Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

eTVRA, a Threat, Vulnerability and Risk Assessment Tool for eEurope

  • Conference paper
Trust Management (iTrust 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3986))

Included in the following conference series:

Abstract

Securing the evolving telecommunications environment and establishing trust in its services and infrastructure is crucial for enabling the development of modern public services. The security of the underlying network and services environment for eBusiness is addressed as a crucial area in the eEurope action plan [2]. In response to this Specialist Task Force (STF) 292 associated with the European Telecommunication Standardisation Institute (ETSI) TISPAN [3] under contract from eEurope, has developed a threat, vulnerability and risk assessment (eTVRA) method and tool for use in standardisation. Using the eTVRA method and tool, the threats to a next generation network (NGN) can be analyzed and a set of recommended countermeasures identified that when implemented will reduce the overall risk to users of NGNs. In this paper we present the eTVRA method and tool along with the results of using the eTVRA for an analysis of a Voice over IP (VoIP) scenario of the NGN.

This work is supported by the eEurope initiative  and by the Research Council of Norway project SARDAS (152952/431).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. eEurope: Supporting the eEurope initiative (2005), http://portal.etsi.org/eeurope

  2. Council of the European Union: Council Resolution on the implementation of the eEurope 2005 Action Plan (2003)

    Google Scholar 

  3. European Telecommunication Standardisation Institute: Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) (2006), http://portal.etsi.org/tispan/TISPAN_ToR.asp

  4. International Standards Organization: ISO/IEC 15408, Information technology – Security techniques – Evaluation criteria for IT security (1999)

    Google Scholar 

  5. European Telecommunication Standardisation Institute: ETSI ETR 332, Security techniques advisory group (STAG)– Security Requirements Capture (1996)

    Google Scholar 

  6. Vraalsen, F., den Braber, I., Hogganvik, F., Stølen, K.: The CORAS tool-supported methodology for UML-based security analysis. Technical report STF90 A04015, SINTEF ICT (2004)

    Google Scholar 

  7. European Telecommunication Standardisation Institute: ETSI ES 202 382, Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Protection Profiles (2005)

    Google Scholar 

  8. International Standards Organization: ISO/IEC 13335, Information technology – Security techniques – Guidelines for the management of IT security (2001)

    Google Scholar 

  9. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session initiation protocol. RFC 3261 (2002)

    Google Scholar 

  10. Faltstrom, P., Mealling, M.: The E.164 to uniform resource identifiers (URI) dynamic delegation discovery system (DDDS) application (ENUM). RFC 3761 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Norwegian University of Science and Technology, Norway

    Judith E. Y. Rossebø

  2. Telenor R&D, Norway

    Judith E. Y. Rossebø

  3. Cadzow Communications, UK

    Scott Cadzow

  4. ETSI STF 292, The Netherlands

    Scott Cadzow & Paul Sijben

  5. Eem Valley Technology, The Netherlands

    Paul Sijben

Authors
  1. Judith E. Y. Rossebø
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Scott Cadzow
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paul Sijben
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Oslo, Norway

    Ketil Stølen

  2. Department of Computer Science, University of Texas, San Antonio, USA

    William H. Winsborough

  3. IIT CNR, Pisa, via Moruzzi, 1, 56125, Pisa, Italy

    Fabio Martinelli

  4. University of Trento, Povo, (Trento), Italy

    Fabio Massacci

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rossebø, J.E.Y., Cadzow, S., Sijben, P. (2006). eTVRA, a Threat, Vulnerability and Risk Assessment Tool for eEurope. In: Stølen, K., Winsborough, W.H., Martinelli, F., Massacci, F. (eds) Trust Management. iTrust 2006. Lecture Notes in Computer Science, vol 3986. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11755593_38

Download citation

  • DOI: https://doi.org/10.1007/11755593_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34295-3

  • Online ISBN: 978-3-540-34297-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics