The Heimdal Framework presented in this thesis is a step towards an unambiguous framework that reveals the objective strength and weaknesses of the security of components.
It provides a way to combine different aspects affecting the security of components such as category requirements, implemented security functionality and the environment in which it operates in a modular way, making each module replaceable in the event that a more accurate module is developed.
The environment is assessed and quantified through a methodology presented as a part of the Heimdal Framework. The result of the evaluation is quantitative data, which can be presented with varying degrees of detail, reflecting the needs of the evaluator.
The framework is flexible and divides the problem space into smaller, more accomplishable subtasks with the means to focus on specific problems, aspects or system scopes. The evaluation method is focusing on technological components and is based on, but not limited to, the Security Functional Requirements (SFR) of the Common Criteria.
Source: Linköping University
Authors: Bond, Anders | Påhlsson, Nils