16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana
Protection Profiles for Remailer Mixes - Do the new Evaluation Criteria help?
Early IT security evaluation criteria like the TCSEC and the ITSEC suffered
much criticism for their lack of cover-age of privacy-related requirements.
Recent evaluation criteria, like the CC and the ISO-ECITS now contain
components assigned to privacy. This is a step towards enhanced privacy
protection, especially for non-experts. We examined the suitability and use
of these components and the criteria as a whole by specifying a number of
Protection Profiles (PPs) for remailer mix networks, as mix networks aim at
user anonymity and unobservable message transfer. This contribution reports
on the PPs and the experiences gained. It also introduces proposals for
improving the criteria that were derived from this work.
Read Paper (in PDF)