User Manual
Contents
1. 31 TC Editor User s Manual TCT Editor Advanced Features Description Notes Change history Links to node CL cLarm Name Security of the utilised signature creation protocol U 0123456789 10 report Active view Main view Apply Cancel 1 Open the View menu from main menu 2 Select Trust Views menu option A Trust Evaluation Views Manager window appears 3 Choose an appropriate view from the list 4 Choose Activate the name of the newly activated view is written in red color in the list now 5 Choose Close to close the window 6 As a result a new name of the active view is displayed in node description WARNING The view is activated for the current session only Default view is restored in new session Managing views TRUST EVALUATION VIEWS MANAGER View details Name Second view Description Active view Main view New Modify Delete Default Activate Close 1 Open Trust Evaluation Views Manager window 2 To create a new view choose New 2a To modify an existing view select it from the list 2b type a new name and description 2c and choose Modify 2d To delete a view select it from the list 2b and choose Delete 2e To change the default view select a view to make default from the list 2b and choose Default 2f 3 Once done choose Close to close the Trust Evaluation Views Manager window 322. OL C2 Accep Expand All ET Information 1 OL C2 Accep Expand All i Information 11 Reference d Collapse All a H 11 Reference d Collapse All Cut Cut B Copy B Copy fl Delete ff Delete 1 Open the context menu for a parent node of a new node and choose New node Alternatively you can select a node and choose Edit gt New Node from the main menu 2 Choose a node type from the list of types of nodes which can be created WARNING Warrant node is created automatically with argument It cannot by added separately Editing node details Project Edit View Account Help Log out Project The Project Version New project version Role Developer 10 A trust case for an IT system OL CO System security 12 List of identified risks cL C1 Security of the utilised network protocols OL C2 Acceptability of the risk H 11 Reference directory Description Notes Change history Links to node iy ARGUMENT Name Argument by risks identified Label ao State Initial Include in report Description 7 Counterevidence 1 Select a node which should be edited 2 Enter the new details for the node e g node name description state 3 Click Apply 10 TC amp Editor User s Manual TCT Editor Key Features Editing references Project Edit View Account Help Log out Project The Project Version New project version Role
3. OL CO System security 8 Arg 40 Argument by identified risks wW WO Justification by reduction of all the identified risks 12 List of identified risks Gr R1 List of identified risks z B New Node CL C1 Security of the utilised net OL C2 Acceptability of the risk el View Reference 4 11 Reference directory l Refresh Cut B Copy if Delete Description Notes Change history Ta LINK Label Go to link target Include in report E REFERENCE Name List of identified risks Label R1 State Initial X Include in report _ Inline Description x Repository resource File path list_of_identified_risks pdf Repository default repository View Reference 1 Select a reference node to view 2 To view the reference choose View Reference from the details panel Alternatively you can choose View Reference from the context menu of the reference node or link to such node or select the reference node or link to such node and choose View gt View Reference from the main menu 12 TC amp Editor User s Manual TCT Editor Key Features Deleting a node Project Edit View Account Help il I0 A trust case for an IT system OL CO System sec Ly AD Argume idantifiad 44 WO Justifica New Node gt identified risks 12 List of iden a CL C1 Security of Refresh tocols OL C2 Accept
4. Project Edit Role Viewer Modify Set Password Close MY ACCOUNT PASSWORD X m Access L a Password Ga Confirm password 1 Choose Account gt My Account from the main menu 2 You may be allowed only to view your user s account or to change the account details and the password If you are allowed to modify your account enter the new details of your account 2a and click Modify 2b 3 To modify the password click Set Password 2c 4 Enter a new password in two fields 3a and click OK 3b 25 TA Editor User s Manual TCT Editor Advanced Features Configuring project s repositories In TCT Editor source documents and images for references are stored in online repositories accessed with URL If a repository is secured user s login name and password is also required REPOSITORIES TCAs Project Edit View Account Help B New lt Open 4 10 Atrustc Close Properties Repositories Copy Delet e aca Repository New Version Name XYZ repository Delete Version URL Repository Export to XMI Access Not established 5 Import from XML Generate Report New Modify Set Login amp Password Delete Close REPOSITORY ACCESS x Access Login Password Confirm password OK Cancel 1 Choose Project g
5. Developer AAA AAA EII E A E 4 10 A trust case for an IT system OL CO System security 11 Reference directory BB R2 List of network protocols Description Notes Change history Links to node Q Bj REFERENCE Name List of identified risks Label R1 State Initial Y Include in report Description 4 Inline Iv Repository resource File path list_of_identified_risks pdf Repository default repository View Reference 5 Apply Cancel 1 Select a reference node to edit 2 Enter the common details for the node e g node name description state 3 Configure the referred resource If the referred resource a file is stored in a pre configured repository tick the Repository resource checkbox 3a select the Repository 3b and enter the relative path to the file within the repository 3c If the referred resource a file is available directly in the Internet uncheck the Repository resource checkbox 3a and enter the resource full URL 3c 4 With Inline checkbox choose whether the referred resource will be put within the main report body checked or included in an appendix to the report unchecked 5 Click Apply to save the changes to the node 11 TC amp Editor User s Manual TCT Editor Key Features Viewing references Project Edit View Account Help Log out Project The Project Version New project version Role Developer E i I0 A trust case for an IT system
6. to include in a report Description Notes Change history Links to node i INFORMATION Name Reference directory Label I1 tate Initial Include in report Description You can decide which nodes branches of the trust case tree will be put in the generated report As a default all nodes in a trust case tree are set as included in report If you don t want to include some nodes with their descendants in the report you should edit the node details and uncheck Include in report checkbox 1 in the Description tab 30 TC Editor User s Manual TCT Editor Advanced Features Deleting assessments Description Notes Change history Links to node Trust evaluation 2 Belief Confidence level with low confidence Disbelief U tainty ncertainty 1 Select a node which is an assumption fact or warrant without an argument and has already been assessed using the account that the user works with 2 Choose Trust evaluation tab 3 Choose Delete assessment Selecting an active view TC __ _ _ lt n Py Expand All 10 A trust case for an IT system Collapse All Al View Reference Clipboard Traversal Tool Trust Views TRUST EVALUATION VIEWS MANAGER x Second view View details Name Second view Description Active view Main view mew Todi Delete peut aamate ose
7. 12 List of identified risk OL C1 Security of the utilis Traversal Tool OL C2 Acceptability of the 11 Reference directory Trust Views D Description Notes Change history Links to node i INFORMATION Name A trust case for an IT system 1 Choose View gt Traversal Tool from the main menu to show the tool 2 In the left bottom corner of the trust case tree area the Traversal Tool appears Using the arrows of the tool you can browse the trust case according to the history of visited selected nodes To go back to previously selected nodes choose the left arrow 2a To go forth to nodes selected later on choose the right arrow 2b If the history of visited nodes is not available an appropriate arrow is grayed out The Traversal Tool is transparent but you can always hide it choosing View gt Traversal Tool 1 from the main menu again 27 TC Editor User s Manual TCT Editor Advanced Features Viewing change history of a node Project Edit View Account Help Log out Project The Project Version New project version Role Developer E il 10 A trust case for an IT system gt OL CO System security identified risks Fs wW WO Justification by reduction of all the identified risks 12 List of identified risks CL C1 Security of the utilised network protocols C2 Acceptability of the risk H 4 11 Reference directory 2 Description Notes Change hist
8. IAG INFORMATION ASSURANCE GROUP Editor 3 USER S MANUAL Manual version 3 0 1 TCT Editor the on line trust case editor amp management tool is developed by Information Assurance Group Department of Software Engineering Gdansk University of Technology 2008 All rights reserved Table of Contents ABOUT CA EDITOR src a a 3 ACCE STO TE TEDIOSO da 4 TCT EDITOR MAIN SCREEN LAYOUT ccccsccscssceccsceccecescscecessescsscusescesesessscusessescusessussasens 4 WISER ROLES UN TE TEDTOR ois ets e St acne OS tte ale 5 TCE EDITOR KEY FEATURES scssssiscaucsctenccevccseasseeseestcncauessevenccdenasavassvecccosscoeestssecsO OPENING PROTECT o 6 CREATING NEW PROTECT tad ta 6 EDIMING PROJECT O DETAILS A iter esaeo ese ee J DELETINO A PROTECT crenn y ca 7 BROWSING THE TRUST CASE nesrin cate iio 8 CREATING AINE W NODE x eat 10 EDITING NODE DETAIL S 2d atado ii 10 EDITING REFERENCES cat lisas 11 VIEWING REFERENCES O a R Nahi aersn tas 12 DELETINO A NODE A a a dl dicos 13 MOVING ANODEUP OR DOWN es a ieee eaoleee 14 COPYING NODES CUTTING amp PASTING NODES ccccccecsccsccsccccuccesescecencescecescescescusessuseusens 15 EREATINGA LINK TO AUNODE a bebas 16 REFRESHING THE TRUST CAS Ea tbn 17 GENERATING AREPORT Sia E 18 ASSIGNING AGGREGATION RULES cccccceccscesceccecsscucescescuccusescuceusessesessescescuseeseseesescescucenss 19 ASSIGNING WEICH TS sirien ett Sect ada dah ak oh ae hs eal na gota de e ho Pea
9. Include in C rule NSC rule SC rule Active view Main view Select a warrant node in the trust case tree Choose a Description tab Choose an appropriate Rule from the drop down list Po NS E E Choose Apply to save the chosen aggregation rule Assigning weights Description Change history Links to node CL CLAIM Name Security of the utilised signature creation protocol Label State Weight Q Description S 1 25 45678939M Y Include in report Active view Main view 1 Select a premise i e an assumption claim or fact of an argument whose warrant s rule is set to C rule 2 Choose Description tab 3 Choose an appropriate Weight from the slide bar 4 Choose Apply to save the chosen weight WARNING The weight is assigned in the selected active view 19 TC amp Editor User s Manual TCT Editor Key Features Issuing assessments Project The Project Version Untitled version Role Assessor 5 WO Justification by reduction of all the identified risks 12 List of identified risks CL C1 Security of the utilised network protocols Arg A2 Argument by considering the list of protocols Ww W2 Justification by security of each of the protocols 13 List of network protocols used by the system CL C4 Security of the utilised signature creation protocol GLI C5 Securitv of the protocol Description Notes Change history Links to node Trust evaluation Q Belief C
10. abili Expand All 11 Reference direct amp Collapse All Cut B Copy vee 2 1 Open the context menu of a node 2 Choose Delete Alternatively you can select a node and choose Edit gt Delete from the main menu WARNING You cannot delete a node which is a link target delete all links to this node first You cannot also delete a tree branch if it contains link targets of links from outside of this branch If a link target is detected it is opened in the details panel after the error message WARNING You cannot delete a warrant node It is deleted together with its argument 13 TC amp Editor User s Manual TCT Editor Key Features Moving a node up or down Moving a node up TCAs Project Edit View Account Help E il 10 A trust case for an IT system OL CO System security Arg AD Argument by risks identified Ww WO Justification by reduction of all the identified risks j 12 List 4 Ye risks 41 OL C1 Securi OL C2 Acceptabi B New Node E il 11 Reference direc autilicad noatunork nrotocols b Refresh E Expand All amp Collapse All Move Up Q 22 Move Down Cut B Copy if Delete 1 Open the context menu of a node which should be moved up 2 Choose Move Up Alternatively you can select a node and choose Edit gt Move Up from the main menu Moving a node down TCAs Project Edit View Account Help E 10 A trust c
11. ase for an IT system OL CO System security E Arg A0 Argument by risks identified wW WO Justification by reduction of all the identified risks 12 List of ified risks E CL C1 Secur the utilicad notuark nrotocols OL C2 Acceptabi E New Node j 11 Reference direc Refresh amp Expand All amp Collapse All Move Up Q de Cut B Copy fv Delete 1 Open the context menu of a node which should be moved down 2 Choose Move Down Alternatively you can select a node and choose Edit gt Move Down from the main menu TIP Move up or Move down option is not available for the first excluding warrant and last child node respectively WARNING You cannot move up or down the warrant node It must be the first child node of its parent argument 14 TC amp Editor User s Manual Copying nodes cutting amp pasting nodes Project Edit View Account Help il 10 A trust case for an IT system a CL CO System security wW WO Justi on by reduction of all the identified risks ied risks ha utilicad notmnrk nrotocols gt 12 List OL C1 Secu OL C2 Acceptabi New Node 11 Reference direc il 3 Refresh R E Expand All amp Collapse All Pr y de Move Up Move Down Cut b Copy ff Delete Project Edit View 8 il I0 A trust case for an IT system CL CO System security Arg 40 Argument by risks identified TCT Editor Key F
12. ated by TCT administrator Created on 2008 03 04 16 42 Project none Version none Role Developer 1 Select a project from the projects tree The project s details will be shown in Details Panel 2 Enter the new project s name and description 3 Click Apply Deleting a project Projects June 2005 Pilot trust case ENE The Project H ISO IEC 27001 2005 template ISO 14971 2000 template 1 Select a project in the project s tree TCAs Project Edit View Account Help Project B New a Open 3 Projects Close H June 200 aR The Proji H ISO IEC Delete New Version Delete Version Export to XML 5 Import from XML Properties Configure Edit View Account Help PER Generate Report 2 Choose Project gt Delete from the main menu Alternatively you can choose Delete from the projects context menu WARNING All versions are deleted No undo is provided TC amp Editor User s Manual TCT Editor Key Features Browsing the trust case Opening nodes Project Edit View Account Help E il I0 A trust case for an IT system CL CO System security H Arg 40 Argument by risks identified fl 11 Reference directory 1 Click the cross sign next to a node icon The tree will be expanded and all children of the node will be shown Displaying node details Project The Project Project Edit View Account Help Log out Version New pr
13. d Features Creating a new project s version 1 TCAs Project Edit View Account Help Sy Projects 9 June 2005 Pilot trust case EE The Project ISO IEC 27001 2005 template ISO 14971 2000 template Project Edit View Account Help B New o E Open 3 Projects Close lt 9 June 200 Properties Eye The Proje Configure H 4 ISO IEC H ISO 149 Copy Delete Delete Version Export to XML 4 Import from XML GS Generate Report 1 Select a project in the project s tree 2 Choose Project gt New Version from the main menu Alternatively you can choose New Version from the projects context menu As a result a new version is created It is a copy of the last created version It becomes a default version for the project which means that it is opened when a project is opened see the following clause Opening a project s version TCAs Project Edit View Account Help a Projects H June 2005 Pilot trust case a The Project New project versio ate ISO IEC 27001 2005 ISO 14971 2000 template Project Edit View Account Help New PA ES a Open Projects Close H June 200 Properties lt 9 The Proje New p OE o copy H ISO IEC Delete E 49 ISO 149 Configure New Version Delete Version Export to XMI 5 Import from XML CH Generate Report 1 Expand the project s list of versions 1a and select a project s version
14. eatures Account Help E wW WO Justification by reduction of all the identified risks 12 List of identified risks mant hu accantahility analysis CL C1 ity of the utilised network protocols BY c ability of the risk de B i 11 Referenc New Node E Refresh Expand All Collapse All Cut Copy Paste a Paste as Link T Delete NODE CLIPBOARD COPY x CL Claim C1 Security of the utilised network protocols Paste Paste as Link Clear 1 Open the context menu of a node to copy or cut together with all its descendants 2 Choose Copy or Cut Alternatively you can select a node and choose Edit gt Copy or Edit gt Cut from the main menu The NODE CLIPBOARD window will appear if it wasn t opened before 3 Open the context menu of the node which should be the new parent of the copied or cut node and its descendant nodes 4 Choose Paste You can also select a node and choose Edit gt Paste from the main menu or choose Paste in the NODE CLIPBOARD window TIP Paste option is not available if the type of the copied or cut node is not among the allowed children types of the selected parent node WARNING You cannot cut or copy the warrant node 15 TC amp Editor User s Manual Creating a link to a node Project Edit View Account 10 A trust case for an IT system gt GL CO System security y AD Argument by risks identif
15. ectory Description Notes Change history Links to node 1 Select a node 2 Choose Links to node tab The list contains all the links that have the selected node as their target if any 3 To go to a link node targeting the selected node choose this link node from the list 3a and choose Go to link button 3b 29 TC Editor User s Manual TCT Editor Advanced Features Going to link target Project Edit View Account Help Log out Project The Project Version New project version Role Developer E il I0 A trust case for an IT system OL CO System security y AD Argument by identified risks wW WO Justification by reduction of all the identified risks 12 List of identified risks CL C1 Security of the utilised network protocols GL C2 Acceptability of the risk E amp A8 Argument by acceptability analysis W W8 Justification by acceptance of residual risk C1 Security of the utilised network protocols 11 Reference directory Description Notes Change history Ola LINK Label Go to link target v Include in report CL CLAIM Name Security of the utilised network protocols Label C1 State Initial x Include in report Description Apply Cancel 1 Select a link which has a target 2 Choose Go to link target As a result the link target is selected in the tree and displayed in the Details Panel Selecting nodes
16. he argument and related evidence which together demonstrate that an object exhibits certain properties Trust cases have a tree like structure with several dedicated node types claims arguments with warrants facts assumptions references information nodes and links TCT Editor can store many trust cases and their versions categorized into projects General scenario of TCT Editor usage is presented below 1 2 Open or create gt Define top level project claim 3 Develop argument strategy 4a Identify facts 5 4 Provide evidence Define premises 4b Identify assumptions 4c Identify sub claims 1 Open a trust case to develop open a project its specific version or create a new project 2 Define the object property to argue e g system trustworthiness as the top level claim of the trust case 3 Develop argument strategy to conclude about the argued claim from premises which are easier to be demonstrated 4 Identify and document premises a Identify facts statements of verified information about something that is the case or has happened b Identify assumptions statements assumed to be true for which no evidence is provided c Identify sub claims statements to be further argued for 5 Identify documents with evidence to appropriate premises and attach them via references TC amp Editor User s Manual Introduction Access to TCT Edito
17. ied wW WO Justifj by reduction of all the identified risks E il 12 Listo ied risks autilicad notuiork nrotocols b OL C1 Secu OL C2 Acceptabi B New Node 11 Reference direc ei Refresh Expand All Collapse All Move Up Move Down TCT Editor Key Features Project Edit View Account Help E il I0 A trust case for an IT system CL CO System security Arg 40 Argument by risks identified E wW WO Justification by reduction of all the identified risks 12 List of identified risks BL c1y ity of the utilised network protocols BY c ability of the risk de umant hu accantahility analysis 11 Referenc New Node Refresh NODE CLIPBOARD COPY x Expand All Collapse All CL Claim C1 Security of the utilised network protocols Cut Copy Paste Paste Paste as Link Clear fa Paste as Link ff Delete 1 Open the context menu of the node which will be the target of a new link 2 Choose Copy Alternatively you can select a node and choose Edit gt Copy from the main menu The NODE CLIPBOARD window will appear if it wasn t opened before 3 Open the context menu of the node which will be the parent of a new link 4 Choose Paste as Link Alternatively you can choose Paste as Link button of the NODE CLIPBOARD window or Edit gt Paste as Link from the main menu TIP Paste as Link option is not available if the node type of the l
18. ink target is not among the allowed children types of the selected parent node WARNING You cannot create link to a warrant node or to another link 16 TC amp Editor User s Manual TCT Editor Key Features Refreshing the trust case Project Edit View Account Help Log out Project The Project Version New project version Role Developer E il I0 A trust case for an IT system OL CO System security H A WO Justification by red 4 12 List of identified risks l Ly A2 Argument by conside Expand All W W2 Justification by s Collapse All tocols E il 13 List of network pri m CL C4 Security of the uti de Cut brotocol OL C5 Security of the B Copy CL C2 Acceptability of the risk Paste 11 Reference directory fa Paste as Link T Delete Description Notes Change history Links to node iy ARGUMENT Name argument by risks identified Label FT State Initial y Jv Include in report Description Counterevidence 1 Open the context menu for a node that should be refreshed 2 Choose Refresh Alternatively you can select a node and choose View gt Refresh from the main menu The branch of the tree is reloaded so that it contains the current branch content that might have been changed by other people working simultaneously on the same trust case 17 TC amp Editor User s Manual TCT Editor Key Features G enerating a report Project Edit View Acc
19. licod notuorl neotoacg s y A2 Argument Ey New Node gt protocols W W2 Justific _ OS of the protocols e 13 List of ni r the system T R2 List Expand All E CL C4 Security Collapse All 2 protocol Arg A3 Argui of thie protocol security W W3 Ju A Move Up nts related to a formal analysis CL c6 Pri Y Move Down s demonstration by the formal analysis CL C7 Pr amp Cut s and identified risks accordance OL C5 Security Copy OL C2 Acceptability Y Delete ij 11 Reference directory Refresh 1 Open the context menu for a node that should be collapsed 2 Choose Collapse All Alternatively you can select a node and choose View gt Collapse All from the main menu The branch of the tree is collapsed and all the branches of all the descendants of the node are collapsed TC amp Editor User s Manual TCT Editor Key Features Creating a new node TC Project Edit View Account Help Project Edit View Account Help E il I0 A trust case for an IT system E il 10 A trust case for an IT system CL CO System security CL CO System security E Arg 40 Argument bx risks identified Arg AO Argument bx risks identified Fa W WO Justi New Node CL Claim E Ww WO Justii New Node CL Claim e 12 List of iJ Fact H 12 List of i Fact Refresh Refresh z OL C1 Secur ES Assumption CL C1 Secur AS Assumption ne gt
20. ly you can choose Export to XML from the project s context menu 3 If a project is exported successfully you see an information explaining that the exported file does not contain historic node versions and logins and passwords for repositories 3a Additionally a browser window is displayed allowing to save the exported TCT file 3b Save this file in a convenient place on your local computer All versions of the selected project are exported to the TCT file 24 TC Editor User s Manual TCT Editor Advanced Features Importing a project from XML Project Edit View Account Help E New a Open e yq Y Projects Close IMPORT PROJECT x June 200 Properties Em The Projd Configure H 4 ISO IEC 6 49 ISO 149 0 Copy Delete New Version Delete Version Export to XML 4 Import from XML Generate Report 1 Choose Project gt Import from XML from the main menu or from Projects context menu 2 Press Browse select a TCT file to import from your local computer 2a and click OK 2b If a project is imported successfully you see a confirmation message and a new project appears in the projects tree Viewing and editing my user s account 2 MY ACCOUNT Account details Projects b Login bob June 2005 Pilot trust case The Project Real name TCT sample viewer ISO IEC 27001 2005 template Affiliation IAG DSE GUT H ISO 14971 2000 template E mail Phone
21. n Delete Version Export to XML 5 Import from XML So Generate Report 1 Select a project in the project s tree 2 Choose Project gt Copy from the main menu Alternatively you can choose Copy from the projects context menu A new project is created with a copy of the last created version of the selected project 23 TC Editor User s Manual TCT Editor Advanced Features Exporting a project to XML 1 Project Edit View Account Help Project Edit View Account Help E New E 7 Open Projects Projects Close 9 June 2005 Pilot trust case H June 200 Properties a SA Ewe The Proji Configure 43 ISO IEC 27001 2005 template ISO IEC H ISO 14971 2000 template 47 ISO 149 h Copy Delete New Version Delete Version Export toxMt 4 Import from XML Generate Report Project Edit View Account Log out E Ey Projects Trust Case example You have chosen to open _ Trust_Case_example tct which is a TCT file from http localhost 8080 What should Firefox do with this file C Openwith Browse Ga e Save to Disc Fhe page at http 77localhost 8080 says x Tl Do this automatically for files like this from now on The exported project did not include historic node versions and logins amp passwords for repositories 1 Select a project in the project s tree 2 Choose Project gt Export to XML from the main menu Alternative
22. ng a project 1 TCs Project Edit View Account E Projects H June 2005 Pilot trust case Ege The Project H ISO IEC 27001 2005 template a ISO 14971 2000 template Edit View Account i New Close Properties Configure Copy Delete New Version Delete Version Export to XML 4 Import from XML S Generate Report 5 Select a project in the project s tree 6 Choose Project gt Open from the main menu Alternatively you can choose Open from the projects context menu Latest project version will be open Creating a new project Project Edit View Account Help a Open Close Properties Configure Copy Delete New Version Delete Version Export to XML 4 Import from XML amp Generate Report 1 Choose Project gt New from the main menu Alternatively you can choose New from the context menu of Projects tree node A new untitled project will be created and added to the projects tree You can then edit its details to define title and description for the new project TC amp Editor User s Manual Editing project s details TCT Editor Key Features TCAs Project Edit View Account Help Projects June 2005 Pilot trust case oge The Project ISO IEC 27001 2005 template ISO 14971 2000 template 49 PROJECT Name The Project Description An examle of argumentation used to present the concept of Trust Cases Log out Description a Hide Cre
23. oject version Role Developer 10 A trust case for an IT system CL CO System security Description Notes Change history Links to node iy ARGUMENT Name argument by risks identified Label ao Initial y State V Include in report f Counterevidence Description Apply Cancel 1 Select a node from the tree Information about the selected node will be displayed in the details panel TC amp Editor User s Manual TCT Editor Key Features Expand all Project Edit View Account Help E il I0 A trust case for an IT system OL CO System security 5 Arg A0 Argument by risks identified ES wW WO Justification by reduction of all the identified risks 4 12 List of id d risks QL C1 COLON i cols CL C2 Acceptability New Node d 11 Reference director Refresh Q Collapse All Move Up Move Down Cut Copy Delete 1 Open the context menu for a node that should be expanded 2 Choose Expand all Alternatively you can select a node and choose View gt Expand All from the main menu The branch of the tree is expanded and all the descendants of the node are displayed Collapse all TCAs Project Edit View Account Help E il I0 A trust case for an IT system OL CO System security y AD Argument by risks identified W WoO ne by reduction of all the identified risks 12 List of id risks GL C1 Security ati
24. onfidence level Disbelief Uncertainty Decision 1 Select a node which is an assumption fact or warrant without a supporting argument and has not been assessed yet using the account that the user works with 2 Choose Trust evaluation tab 3 Choose Create assessment As a result a new assessment is created with a default value set to ack of confidence Description Notes Change history Links to node Trust evaluation Confidence level Belief ae with low confidence Disbelief LL Uncertainty 4 Choose an appropriate confidence level 4a and decision 4b using the slide bars 5 Alternatively instead of step 4 choose an appropriate assessment using the pointer on the opinion triangle The horizontal dimension red green scale represents your decision while the vertical dimension red green yellow represents your confidence in the decision 6 To confirm and save your assessment choose Apply 20 TC amp Editor User s Manual TCT Editor Key Features Viewing aggregated assessments Notes Change history Links to node Trust evaluation Belief Confidence level Disbelief with very high confidence Uncertainty Decision 5 tolerable 1 Select a node which is an argument assumption claim fact or warrant 2 Choose Trust evaluation tab 3 See the aggregated assessment of this node 21 T Editor User s Manual TCT Editor Advanced Features TCT Editor Advance
25. ory Links to node Changes i fSelect version Arg Pdr y 2008 03 04 16 42 TCT administrator IAG DSE GUT 2008 03 04 16 42 TCT administrator IAG DSE GUT Name Argument by risks identified Label AD State Initial x Include in report _ Counterevidence Description 1 Choose a node 2 In the details panel choose Change history tab 3 Open the drop down list 4 Choose an item in the list A historic version of the node information will be displayed in the tab The list contains the history of all the changes of the node information since its creation WARNING The tab provides only browsing capabilities so that it is not possible to undo changes by clicking apply which is not active WARNING Historic versions of links are displayed together with their link target as in description tab However the link target is a node from the trust case tree instead of its historic version 28 TC Editor User s Manual TCT Editor Advanced Features Viewing links to a node Project Edit View Account Help Log out Project The Project Version New project version Role Developer E il 10 A trust case for an IT system OL CO System security 8 Arg 40 Argument by identified risks wW WO Justification by reduction of all the identified risks 4 12 List of identified risks C1 Security of the utilised network protocols OL C2 Acceptability of the risk E il 11 Reference dir
26. ount Help cia CL CO System security E Arg A0 Argument by risks identified E wW WO Justification by reduction of all the identified risks E il 12 List of identified risks CL C1 Security of the utilised network protocols OL C2 Acceptability of the risk 11 Reference directory E New ol Open i MATET Close OL CO Syste Properties y AO Ar Configure gt y WO H 4 12 Copy El CL C1 Delete CL C2 11 Refer New Version Delete Version Export to XML 5 Import from XML Generate Report View Account Help d on of all the identified risks retwork protocols REPORT GENERATOR Configuration RTF Report file format E O te Numeration of pages Enabled O Disabled Number for the first page 1 Last modification date Enabled O Disabled Appendix with TC tree Attached Not attached Appendix orientation Portrait O Landscape CONCLUSION SUPPORTING ARGUMENT A1 Argument by demonstrating soundness of the risks list ing soundness o modified 04 03 08 16 42 Modified by ToT administrator Risks list d because appropriate methodology State initial istis sound becau was used hy qualified people H FACT FO Effective risk analysis methodolog Last modified 04 03 08 16 42 TCT administrator y 1 Choose a node which descendants should be incl
27. r TCT Editor is an online application accessed with an internet browser It is best run under Firefox 2 0 however Internet Explorer 7 is also supported Please make sure that session cookies and JavaScript are enabled in your browser AX ES INFORMATION ASSURANCE GROUP TC amp Editor 3 0 log in Username Password log in To log in enter your user s name and password and click the log in button TCT Editor main screen layout Project name Project Edit View Account Help Log out Project none Version none Role Developer Sy Projects June 2005 Pilot trust case Main menu ue The Project H ISO IEC 24 Open m4 ISO 1497 ay D Copy Context menu Delete New Version Details panel Export to XML details of selected tree node Projects or Drag bar to resize tree and panel trust case tree E Button to hide or show detail panel EN Description 43 PROJECT Name The Project Created by TCT administrator An examle of argumentation used to present the concept of Trust Cases Created on 2008 03 04 16 42 Description Buttons to apply or cancel A changes to selected tree node TC amp Editor User s Manual Introduction User roles in TCT Editor TCT Editor distinguishes the following roles of users e Viewer browses projects and trust cases cannot edit anything Developer creates and manages projects edits trust cases Assessor evaluates trust cases canno
28. sete 19 ISSUING ASSESS MENTES cda iii 20 VIE WINGAGGREG ATEDASSESS MEN TS td tdi 21 CREATING A NEW PROJECT S VERSION 0 ccscsscescscoscscceccsccccsccsccscesccccsccceccscesceccscssceccseesees 22 OPENING A PROJECT S VERSION teta idiotas 22 DELETING A PROJECT S VERSION Edo 23 OP YUNG APR OVC Vetere tiered e e a ad e cease 23 EXPORTING A PROJECTTO Ml dado cds Se 24 IMPORTING A PROJECT FROM XML atlas 25 VIEWING AND EDITING MY USER S ACCOUNT ccccccsccsccsceccsccsceccssescuseesescescusessescesessessuseess 23 CONFIGURING PROJECT S REPOSITORIES ccccscsscscceccccsscecesceccuccesescucensescsescescescucessuseusens 26 BROWSING A TRUST CASE WITH TRAVERSAL TOOL cooncncncncncncncncncococncncncncncononononenenenenenonos DA VIEWING CHANGE HISTORY OF A NODE ccccsccscsscsccsccscsscscescecescescsessescescscessesessescescesenss 28 VIEWING LINKS TOANODE e ie Di 29 GOING TO LINK TARGE Ti nia 30 SELECTING NODES TO INCLUDE IN A REPORT cccsccscsccscscsscscsscscsscscscescscesescesescssesceseseecess 30 DELETING ASSESSMENTS sscsscssccccsccsceccsccscssceccsccccsccsccscescecscccseccsceseeccscsscesescescecsecescess 31 SELECTING ANAC TIVE VIEW wires ee o ad E ar 31 MANAGING VIEW Sa e ci da 32 TC amp Editor User s Manual Introduction Introduction About TCT Editor TCT Editor is an on line team oriented software tool supporting development of argumentation structures trust cases Trust cases encompass t
29. t Configure gt Repositories from the main menu 2 To add a new repository click New 2a The new repository is given a default name To modify a repository select it in the list enter a new name and a URL and click Modify 2b To change login and password to a repository click Set Login amp Password 2c In the window which appears 3 provide a login and password and click OK 3a To delete a repository select it in the list and click Delete 2d Click Close 2e to finish configuring the repositories WARNING All changes made in this window are directly applied to the repositories list WARNING Repositories which are used by references in the trust case tree or repositories which are used by historic versions of references cannot be deleted 26 TC amp Editor User s Manual TCT Editor Advanced Features Browsing a trust case with Traversal Tool Traversal Tool remembers which nodes have been selected while browsing the trust case and allows to go back and forth among the selected nodes in the order in which they have been selected It s main use is to easily go back to a previously selected node to do check something and then return to the current node of interest Project Edit View Account Help Log out gt Refresh Expand All j 10 A trust case for an IT syster amp Collapse All OL CO System security fl View Reference de A0 Argument by risks iden W WO Justification by red Clipboard
30. t edit projects or trust cases Administrator manages user s accounts can use all features The list of the TCT Editor features available to particular roles is given below Feature Viewer Developer Assessor Editing project s details YO l Deleting a project YA l O Browsing the trustcase O J yY YO l vi Creating a new node YA l O Editing node details l y l O Editing references YA l Viewing references A YA o Y Deletinganode YO YA l O Moving a node up or down y l O Creating a link to a node Refreshing the trust case Y YO YO YO Generating a repot YO YA l O Assigning aggregation rules Jo YO S Assigning weights YO YA l O s SISISISISISINSISIS s NSISISIS Issuing assessments TT S vyo Viewing aggregated assessments Y J o o Z T o Creating a new project s verson O J y J o Opening a project s version y Y Y SINIS Deleting a projects version 07o copying a project Importing a project frommi T Viewing and editing my users account VW Configuring projects repositories S 7 So Browsing a trust case with traversal tool 7 O v O7 Viewing change history ofanode 7v O7 7 Viening links to a mode Going to link target Selecting nodes to indude in areport Deleting assessments SPSS 7 Managing views OR i Editing only if permitted by the administrator on per account basis is s UNS Sy NIN S TC amp Editor User s Manual TCT Editor Key Features Openi
31. to open 1b 2 Choose Project gt Open from the main menu Alternatively you can choose Open from the project version s context menu 22 TC Editor User s Manual TCT Editor Advanced Features Deleting a project s version 1 TCAs Project Edit View Account Help Projects June 2005 Pilot trust case H The Project New project version IM initial version ISO IEC 27001 2005 template ISO 14971 2000 template lt 3 Open 3 Projects Close H June 20 Properties The Proje 7 New p DE b copy Project Edit View Account Help E New Configure H ISO IEC H ISO 149 Delete New Version Delete Version Export to XMI 4 Import from XML CH Generate Report 1 Select a project s version to delete 2 Choose Project gt Delete Version from the main menu Alternatively you can choose Delete Version from the project versions context menu TIP The last and only project version cannot be deleted Delete the entire project instead WARNING No undo is provided You cannot undelete a deleted project version Copying a project TCAs Project Edit View Account Y Projects June 2005 Pilot trust case ENE The Project ISO IEC 27001 2005 template ISO 14971 2000 template Project Edit View Account Help B New is Open 3 Projects Close June 200 Properties mee The Proj Configure 5 49 ISO IEC 3 150 149 m bay Delete New Versio
32. uded in a report 2 Choose Project gt Generate Report from the main menu Initial modified 04 03 08 16 42 TCT administrator 3 To generate a report with default settings click OK 3b in the window which appears To set up properties of a report which will be generated choose appropriate options by selecting radio buttons in the configuration panel 3a before you click OK 3b You can a select a report file format available formats RTF HTML PDF b enable or disable the numeration of pages c seta number of the report first page d enable or disable information in the report about the last modification date of nodes e allow or not to additionally generate an appendix with graphic presentation of the trust case tree f choose page orientation portrait or landscape of the appendix with graphic presentation of the trust case tree 4 If a report is generated successfully the browser window is displayed making it possible to save the generated report Save the report in a convenient place on your local computer If you chose a HTML format of the report during the report configuration step or if you attached the appendix a ZIP archive will be generated with all report files 18 TC amp Editor User s Manual TCT Editor Key Features Assigning aggregation rules Description Change history Links to node W W WARRANT Name Justification by security of each of the protocols Label State Description v
Download Pdf Manuals
Related Search