The research proposed herein is intended to solve two problems, namely (1) to define a method for the analysis of protection profiles (e.g., those of the Common Criteria for IT Security, FIPS 140 series) for distributed systems, networks, and their subsystems in a precise and systematic manner; and (2) to provide a set of automated tools to support profile development and analysis. Precise analysis methods and tools for profile requirements and components have not been available because a formal basis for classifying and analyzing the dependencies among these requirements and components does not exist to date. Furthermore, a systematic way of composing security components into a profile in a manner that enables the demonstration of their effectiveness in countering a specific set of threats is also lacking. While useful in practice, extant profile development tools are in effect simple aids for the display, manipulation, storage, and formatting of textual requirements. These tools do not satis
our profile development, analysis and effectiveness goals. The overall objective of this project is to develop a precise method and a set of tools for the analysis and synthesis of protection profiles, and for the specification of security targets based on a wide variety of security-requirement sets of different sizes and complexity. COMMERCIAL APPLICATIONS: The profile development and analysis method and tools, when fully implemented, will provide a significant measure of confidence in consistency, completeness, and effectiveness of protection profiles and security targets. We envision that the method and tools would be used for the development and analysis of new protection profiles by both private industry, government, and commercial security certification services both in the U.S. and internationally, for both the Common Criteria and other, more specialized, security standards, e.g., cryptographic frameworks.