eTVRA, a Threat, Vulnerability and Risk Assessment Tool for eEurope

  • Judith E. Y. Rossebø
  • Scott Cadzow
  • Paul Sijben
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3986)


Securing the evolving telecommunications environment and establishing trust in its services and infrastructure is crucial for enabling the development of modern public services. The security of the underlying network and services environment for eBusiness is addressed as a crucial area in the eEurope action plan [2]. In response to this Specialist Task Force (STF) 292 associated with the European Telecommunication Standardisation Institute (ETSI) TISPAN [3] under contract from eEurope, has developed a threat, vulnerability and risk assessment (eTVRA) method and tool for use in standardisation. Using the eTVRA method and tool, the threats to a next generation network (NGN) can be analyzed and a set of recommended countermeasures identified that when implemented will reduce the overall risk to users of NGNs. In this paper we present the eTVRA method and tool along with the results of using the eTVRA for an analysis of a Voice over IP (VoIP) scenario of the NGN.


Session Initiation Protocol International Standard Organization Risk Assessment Tool Service Availability Communication Denial 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    eEurope: Supporting the eEurope initiative (2005),
  2. 2.
    Council of the European Union: Council Resolution on the implementation of the eEurope 2005 Action Plan (2003)Google Scholar
  3. 3.
    European Telecommunication Standardisation Institute: Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) (2006),
  4. 4.
    International Standards Organization: ISO/IEC 15408, Information technology – Security techniques – Evaluation criteria for IT security (1999)Google Scholar
  5. 5.
    European Telecommunication Standardisation Institute: ETSI ETR 332, Security techniques advisory group (STAG)– Security Requirements Capture (1996)Google Scholar
  6. 6.
    Vraalsen, F., den Braber, I., Hogganvik, F., Stølen, K.: The CORAS tool-supported methodology for UML-based security analysis. Technical report STF90 A04015, SINTEF ICT (2004)Google Scholar
  7. 7.
    European Telecommunication Standardisation Institute: ETSI ES 202 382, Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Protection Profiles (2005)Google Scholar
  8. 8.
    International Standards Organization: ISO/IEC 13335, Information technology – Security techniques – Guidelines for the management of IT security (2001)Google Scholar
  9. 9.
    Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session initiation protocol. RFC 3261 (2002)Google Scholar
  10. 10.
    Faltstrom, P., Mealling, M.: The E.164 to uniform resource identifiers (URI) dynamic delegation discovery system (DDDS) application (ENUM). RFC 3761 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Judith E. Y. Rossebø
    • 1
    • 2
  • Scott Cadzow
    • 3
    • 4
  • Paul Sijben
    • 4
    • 5
  1. 1.The Norwegian University of Science and TechnologyNorway
  2. 2.Telenor R&DNorway
  3. 3.Cadzow CommunicationsUK
  4. 4.ETSI STF 292The Netherlands
  5. 5.Eem Valley TechnologyThe Netherlands

Personalised recommendations