liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Improvement and Scenario-Based Evaluation of the eXtended Method for Assessment of System Security
Linköping University, Department of Electrical Engineering.
2008 (English)Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

This master’s thesis consists of a scenario-based evaluation of an IT-security assessment method known as the eXtendedMethod for Assessment of System Security (XMASS), as well as an assessment of a real-world network using the softwareimplementation of this method known as the Security AssessmeNT Application (SANTA).This thesis also describes a number of improvements made to the software implementation, some which could also be addedto the method itself. These were performed during the preparation of the assessment but had no effect on the outcome.The evaluation showed that the method and implementation contained a number of flaws in the way the filtering effect ofthe traffic mediators of a network, such as network-based firewalls, was implemented. When it comes to the assessment ofthe real-world network it was seen that the network, given the supplied information regarding the software and hardwaresetup of its entities, appeared to be sufficiently secure to handle the transmission of data at the lowest classification level(Restricted). However, as with almost all security assessments, this does not mean that the network is guaranteed to besecure enough; it just indicates that, given the information specified, the network has the potential of being sufficientlysecure.The main conclusion of this thesis is that the way XMASS and SANTA calculates the effect of filtering traffic mediatorsshould be looked into and improved to increase the usability of the tool. The method can however still be used in its currentstate, but requires the individual(s) performing the assessment to be aware of the drawbacks of the current implementationand thus compensate for these when producing the input for the assessment method.

Place, publisher, year, edition, pages
2008. , 96 p.
Combined Endeavor, Scenario-Based Evaluation, IT Security Assessment Tool, IT Security Assessment, IT Security
National Category
Computer and Information Science Other Computer and Information Science
URN: urn:nbn:se:liu:diva-16555ISRN: LiTH-ISY-EX--08/4177--SEOAI: diva2:158392
2008-12-18, Systemet, Linköpings universitet, Linköping, 10:15 (English)
Available from: 2009-02-03 Created: 2009-02-02 Last updated: 2009-02-03Bibliographically approved

Open Access in DiVA

fulltext(1527 kB)265 downloads
File information
File name FULLTEXT01.pdfFile size 1527 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Sundmark, Thomas
By organisation
Department of Electrical Engineering
Computer and Information ScienceOther Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 265 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 304 hits
ReferencesLink to record
Permanent link

Direct link