Security guideline tool for home users based on international standards

The level of security of home information systems can be described as their capacity to resist all the accidental or deliberate malicious activities based on the evaluation assurance levels (EAL) as defined in international standards. The purpose of this paper is to propose a security guideline tool for home users based on the implementation of a protection profile (PP) for home user systems.

The application was developed in three basic steps. First, a PP for home user systems was created on the basis of the international standard ISO/IEC 15408. Then, the paper created a knowledge base including the PP information, as well as a security policy including other international standards, as mentioned above. Finally, the paper created a web application tool to be used as a security guideline for home users.

This tool is developed in order to support users to understand the threats which affect their environment and select the appropriate security policy. By using this tool, users can access information about international standards in accordance to their level of knowledge.

The authors created a tool based on EAL4. In the future, tools based on EAL1, EAL2, and EAL3 can be created easily on the basis of the present model.

This PP specifies the security requirements for home user information technology (IT) environments, and makes use of the Department of Defense information assurance guidelines and policies as a basis for establishing the requirements necessary for meeting the security objectives. This PP is constructed for use as a reference for home users to create safe home IT environments. Operating systems evaluated against this PP can operate at EAL4.