Systems Security Evaluation Using LSP Method
Peter KacherginskyOral Defence Date:
Tuesday, May 15, 2007 - 11:00Location:
Professor Jozo Dujmovic, and Professor Ilmi Yoon
The purpose of this project is to create a new method for quantitative evaluation and comparison of systems security. The methodology is based on the Logic Scoring of Preference (LSP) method for system evaluation. As a practical example of LSP method applicability for security systems evaluation we have evaluated security features and support of three operating systems: Windows XP, Ubuntu Linux, and FreeBSD. Using internationally accepted Common Criteria security standard as a foundation, we have divided each system into unique set of attributes that reflect security accounting, confidentiality, integrity, authentication, and availability of each system. The model evaluates more than 200 individual parameters of each system. In order to make LSP method more accessible for general use, we have also developed LSPDoc which is a tool capable of generating various types of LSP documentation and converting among all existing LSP storage formats. In addition to the aforementioned features, LSPDoc introduces an XML schema storage format for LSP data structures.