The Community for Technology Leaders
Computer Security Applications Conference, Annual (2000)
New Orleans, Louisiana
Dec. 11, 2000 to Dec. 15, 2000
ISSN: 1063-9527
ISBN: 0-7695-0859-6
pp: 107
K. Rannenberg , Microsoft Res., Cambridge, UK
G. Iachello , Microsoft Res., Cambridge, UK
ABSTRACT
Early IT security evaluation criteria such as the TCSEC and the ITSEC suffered much criticism for their lack of coverage of privacy-related requirements. Recent evaluation criteria, such as the CC and the ISO-ECITS now contain components assigned to privacy. This is a step towards enhanced privacy protection, especially for non-experts. We examined the suitability and use of these components and the criteria as a whole by specifying a number of protection profiles (PPs) for remailer mix networks, as mix networks aim at user anonymity and unobservable message transfer. This contribution reports on the PPs and the experiences gained. It also introduces proposals for improving the criteria that were derived from this work.
INDEX TERMS
data privacy; electronic mail; information technology; certification; protection profiles; remailer mixes; evaluation criteria; IT security evaluation criteria; privacy-related requirements; privacy protection; remailer mix networks; user anonymity; unobservable message transfer; information technology; CC; ISO-ECITS; TCSEC; ITSEC
CITATION

G. Iachello and K. Rannenberg, "Protection profiles for remailer mixes - Do the new evaluation criteria help?," Computer Security Applications Conference, Annual(ACSAC), New Orleans, Louisiana, 2000, pp. 107.
doi:10.1109/ACSAC.2000.898864
91 ms
(Ver 3.3 (11022016))