{"title":"Evaluating the security levels of the Web-Portals based on the standard ISO/IEC 15408","authors":"Dang-Hai Hoang, P. T. Nga","doi":"10.1145/3287921.3287985","DOIUrl":null,"url":null,"abstract":"Evaluating the security level of the Web-Portal is an urgent need, but it is not yet paid enough attention. A quantitative method is a key factor in analyzing security level evaluation. The formal model of the standard ISO/IEC 15408 and some other security standards cannot be directly applied to Web-Portals due to the generality and the abstraction of the model. The prestigious model of OWASP (Open Web Application Security Project) provides many best practices for Web application, but it is sill not enough for a quantitative evaluation and it is hardly applicable to compare the security level of different Web applications. This paper proposes a model and a quantitative method for evaluating the security levels of the Web-Portals based on the standard ISO/IEC 15408, which is highly feasible in the practice.","PeriodicalId":448008,"journal":{"name":"Proceedings of the 9th International Symposium on Information and Communication Technology","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 9th International Symposium on Information and Communication Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3287921.3287985","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Evaluating the security level of the Web-Portal is an urgent need, but it is not yet paid enough attention. A quantitative method is a key factor in analyzing security level evaluation. The formal model of the standard ISO/IEC 15408 and some other security standards cannot be directly applied to Web-Portals due to the generality and the abstraction of the model. The prestigious model of OWASP (Open Web Application Security Project) provides many best practices for Web application, but it is sill not enough for a quantitative evaluation and it is hardly applicable to compare the security level of different Web applications. This paper proposes a model and a quantitative method for evaluating the security levels of the Web-Portals based on the standard ISO/IEC 15408, which is highly feasible in the practice.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
