• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.57-67
• /
• 2003

Security Policy Model is a structured representation using informal, semiformal or formal method of security policy to be enforced by TOE. It provides TOE to get an assurance to mitigate security flaws resulted from inconsistency between security functional requirements and functional specifications. Therefore, Security Policy Model has been required under an hish evaluation assurance level on an evaluation criteria such as ISO/IEC 15408(Common Criteria, CC). In this paper, we present an evaluation method for security policy model based on assurance requirements for security policy model in Common Criteria through an analysis of concepts, related researches and assurance requirements for security policy model.

• The Journal of Society for e-Business Studies
• /
• v.10 no.3
• /
• pp.67-83
• /
• 2005

Common Criteria(CC) was announced in June, 1999 in order to solve a problem which be happened by applying a different evaluation criteria among nations. Currently, a official version is v2.2 and v3.0 is a draft version. Because an evaluation demand is increased in the inside and outside of the country, an evaluation market growth is expected. Also, It needs methodology and work automation and project management for evaluation. In this paper, we propose A CC based Security Evaluation Management System(CC-SEMS) that is managing evaluation resources(deliverables , evaluation criteria, evaluators) and is useful in evaluation environment efficiently. CC-SEMS is to have integrated project management, workflow management, process management and is composed of deliverables, Evaluation Activity Program(EAP), Management Object(MO), Evaluation Database(EDB), Evaluation Workflow Engine(EWE).

• Journal of Digital Contents Society
• /
• v.5 no.2
• /
• pp.95-100
• /
• 2004

For improve level of information security, the necessity of evaluation and certification of Information Security System(ISS) in increasing. Evalustion and Certification Institute have evaluated ISS for risk prevention of information dysfunction in an advanced countries. But, the problem of the time and cost occurred when it is caused by with application of unlike evaluation criteria each other. The result of effort to solution, Common Criteria(CC) and Common Evaluation Methodology(CEM) is using for evaluation of ISS and mutual recognition. Evaluation participant is needed flexible and active interpretation of CC and CEM for an efficient evaluation preparation and performance.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.71-80
• /
• 2010

This thesis is purposed on developing security product co-evaluation statistics administrate program which is can administrate or analysis CC accreditation product using by DEVS modeling via portal site of member of CCRA. Via developing security product evaluation statistics administrate program, it can analysis the trend of all countries of the world in many ways, and noticed the ways of evaluation and accreditation of most countries via scheme analysis. Except this, it can analysis the situation of accreditation trend of any countries via data analysis of ICCC 2009. Also, For trend analysis to evaluation technique of CCRA member, it analyzed up to date technology and policy of the evaluation organization and the Certification Authority of most countries. And it peformed analysis the most trend of information security of evaluation authorization in CCRA member countries. In this program, It provide the function of trend statistics analysis which can statically analyzed the evaluation accreditation trends of most countries and automatical statistics by categorization ( by Product, Class and statistics in national) and report creation functions which can easily extraction and use the needed data. It has been updated the related informations until latest accredited product using by CC(Common Criteria) portal home page's data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.3
• /
• pp.63-78
• /
• 1998

Recently, to use the evaluated firewall is recognized as a solution to achieve the security and reliability for government and organizarions in Korea. Results of firewall evaluation using ITSEC(Information Technology Security Evaluation Criteria) and CCPP(Common Criteria Protection Peofile)have been announced. Because there are problems to apply ITSECor CCPP for the firewall evaluation in korea environment, korea government and korea Information security Agency (KISA) decided to develop our own security dvaluation critrtia fir firewalls.As a result of the efforts, Korea firewall security evaluation criteria has been published on Feb. 1998. In this paper, we introduce Korea security evaluation criteria for firewalls. The ceiteria consists of functional and assurance requirements that are compatible with CC Evaluation Assurance Levels(EALs)

• Review of KIISC
• /
• v.10 no.3
• /
• pp.1-12
• /
• 2000

정보보호시스템을 평가하기 위한 기준은 보안기능 요구사항 및 보증요구 사항으로 이루어진다 본고에서는 미국의 TCSEC(Trusted Computer System Evaluation Criteria)과 유럽의 ITSEC(Information Technology Security Evaluation Criteria) 국제표준 (SIO/IEC 15408) 으로 제정된 CC(Common Criteria for Information Technology Secuirty Evaluation)의 보안 기능 요구사항을 비교, 분석하고 국내에서 개발된 침입차단시스템과 침입탐지시스템 평가기준, 현재개발중인 사용자인증용 스마트카드 평가기준의 보안기능 요구사항을 소개한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.131-144
• /
• 2010

IT developed countries since the late 1980s are used to develop IT security evaluation criteria to ensure safety and reliability of information protection products. Currently a variety of products used for the evaluation based on CC and it takes a long period of product evaluation is required to reduce the developers and users. In this paper refer to the published standard evaluation schedule for the EAL4 calculation model offers a trial period. In addition, based on this commitment by adjusting the number of evaluaters to evaluate the applicant in the evaluation period to minimize the position offers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.39-50
• /
• 2005

An evaluation demand and a market growth regarding evaluation and certification are increasing because the importance of information Security is gradually rising to solve the information disfunction. Therefore, it is necessary the cost-effect evaluation management of the Information Security System(ISS). In this paper, we propose the Semi-automated Evaluation Workflow Management System(Sa-EWMS) based on the Common Criteria(CC) which performs and manages evaluation work through the procedure when evaluator evaluates the Information Security System(ISS). The Sa-EWMS is solving a problem of consumption of time and effort and performing efficient evaluation, it is playing a significant role that traces workflow process of each work of the Engines and controls performance. It will be able to use useful the private evaluation enterprise which confront in an evaluation demand and a market growth.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.171-182
• /
• 2014

Common Criteria is a scheme that minimize IT products's vulnerabilities in accordance with the evaluation assurance level. SSDLC(Secure Software Development Lifecycle) is a methodology that reduce the weakness that can be used to generate vulnerabilities of software development life cycle. However, Common Criteria does not consider certificated IT products's vulnerabilities after certificated it. So, it can make a problem the safety and reliability of IT products. In addition, the developer and the evaluator have the burden of duplicating evaluations of IT products that introduce into the government business due to satisfy both Common Criteria and SSDLC. Thus, we researched the relationship among the Common Criteria, the static code analysis tools, and the SSDLC. And then, we proposed how to combine SSDLC into Common Criteria.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.25-34
• /
• 2004

Common Criteria(CC, ISO/IEC 15408) is an international standard for evaluation of Information Suity Systems(ISS). There need a suitable evidence of estimation of evaluation cost in an evaluation facility under the CC-based evaluation and assurance scheme. In this paper, we propose an evaluation effort model, which is based not only on assurance-level but also on product-type of ISS, by means of real experience of real evaluators, use-ratio concept and the Function Point of security function. The model is based not on a real evaluation environment of evaluation facility, but on CC, public PPs and product specific STs. Our result might be used as a basic model for estimation of evaluation cost and time of ISS in an CC-based evaluation and assurance scheme.