Browse > Article
http://dx.doi.org/10.13089/JKIISC.2007.17.1.133

A Study on the Security Requirements for Developing Protection Profiles  

Zheng, He (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Lee, Kwang-Woo (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Kim, Seung-Joo (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Won, Dong-Ho (Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University)
Abstract
As a formal document that expresses a set of security requirements for IT products that meets specific consumer needs in the ISO/IEC 15408(CC, Common Criteria) evaluation, protection profiles are developing by many national agencies and companies recently. Since a protection profile is a criteria for security evaluation when the IT systems and products are introduced, the importance of the protection profile is increasing. However, developing protection profiles are still difficult due to lack of detailed methodology and guidance to analyze security environments or to derive security requirements. In this paper, we analyze foreign instances of developing protection profiles and propose a methodology for deriving security requirements through analyzing the TOE security environment.
Keywords
Citations & Related Records
연도 인용수 순위
  • Reference
1 CC: ISO/IEC 15408 Information technology-Security technology-Evaluation criteria for IT security V2.3, August 2005
2 'Information Assurance Technical Framework Documents,' Release 3.1, National Security Agency, September 2002
3 Frank Swiderski, Window Snyder, Threat Modeling, Microsoft Press, 2004
4 'Consistency Instruction Manual For Development of US Government Protection Profiles For Use in Medium. Robustness Environments,' Release 3.0, National Security Agency, February 2005
5 Debra S. Herrmann, Using the Common Criteria for IT Security Evaluation, Auerbach Publications, 2003
6 Ron Ross, Stu Katzke, Arnold Johnson, Marianne Swanson, Gary Stoneburner, George Rogers, 'Recommended Security Controls for Federal Information Systems, NIST Special Publication 800-53,' National Institute of Standards and Technology, 2006