Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.5.1257

A Study on Protection Profile for Multi-function Devices  

Lee, Dongubm (Seowon University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.5, 2015 , pp. 1257-1268 More about this Journal
Abstract
Multi-functional devices was originally an equipment performing image processing, but function transmitting image data digitized by combining fax function and function of network are added and it was rapidly developed. Also, functions of internet application, application expansion, remote sharing and image treatment were added to multi-functional devices. But, multi-functional devices can cause security vulnerability such as data exposure, eavesdropping, etc. because of the threatening by network connection. Therefore, common criteria of multi-functional devices are necessary, but there is no protection profile for multi-functional devices now. Therefore, concrete standards of evaluation are not applied to evaluate secure for products, so it was difficult to maintain uniformity of evaluation quality. Therefore, this paper developed protection profile for multi-functional devices based on common criteria of evaluation so as to analyze threats of multi-functional devices and use secure multi-functional devices.
Keywords
Multi-functional devices; Common Criteria; Protection Profile;
Citations & Related Records
연도 인용수 순위
  • Reference
1 https://www.niap-ccevs.org/ccra/
2 http://www.commoncriteriaportal.org/iccc/
3 Xu, L., Wang, B., Zhang, N., Goto, Y., Cheng, J., "Providing Users with Suitable Services of Information Security Engineering Cloud based on ISO/IEC 15408," IEEE 4th International Conference on Software Engineering and Service Science, Beijing, China, pp. 321-325, 2013.
4 CCRA, "Vision statement for the future direction of the application of the CC and the CCRA," Common Criteria Recognition Arrangement Common Criteria Management Committee Vision Statement, pp. 1-4, Sep. 2012.
5 CCRA, "Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model," v3.1r4, pp. 29-47, Sep. 2012.
6 CCRA, "Common Criteria for Information Technology Security Evaluation, Part 2: Security functional components," v3.1r4, pp. 13-184, Sep. 2012.
7 CCRA, "Common Criteria for Information Technology Security Evaluation, Part 3: Security assurance components," v3.1r4, pp. 9-17, Sep. 2012.
8 http://www.commoncriteriaportal.org
9 IEEE, "IEEE Standard for a Protection Profile in Operational Environment A," pp. 33-49, Sep. 2009.
10 IEEE, "IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std. Operational Environment B," pp. 35-52, Feb. 2010.
11 IEEE, "US Government Protection Profile for Hardcopy Devices," v1.0, pp. 5-14, Feb. 2010.
12 Taguchi, K., Yoshioka, N., Tobita, T., Kaneko, H., "Aligning security requirements and security assurance using the common criteria," Fourth International Conference on Secure Software Integration and Reliability Improvement, pp. 69-77, Jun. 2010.
13 Canon, "Canon image RUNNER ADVANCE C5200 Series 2600.1 model Security Target," v1.05, pp. 13-24, Oct. 2012.
14 IPA, "Research Report on the Security of MFPs," v1.0, pp 20-32, Aug. 2013.
15 FUJI XEROX, "Xerox Multi-Function Device Security Target," v1.4, pp. 18-26, Dec. 2014.
16 Hewlett-Packard, "LaserJet Enterprise MFP M525, M725, and M830 Series and Color LaserJet Enterprise MFP M575, M775, and M880 Series Firmware with Jetdirect Inside Security Target," v2.0, pp. 12-30, Jun. 2014.
17 TOSHIBA, "Loops/e-STUDIO306LP Multifunctional Digital Systems Security Target." v1.0, pp. 4-16, Nov. 2014.
18 FUJI XEROX, "Xerox D136 Copier/Printer Security Target," v1.0.3, pp. 21-27, Aug. 2013.
19 FUJI XEROX, "Xerox Work Centre 7232/7242 Security Target," v1.0.4, pp. 8-17, Feb. 2008.
20 RICOH, "RICOH MP 1601/1301 Security Target," v1.1, pp. 11-23, May. 2013.
21 KONICA MINOLTA, "bizhub C253/bizhub C203/ineo+253/ineo+203 Control Software Security Target," v1.03, pp. 18-25, Sep. 2007.
22 National Cyber Security Center, "Smart Card Open Platform Protection Profile," v2.2, pp. 13-20, Dec. 2010.
23 National Cyber Security Center, "Network Intrusion Prevention System Protection Profile," v2.1, pp. 11-20, June. 2010.
24 RICOH, "MP 2001/2501 series Security Target," v1.0, pp. 34-31, Apr. 2013.
25 National Cyber Security Center, "Software-based Secure USB System Protection Profile," v1.0, pp. 11-17, Apr. 2010.
26 TOSHIBA, "e-STUDIO 2555c/3055c.3555c/4555c/5055c/2555cse/3055cse/3555cse/4555cse/5055cse Multifunctional Digital Systems Security Target," v1.0, pp. 14-41, Apr. 2013.
27 RICOH, "MP 1601/1301 Security Target," v1.1, pp. 35-39, May. 2013.
28 Cannon, "Canon image RUNNER ADVANCE 8200 Series 2600.1 model Security Target," v1.04, pp. 19-23, Mar. 2013.
29 Cannon, "Canon image RUNNER ADVANCE 6200 Series 2600.1 model Security Target," v1.04, pp. 29-44, Mar. 2013.
30 Cannon, "Canon image RUNNER ADVANCE C2200 Series 2600.1 model Security Target," v1.1, pp. 48-51, Jun. 2013.
31 KONICA MINOLTA, "bizhub C554e/bizhub C454e/bizhub C364e/bizhub C284e/bizhub C224e PKI Card System Control Software Security Target," v1.06, pp. 27-45, Jun. 2013.
32 RICOH, "Canon image RUNNER ADVANCE C9200 PRO Series/C7200 Series 2600.1 model Security Target," v1.08, pp. 29-44, Mar. 2013.
33 RICOH, "MP C4503/C4503G/C5503/C5503G/C6003G , MP C4503A/C5503A, MP C6003 (Ricoh/Savin/Lanier/nashuatec/Rex-Rotary/Gestetner/infotec) Security Target," v1.0, pp. 34-41, Oct. 2013.