A Supporting Tool for IT System Security Specification Evaluation Based on ISO/IEC 15408 and ISO/IEC 18045

Bao, Da; Goto, Yuichi; Cheng, Jingde

doi:10.1007/978-3-030-26142-9_1

Da Bao¹⁰,
Yuichi Goto¹⁰ &
Jingde Cheng¹⁰

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 11607))

Included in the following conference series:

Pacific-Asia Conference on Knowledge Discovery and Data Mining

855 Accesses
1 Citations

Abstract

In evaluation and certification framework based on ISO/IEC 15408 and ISO/IEC 18045, a Security Target, which contains the specifications of all security functions of the target system, is the most important document. Evaluation on Security Targets must be performed as the first step of the whole evaluation process. However, evaluation on Security Targets based on ISO/IEC 15408 and ISO/IEC 18045 is very complex. Evaluation process involves of many tasks and costs lots of time when evaluation works are performed by human. Besides, it is also difficult to ensure that evaluation is fair and no subjective mistakes. These issues not only may result in consuming a lot of time, but also may affect the correctness, accuracy, and fairness of evaluation results. Thus, it is necessary to provide a supporting tools that supports all tasks related to the evaluation process automatically to improve the quality of evaluation results at the same time reduce the complexity of all evaluator and certifiers’ work. However, there is no such supporting tool existing until now. This paper proposes a supporting tool, called Security Target Evaluator, that provides comprehensive facilities to support the whole process of evaluation on Security Targets based on ISO/IEC 15408 and ISO/IEC 18045.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

International Organization for Standardization: ISO/IEC 15408: 2009, Information Technology Security Techniques Evaluation Criteria for IT Security Part 1: Introduction and General Model (2009)
Google Scholar
International Organization for Standardization: ISO/IEC 15408–2: 2008, Information Technology Security Techniques Evaluation Criteria for IT Security Part 2: Security Functional Components (2008)
Google Scholar
International Organization for Standardization: ISO/IEC 15408–3: 2008, Information Technology Security Techniques Evaluation Criteria for IT Security Part 3: Security Assurance Components (2008)
Google Scholar
International Organization for Standardization. ISO/IEC 18045: Information Technology Security Techniques Methodology for IT Security Evaluation (2008)
Google Scholar
Herrmann, D.S.: Using the Common Criteria for IT Security Evaluation. Auerbach Publications, New York (2002)
Book Google Scholar
Higaki, W.H.: Successful Common Criteria Evaluations: A Practical Guide for Vendors. CreateSpace, Lexington (2010)
Google Scholar
Lightfoot, D.: Formal Specification Using Z, 2nd edn. Red Globe Press, London (2000)
Google Scholar
ORA Canada. Z/EVES. http://oracanada.com/z-eves/welcome.html. Accessed 29 Sept 2018
Members of the Common Criteria Recognition Arrangement. https://www.commoncriteriaportal.org/ccra/members/. Accessed 29 Sept 2018
IBM DB2 Express-C. https://www.ibm.com/analytics/jp/ja/technology/db2/db2-trials.html. Accessed 20 Nov 2018
Yajima, K., Morimoto, S., Horie, D., Azreen, N.S., Goto, Y., Cheng, J.: FORVEST: a support tool for formal verification of security specifications with ISO/IEC 15408. In: Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES 2009), Fukuoka, Japan, pp. 624–629. IEEE Computer Society Press (2009)
Google Scholar
Bao, D., Miura, J., Zhang, N., Goto, Y., Cheng, J.: Supporting verification and validation of security targets with ISO/IEC 15408. In: Proceedings of 2nd International Conference on Mechatronic Sciences, Electric Engineering and Computer (MEC 2013), Shenyang, China, pp. 2621–2628. IEEE Press (2013)
Google Scholar
Morimoto, S., Shigematsu, S., Goto, Y., Cheng, J.: Classification, formalization and verification of security functional requirements. In: Geffert, V., Karhumäki, J., Bertoni, A., Preneel, B., Návrat, P., Bieliková, M. (eds.) SOFSEM 2008. LNCS, vol. 4910, pp. 622–633. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-77566-9_54
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Department of Information and Computer Sciences, Saitama University, Saitama, Japan
Da Bao, Yuichi Goto & Jingde Cheng

Authors

Da Bao
View author publications
You can also search for this author in PubMed Google Scholar
Yuichi Goto
View author publications
You can also search for this author in PubMed Google Scholar
Jingde Cheng
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Da Bao .

Editor information

Editors and Affiliations

University of Macau, Macao, China
Leong Hou U.
Singapore Management University, Singapore, Singapore
Hady W. Lauw

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Bao, D., Goto, Y., Cheng, J. (2019). A Supporting Tool for IT System Security Specification Evaluation Based on ISO/IEC 15408 and ISO/IEC 18045. In: U., L., Lauw, H. (eds) Trends and Applications in Knowledge Discovery and Data Mining. PAKDD 2019. Lecture Notes in Computer Science(), vol 11607. Springer, Cham. https://doi.org/10.1007/978-3-030-26142-9_1

Download citation

DOI: https://doi.org/10.1007/978-3-030-26142-9_1
Published: 12 September 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26141-2
Online ISBN: 978-3-030-26142-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics