that extend to an international community. The assurance requirements, including prepackaged sets of Evaluation Assurance Levels (EALs) in the Common Criteria (CC), represent the paradigm that assurance equals evaluation, and more evaluation leads to more assurance. This paradigm is at odds with the commercial off-the-shelf (COTS) marketplace, neither reflecting how confidence is typically achieved nor providing a cost-effective means for supplying grounds for confidence in the security capabilities of the information technology being evaluated.     

基于SSE—CMM的可信度及其度量初探

可信度是SSE—CMM的一个重要组成部分,它是指安全需求得到满足的信任程度．它是安全工程中非常重要的概念。对于一个工程或是一个系统．如何判断它的安全需求是否已经满足,如何度量它的可信度,是非常复杂的。可信度就是风险度量的精确程度。风险度量的精确度越高,系统的安全可信度也就越大。通过探讨可信度与风险之间的关系,来寻求度量可信度的方法。     

System security assurance: A systematic literature review

System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber–physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.     

基于GQM模型的工业控制系统风险评估方法

风险评估是保证工业控制系统安全的重要机制，当前，信息安全和功能安全的耦合越来越紧密，考虑到不同组织的业务目标和运营环境多样化程度高，工控系统信息安全风险评估应紧密结合业务目标。基于目标-问题-度量（GQM）模型，从目标确定、问题描述、度量指标定义工控系统风险评估流程，以工控系统所承载的业务目标为指引，基于风险场景模型提出问题，围绕提出的问题收集信息，根据收集的信息和数据对度量指标进行关联分析和评价。最后，以PLC风险评估为实例，具体说明和验证了基于GQM模型的工业控制系统风险评估方法的有效性。     

The enigma of evaluation: benefits,costs and risks of IT in Australian small–medium-sized enterprises

The evaluation of information technology (IT) is fraught with misconception and there is a lack of understanding of appropriate IT evaluation methods and techniques. The benefits, costs and risks of IT need to be identified, managed, and controlled if businesses are to derive value from their investments. This paper presents findings from an exploratory study that used a questionnaire survey to determine the benefits, costs and risks of IT investments from 130 small-to-medium-sized enterprises (SMEs) in Australia. The analysis revealed that organizations from different industry sectors significantly differ in the amount they invest in IT but that firm size (in terms of turnover and number of employees) does not influence IT investment levels. Second, strategic benefits vary across different industry sectors. Third, the way employees adapt to change as a result of IT implementation depends on the size of the organization. Based upon the findings, a series of benchmark metrics for benefits, costs, and risks of IT are presented. It is posited that these can serve as a reference point for initiating a quality evaluation cycle in which benchmarking forms an integral component of the strategic process.     

Theorizing the concept and role of assurance in information systems security

Assurance has different meanings, depending on the source, audience, and interpretation. We applied institutional theory and the Capability Maturity Model to conceptualize assurance: its symbolic aspects to gain social acceptance, and its substantive aspects to improve organizational capability and effectiveness in performing IS security risk management (SRM). An empirical study examined assurance-seeking behavior and outcomes for regulatory compliance. Some degree of process maturity in SRM was found necessary for producing convincing verbal accounts and compliance evidence. Findings suggest that unless an organization's assurance claims are based on achieving Level 4 maturity, assurance will be based more on symbolism than effectiveness.     

基于熵权法的密码模块安全保障能力评估

针对密码模块这类信息安全产品指标值不固定、指标系统难以建立、安全保障能力难以定量评估的问题,提出了一种定量描述密码模块安全保障能力的可行方法。方法运用区间数描述密码模块的安全属性,采用熵权法结合主观赋权法确定每个安全属性的权重值,运用区间型多属性决策方法进行综合评价,最后运用所提方法对两种商用密码模块进行了实例分析,计算结果表明所提方法可行。     

Appraisal and reporting of security assurance at operational systems level

In this paper we discuss the issues relating the evaluation and reporting of security assurance of runtime systems. We first highlight the shortcomings of current initiatives in analyzing, evaluating and reporting security assurance information. Then, the paper proposes a set of metrics to help capture and foster a better understanding of the security posture of a system. Our security assurance metric and its reporting depend on whether or not the user of the system has a security background. The evaluation of such metrics is described through the use of theoretical criteria, a tool implementation and an application to a case study based on an insurance company network.     

A tool environment for quality assurance based on the Eclipse Modeling Framework

The paradigm of model-based software development has become more and more popular since it promises an increase in the efficiency and quality of software development. Following this paradigm, models become primary artifacts in the software development process. Therefore, software quality and quality assurance frequently leads back to the quality and quality assurance of the involved models. In our approach, we propose a model quality assurance process that can be adapted to project-specific and domain-specific needs. This process is based on static model analysis using model metrics and model smells. Based on the outcome of the model analysis, appropriate model refactoring steps can be performed. In this paper, we present a tool environment conveniently supporting the proposed model quality assurance process. In particular, the presented tools support metrics reporting, smell detection, and refactoring for models being based on the Eclipse Modeling Framework, a widely used open source technology in model-based software development.     

从软件质量控制到软件质量保证

本文阐述了在嵌入式系统和在其他执行关键任务的软件中由传统的软件质量控制技术到前涉的质量保证方案的转化：软件在每一个产品和每一个组织中所发挥的作用日益重要。近年来,执行关键任务的应用系统的数量以指数速度增长。这些系统要么失败后损失巨大（空中交换管制系统和其他生命支持产品）。要么纠正费用高（便携式电话和其他用户产品）。为嵌入式系统设计的软件在更多的时候属于“执行关键任务”的范畴,而对嵌入式系统的需求也在继续升温,因此对前涉的质量保证的需求要高于以往任何时候。本文把质量控制到质量保证的转化分为两个阶段：1质量评估（第一阶段）：在开发周期的早期,即在软件到达用户之前,甚至在测试之前识别和排除软件故障,同时提供客观定量的质量评估。2质量保证（第二阶段）：在作更改的时候,通过精确的影响分析,采用强制执行编码标准和防止新错误出现的方法来防止错误进入代码基数。     

内禀安全：网络安全能力体系化构建方法

目前主流的网络安全防护体系是外嵌的,安全体系与业务体系分离,安全产品相互孤立,在防护能力上难以高效应对越来越复杂的网络安全挑战。网络安全从外向内进行强基,势在必行。将网络安全的业务场景归纳为组织、厂商、监管和威胁四方视角,各视角具有不同的业务目标。从四方视角的共性和个性出发,系统性归纳网络安全生态的能力需求,提出内禀安全方法论。内禀安全能力是指ICT组件原生支撑监测、防护和溯源等安全功能的能力。内禀安全能力对网络安全具有基础支撑作用,本身不是最终的安全功能实现,与现有的“内生安全”“内设安全”等方法论所针对的问题不同。内禀安全强调网络组件内在的安全赋能禀赋,有两种方式可以发掘这种禀赋,一是通过先天安全能力激活,二是外嵌能力内化,对外在逻辑上表现出自体免疫。此类组件的优势之一在于业务与安全的内聚,能够透明化感知安全态势、定制化配置安全策略、贴身化执行安全保护;优势之二在于将业务功能与安全功能进行合并封装,简化整体工程架构,降低网络管理复杂度。进一步提出了内禀安全支撑能力框架,对符合内禀安全理念的安全能力进行归纳和枚举,将安全支撑能力分为采集、认知、执行、协同和弹复5类,并进一步介绍各类能力的子类型和基础ICT技术。基于该框架,介绍了典型安全业务场景在内禀安全理念下的增强实现。     

基于CMMI的过程和产品质量保证模型

为探索有效地实施基于CMMI的过程和产品质量保证方法，文章比较了基于CMM和CMMI的质量保证过程的差异、质量保证与验证及确认之间的关系，结合ISO9001质量体系，提出了一个过程和产品质量保证的实施框架和过程模型，并以过程评价为例，说明了开展质量保证活动的方法。     

A technique for expressing IT security objectives

At the specification phase, the developer of an IT security product identifies and documents applicable security objectives. Specifications are often intuitive and hard to assess and while being syntactically correct may still fail to appropriately capture the security problem addressed. A technique is proposed for expressing Common Criteria compliant security environments and security objectives for high assurance IT security products. The technique is validated by an analysis of the security specification for a device computing digital signatures within the European Union PKI framework. Modifications to the specification are proposed and the possibility of extending the CC treatment of security objectives is discussed.     

Efficiency of CAMEtools in software quality assurance

Our paper describes the requirements and possibilities of integration of metrics tools in the field of software quality assurance. Tools for the support of the measurement process are herein classified as Computer Assisted Software Measurement and Evaulation Tools (CAMETools). Software measurement regarded as a special type of metrics application provides a great amount of basic information for the evaluation of the software development process or the software product itself. Our paper examines the effectiveness and destination of software measurement in tool-based software development and is based on an analysis of more than 20 CAME tools in the Software Measurement Laboratory at the University of Magdeburg. CAMEtools are useable for the process, product, and resources evaluation in all phases of the software life cycle (including the problem definition) for different development paradigms. The efficiency of CAME tools is described on the basis of a general measurement framework. This framework includes all steps in the software measurement and evaulation process: metrics definition, selection of the evaluation criteria, tool-based modelling and measurement, value presentation and statistical analysis. The framework includes the main aspects of the process evaluation techniques (Capability Maturity Model, ISO 9000-3 etc.) and product evaluation (ISO 9126, etc.). It is not a disjointed set of aspects: our measurement framework represents an incremental technique for the application of quantification of quality aspects in a required quality assurance     

国产航天元器件自主可控应用验证方法研究

我国正处于从航天大国成为航天强国的重要阶段,航天元器件自主可控关系到国家制造能力的提升,但由于我国国产元器件发展起步晚、技术差、可靠性不高,因此亟需建立一套较完整的元器件应用验证方法进而加速国产化替代工作。在此通过对元器件生产过程要素评价、功能性能验证、质量可靠性验证、应用适应性验证等多维度综合评估,建成面向产品维度、过程维度、体系维度的系统协调、融合开放的质量能力体系。采用该应用验证体系对国产ADC类器件HWD976进行测试,测试结果SNR为74.3213dB,SINAD为73.6524dB,SFDR为79dB,满足设计之初需求。该方法为支撑后续国产化替代产品的质量保障和应用可靠性评价提供了理论依据,加速推动我国航天装备自主可控目标的实现。     

Perceived information security of internal users in Indian IT services industry

Information security governance dominates the senior management’s agenda in overall organizational informance technology (IT) governance. The globalization trends encompassing all businesses, and risks of information leakage forces organizations to institute mechanisms to protect it. In order to achieve adequate level of protection, organizations implement information security management systems (ISMS). The effectiveness of ISMS depends on the implementation strength of security controls. Several studies have detailed out the qualitative nature of information security measurements and quantitative studies have always remained a challenge. This empirical study focuses on the information security perceptions of internal users of the organization on the security controls, customer influence and the support provided by the top management. The perception of internal users referred as perceived information security is measured based on the degree of confidence expressed by the internal users towards the security objectives namely, confidentiality, integrity, availability, accountability and reliability. In an attempt to align the interest of researchers and practitioners, the study surveys major developments in the field of ISMS and proposes a construct for a holistic comprehension of ‘Perceived Information Security’. The survey based research methodology focuses on the perceptions of the internal users such as Security program Implementers, Business Users and Senior Management. The findings of the study in the context of Indian IT services industry have been presented. The contributions of the research paper include providing insights into perceived information security of internal users of the organization, an empirical approach for studying perceived information security and a holistic framework for information security in Indian IT organizations.     

Revisiting the role of web assurance seals in business-to-consumer electronic commerce

There is conflicting evidence as to the current level of awareness and impact of Web Assurance Seal Services (WASSs). This study examines the effects of an educational intervention designed to increase consumer's knowledge, of security and privacy aspect of business-to-consumer (B2C) e-commerce websites and assurance seal services. The study further explores the relationships among consumers' perceptions about online security, including WASSs awareness, importance of WASS, privacy concerns, security concerns, and information quality, before and after the educational intervention. The study finds that educating consumers about the security and privacy dangers of the web, as well as the role of web assurance seals, does increase their awareness and perceived importance of the seals. However, despite this increased awareness, there is little association between these assurance seals and the two indicators of trustworthiness, concerns about privacy and perceived information quality, of an e-commerce site, even after the intervention. Only security concerns have a statistically significant relationship with WASSs awareness before and after the educational intervention. Implications for theory and practice are discussed.     

浅谈信息化迅速发展环境下的信息安全保障

在目前信息化迅速发展的社会环境下,在信息安全提升到我国国家安全战略之际,信息安全保障一一作为信息化中非常重要的部分正逐渐被人们所熟知。本文基于作者对信息安全保障的学习研究成果从信息安全现状、信息安全保障定义、要求以及对信息安全保障的理解等方面进行了阐述。     

网络保护质量研究

随着人们的网络安全意识不断增强,迫切需要一套可度量、可量化的指标来评价系统安全保护的质量.作为网络安全领域的一个新概念,网络保护质量(Quality of Protection,QoP)能为不同的用户和业务提供不同等级的安全保证,满足日益复杂网络环境下的安全需求,在国内外受到广泛关注.文章综述了不同应用背景下QoP的含义,提出了QoP的定义及其评价指标,分析了目前QoP的体系结构、评价模型及实现机制,并对今后的研究方向进行了展望.     

Components of a multi-perspective modeling method for designing and managing IT security systems

Information technology (IT) security design and management are a major concern and substantial challenge for IT management. Today’s highly complex business and technological environments and the need to effectively communicate and justify IT security requirements and controls demand methodical support. The modeling method presented in this paper addresses this demand. The method is based on the assumption that enriched enterprise models integrating technological, business, organizational and strategic aspects provide an effective foundation for developing and managing IT security systems and facilitating communication and understanding between stakeholders. The proposed modeling method for designing and managing IT security in organizations accounts for different perspectives and is based on multi-perspective enterprise modeling. The core components of the method, based on analysis of requirements at different levels of abstraction, are: modeling language concepts specifically designed to address security issues, process models that guide the use of the resulting language, and a modeling environment. The method facilitates elaborate representations of the various aspects of IT security at different levels of abstraction and covers the entire lifecycle of IT security systems. It not only supports multi-perspective requirement analysis and design but also enables monitoring and analysis of IT security at runtime. The presented artifact is evaluated with recourse to a research method that enables the configuration of multi-criteria justification procedures.