A probe quality metric taxonomy for assurance evaluation

Abstract

Commonly, assurance is considered as "something said or done to inspire confidence". It is clear from this definition that the fundamental part of assurance is confidence. However, the level of confidence inspired from a statement or an action depends on the ―quality‖ of its source. Inspired by the Systems Security Engineering Capability Maturity Model (SSE-CMM) and the Common Criteria, we tailored five ordinal levels of quality levels for probes performing the verification of system security measures; different levels of quality being possible depending on the coverage, rigor, depth and Independence of the verification. The metric taxonomy is intended to assist IT Products manufacturers in developing their products or systems and in identifying security requirements to be satisfied for their products or systems to be assured at some level of quality as far as assurance evaluation is concerned. It could also benefit consumers in supporting them in selecting IT security products depending on their organizational needs, while IT security evaluators may use it as reference when forming judgments about the quality of a security product

    Similar works