Author_Institution :
Dept. of Comput. Sci., Nat. Chiao Tung Univ., Hsinchu, Taiwan
Abstract :
Common Criteria, ICSA Labs, and NSS Labs--three well-known standard security criteria--emphasize document review of a product´s life cycle, false negative and positive rates of malicious and benign traffic, and performance and self-protection of security functions, respectively. The authors combine test cases from these security criteria with the RealFlow stability test to form a set of lightweight total security criteria that provide a wider coverage on documentation, security functionality, performance, self-protection, and stability. Even with more coverage, the evaluation period is much shorter than Common Criteria and comparable to ICSA and NSS. A pilot run on firewalls and intrusion detection and prevention systems found parts of the criteria where most products tend to fail. Test results show that the new criteria effectively expose product defects.
Keywords :
document handling; firewalls; standards; ICSA Labs; NSS Labs; RealFlow stability test; benign traffic; common criteria; documentation coverage; false negative rates; false positive rates; firewalls; intrusion detection systems; intrusion prevention systems; malicious traffic; networking devices; performance coverage; product defects; product life cycle; security criteria; security functionality coverage; security functions; self-protection coverage; stability coverage; Complexity theory; Computer security; Protocols; Stability criteria; Testing; Throughput; Common Criteria; ICSA; NSS; security criteria; self-protection; stability; stress;
