Tool-assisted Security Assessment of Distributed Applications

Peter Herrmann, Lars Wiebusch, Heiko Krumm

Universität Dortmund, FB Informatik, LS IV, D-44221 Dortmund
E-Mail: {Peter.Herrmann| krumm}@cs.tu-dortmund.de, lars_wiebusch@hotmail.com

Abstract

The CORBA security services support the flexible provision of security features. Their employment, however, has to be tailored to the assets and threats of a system. We relate the corresponding analysis and design of CORBA systems with traditional security analysis, risk assessment, and countermeasure planning as it is in the scope of information system security standards. Since security analysis tends to be difficult and error-prone, we combine that proposal with our object-oriented security analysis and modeling approach. It employs object-oriented modeling techniques and tool-assistance in order to facilitate the analysis and assure its quality even in case of extensive systems.

Key Words

Security analysis, risk assessment, Common Criteria, CORBA security services, object-oriented security analysis

Published in

Proceedings of the 3rd IFIP WG6.1 International Working Conference on Distributed Applications and Interoperable Systems (DAIS'2001), pages 289-294, Krakow, September 2001, Kluwer Academic Publisher.

Obtaining the paper

Due to the copyright agreement between the publisher and the authors we are not allowed to make the paper available online. If you have problems to obtain it, please call us.