• Journal of the Korea Institute of Military Science and Technology
• /
• v.10 no.1
• /
• pp.55-69
• /
• 2007

The paper provides the approach to apply formal methods to the development and certification criteria of defense safety/security-critical software. RTCA/DO-178B is recognized as a do facto international standard for airworthiness certification but lack of concrete activities and vagueness of verification/certification criteria have been criticized. In the case of MoD Def Stan 00-55, the guidelines based on formal methods are concrete enough and structured for the defense safety-related software. Also Common Criteria Evaluation Assurance Level includes the strict requirements of formal methods for the certification of high-level security software. By analyzing the problems of DO-178B and comparing it with MoD Def Stan 00-55 and Common Criteria, we identity the important issues In safety and security space. And considering the identified issues, we carry out merging of DO-178B and CC EAL7 on the basis of formal methods. Also the actual case studies for formal methods applications are shown with respect to the verification and reuse of software components.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.61-76
• /
• 2002

To ensure PKI systems' reliability, the security for PKI systems evaluation is required. But, unfortunately, the systematic security evaluation and certification of PKI systems is insufficient. In Korea, Firewall and intrusion detection system's security evaluation and certification has been enforced, but research of PKI systems’ evaluation is insufficient. This paper provides a PKI system evaluation criteria. This paper specifies a 7 level of the functional and assurance security requirements for a PKI system. And this PKI system evaluation criteria provides a compatibility with CC(Common Criteria) and KISES(Korea Information Security Evaluation Systems).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.141-153
• /
• 2009

Recently, public and national institutions establish secure system with installed and operational by IT products for security. They required the Common Criteria for assurance of IT products. However, many company hard to decide when IT products release and develop investment because of cost and spend-time problem. Therefore, in this paper, we analyze domestic and international IT products evaluation services, and proposes simplification IT products evaluation service compared with previous services.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.3
• /
• pp.441-457
• /
• 2011

In this study, the axiomatic design(AD) method is applied to construct the hierarchical structure of evaluation criteria and the AHP method is used to calculate the weights of criteria in order to develop the proposal evaluation index for the overseas weapon system purchasing projects. The common evaluation items as main categories are selected through the review of evaluation criteria from the previous works and projects, relevant regulations and defense policy, and the design matrix using fuzzy concept is established and evaluated by the expert group in each design phase to determine the independency, that is the satisfaction of decoupled or uncoupled design, for each criteria in the same hierarchy when they are derived from the main categories. The establishment of decoupled or uncoupled design matrix provides mutually exclusiveness of how small number of DPs can be accounted for FRs within the same hierarchy. The proposal evaluation index developed in this study will be used as a general proposal evaluation index for the overseas weapon system purchasing projects which there are no systematically established evaluation tools.

• Convergence Security Journal
• /
• v.8 no.2
• /
• pp.7-13
• /
• 2008

In domestic and international, evaluation of product with Common Criteria(CC) for security product estimation is expanding standard of product estimation. This expansion is due to multi aspects of product versions. However, it is very difficult to approach the most suitable form of security estimation guide in the developer's perspective, because estimation basis presented to developers is indefinite. With this pending dilemma, we are presenting a composition product introduce definite security standard for information security products.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.557-564
• /
• 2003

This paper analyzes the side channel attacks for smartcard devices, and proposes the smartcard suity evaluation criteria for side-channel attacks. To setup the smartcard security evaluation criteria for side-channel attacks, we analyze similar security evaluation criteria for cryptographic algorithms, cryptographic modules, and smartcard protection profiles based on the common criterion. Futhermore, we propose the smartcard security evaluation criteria for side-channel attacks. It can be useful to evaluate a cryptosystem related with information security technology and in addition, it can be applied to building smartcard protection profile.

• The Journal of Society for e-Business Studies
• /
• v.8 no.3
• /
• pp.69-86
• /
• 2003

A Protection Profile(PP) is a common security and assurance requirements for a specific class of Information Technology security products such as firewall and smart card. A PP should be included "TOE(Target of Evaluation) Security Environment", which is consisted of subsections: assumptions, treat, organizational security policies. This paper presents a new threats statement generation method for developing TOE security environment section of PP. Our survey guides the statement of threats in CC(Common Criteria) scheme through collected and analysed hundred of threat statements from certified and published real PPs and CC Tool Box/PKB that is included a class of pre-defined threat and attack statements. From the result of the survey, we present a new asset classification method and propose a threats statement generation model. The former is a new asset classification method, and the later is a production rule for a well formed statement of threats.

• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.251-257
• /
• 2015

Intrusion protection system is a security system that stop abnormal traffics through automatic activity by finding out attack signatures in network. Unlike firewall or intrusion detection system that defends passively, it is a solution that stop the intrusion before intrusion warning. The security performance of intrusion protection system is influenced by security auditability, user data protection, security athentication, etc., and performance is influenced by detection time, throughput, attack prevention performance, etc. In this paper, we constructed a convergence performance evaluation model about software product evaluation to construct the model for security performance evaluation of intrusion protection system based on CC(Common Criteria : ISO/IEC 15408) and ISO international standard about software product evaluation.

• Fashion & Textile Research Journal
• /
• v.9 no.1
• /
• pp.81-88
• /
• 2007

This study aimed to develop priorities alternatives based on relative rather than absolute assignments on clothing evaluative criteria. The relative comparison approach includes much redundancy and is thus less sensitive to judgemental errors common to techniques using absolute assignments. By deriving evaluative criteria for consumers in choosing clothing, and considering their relative important or value in the priority of evaluation elements. When the consumer selects clothing, it requires multi-criteria decision making exercise and needs to make trade-offs between different alternatives. With an application of the AHP's hierarchical structuring and pair-wise comparisons, this study will determine the weight and priorities of evaluation factor in clothing evaluative criteria in choosing cloth, which will eventually lead to improve management. Items for the setting priority were decided as 'symbol', 'practicality', 'economy', 'vogue', and 'aesthetic' by council. The data for this research were collected from respondents of 108 females in Busan. Data were analyzed by frequency and AHP. As the results, 'economy' was decided as a most important item. And 'a fashionable color' evaluated as that of first priority in the totality evaluation elements.

• Journal of KIISE:Software and Applications
• /
• v.27 no.2
• /
• pp.134-147
• /
• 2000

Even though software industry has been activated, there lack in results of studies on evaluation effort and cost of software systems including Information Technology Security System (ITSS). In this paper, we present a process and a tool for evaluation effort and cost of ITSS, which are conformed to a ITSS evaluation criteria(i. e., Common Criteria or ISO/IEC 15408), by utilizing Evaluation Work Break-down Structure (EWBS) and conventional software development cost estimation methods. Even though we concentrate on ITSS, results of this paper can be applied to estimation of effort and cost of evaluation of software development process and software products.