liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Improvement and Scenario-Based Evaluation of the eXtended Method for Assessment of System Security
Linköping University, Department of Electrical Engineering.
2008 (English)Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

This master’s thesis consists of a scenario-based evaluation of an IT-security assessment method known as the eXtendedMethod for Assessment of System Security (XMASS), as well as an assessment of a real-world network using the softwareimplementation of this method known as the Security AssessmeNT Application (SANTA).This thesis also describes a number of improvements made to the software implementation, some which could also be addedto the method itself. These were performed during the preparation of the assessment but had no effect on the outcome.The evaluation showed that the method and implementation contained a number of flaws in the way the filtering effect ofthe traffic mediators of a network, such as network-based firewalls, was implemented. When it comes to the assessment ofthe real-world network it was seen that the network, given the supplied information regarding the software and hardwaresetup of its entities, appeared to be sufficiently secure to handle the transmission of data at the lowest classification level(Restricted). However, as with almost all security assessments, this does not mean that the network is guaranteed to besecure enough; it just indicates that, given the information specified, the network has the potential of being sufficientlysecure.The main conclusion of this thesis is that the way XMASS and SANTA calculates the effect of filtering traffic mediatorsshould be looked into and improved to increase the usability of the tool. The method can however still be used in its currentstate, but requires the individual(s) performing the assessment to be aware of the drawbacks of the current implementationand thus compensate for these when producing the input for the assessment method.

Place, publisher, year, edition, pages
2008. , 96 p.
Keyword
Combined Endeavor, Scenario-Based Evaluation, IT Security Assessment Tool, IT Security Assessment, IT Security
National Category
Computer and Information Science Other Computer and Information Science
Identifiers
URN: urn:nbn:se:liu:diva-16555ISRN: LiTH-ISY-EX--08/4177--SEOAI: oai:DiVA.org:liu-16555DiVA: diva2:158392
Presentation
2008-12-18, Systemet, Linköpings universitet, Linköping, 10:15 (English)
Uppsok
teknik
Supervisors
Examiners
Available from: 2009-02-03 Created: 2009-02-02 Last updated: 2009-02-03Bibliographically approved

Open Access in DiVA

fulltext(1527 kB)282 downloads
File information
File name FULLTEXT01.pdfFile size 1527 kBChecksum SHA-512
021a4b92ceec1b966857798c7b4cbbda64cb8c2f2b1adbcb3f7265587ffbb0b7e25695f04be55e150609629280562e6ef8f76966bd19dabb45961b1ca6ac6707
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Sundmark, Thomas
By organisation
Department of Electrical Engineering
Computer and Information ScienceOther Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 282 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 319 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf