Redefining Security Criteria for Networking Devices with Case Studies

Author

Ying-Dar Lin ; Chia-Yin Lee ; Hao-Chuan Tsai

Author_Institution

Dept. of Comput. Sci., Nat. Chiao Tung Univ., Hsinchu, Taiwan

Volume

12

Issue

1

fYear

2014

fDate

Jan.-Feb. 2014

Firstpage

43

Lastpage

53

Abstract

Common Criteria, ICSA Labs, and NSS Labs--three well-known standard security criteria--emphasize document review of a product´s life cycle, false negative and positive rates of malicious and benign traffic, and performance and self-protection of security functions, respectively. The authors combine test cases from these security criteria with the RealFlow stability test to form a set of lightweight total security criteria that provide a wider coverage on documentation, security functionality, performance, self-protection, and stability. Even with more coverage, the evaluation period is much shorter than Common Criteria and comparable to ICSA and NSS. A pilot run on firewalls and intrusion detection and prevention systems found parts of the criteria where most products tend to fail. Test results show that the new criteria effectively expose product defects.

Keywords

document handling; firewalls; standards; ICSA Labs; NSS Labs; RealFlow stability test; benign traffic; common criteria; documentation coverage; false negative rates; false positive rates; firewalls; intrusion detection systems; intrusion prevention systems; malicious traffic; networking devices; performance coverage; product defects; product life cycle; security criteria; security functionality coverage; security functions; self-protection coverage; stability coverage; Complexity theory; Computer security; Protocols; Stability criteria; Testing; Throughput; Common Criteria; ICSA; NSS; security criteria; self-protection; stability; stress;

fLanguage

English

Journal_Title

Security & Privacy, IEEE

Publisher

ieee

ISSN

1540-7993

Type

jour

DOI

10.1109/MSP.2013.76

Filename

6756777