Abstract
In evaluation and certification framework based on ISO/IEC 15408 and ISO/IEC 18045, a Security Target, which contains the specifications of all security functions of the target system, is the most important document. Evaluation on Security Targets must be performed as the first step of the whole evaluation process. However, evaluation on Security Targets based on ISO/IEC 15408 and ISO/IEC 18045 is very complex. Evaluation process involves of many tasks and costs lots of time when evaluation works are performed by human. Besides, it is also difficult to ensure that evaluation is fair and no subjective mistakes. These issues not only may result in consuming a lot of time, but also may affect the correctness, accuracy, and fairness of evaluation results. Thus, it is necessary to provide a supporting tools that supports all tasks related to the evaluation process automatically to improve the quality of evaluation results at the same time reduce the complexity of all evaluator and certifiers’ work. However, there is no such supporting tool existing until now. This paper proposes a supporting tool, called Security Target Evaluator, that provides comprehensive facilities to support the whole process of evaluation on Security Targets based on ISO/IEC 15408 and ISO/IEC 18045.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
International Organization for Standardization: ISO/IEC 15408: 2009, Information Technology Security Techniques Evaluation Criteria for IT Security Part 1: Introduction and General Model (2009)
International Organization for Standardization: ISO/IEC 15408–2: 2008, Information Technology Security Techniques Evaluation Criteria for IT Security Part 2: Security Functional Components (2008)
International Organization for Standardization: ISO/IEC 15408–3: 2008, Information Technology Security Techniques Evaluation Criteria for IT Security Part 3: Security Assurance Components (2008)
International Organization for Standardization. ISO/IEC 18045: Information Technology Security Techniques Methodology for IT Security Evaluation (2008)
Herrmann, D.S.: Using the Common Criteria for IT Security Evaluation. Auerbach Publications, New York (2002)
Higaki, W.H.: Successful Common Criteria Evaluations: A Practical Guide for Vendors. CreateSpace, Lexington (2010)
Lightfoot, D.: Formal Specification Using Z, 2nd edn. Red Globe Press, London (2000)
ORA Canada. Z/EVES. http://oracanada.com/z-eves/welcome.html. Accessed 29 Sept 2018
Members of the Common Criteria Recognition Arrangement. https://www.commoncriteriaportal.org/ccra/members/. Accessed 29 Sept 2018
IBM DB2 Express-C. https://www.ibm.com/analytics/jp/ja/technology/db2/db2-trials.html. Accessed 20 Nov 2018
Yajima, K., Morimoto, S., Horie, D., Azreen, N.S., Goto, Y., Cheng, J.: FORVEST: a support tool for formal verification of security specifications with ISO/IEC 15408. In: Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES 2009), Fukuoka, Japan, pp. 624–629. IEEE Computer Society Press (2009)
Bao, D., Miura, J., Zhang, N., Goto, Y., Cheng, J.: Supporting verification and validation of security targets with ISO/IEC 15408. In: Proceedings of 2nd International Conference on Mechatronic Sciences, Electric Engineering and Computer (MEC 2013), Shenyang, China, pp. 2621–2628. IEEE Press (2013)
Morimoto, S., Shigematsu, S., Goto, Y., Cheng, J.: Classification, formalization and verification of security functional requirements. In: Geffert, V., Karhumäki, J., Bertoni, A., Preneel, B., Návrat, P., Bieliková, M. (eds.) SOFSEM 2008. LNCS, vol. 4910, pp. 622–633. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-77566-9_54
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Bao, D., Goto, Y., Cheng, J. (2019). A Supporting Tool for IT System Security Specification Evaluation Based on ISO/IEC 15408 and ISO/IEC 18045. In: U., L., Lauw, H. (eds) Trends and Applications in Knowledge Discovery and Data Mining. PAKDD 2019. Lecture Notes in Computer Science(), vol 11607. Springer, Cham. https://doi.org/10.1007/978-3-030-26142-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-26142-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26141-2
Online ISBN: 978-3-030-26142-9
eBook Packages: Computer ScienceComputer Science (R0)