• Proceedings of the KIEE Conference
• /
• 2003.07d
• /
• pp.2744-2746
• /
• 2003

ISO/IEC 15408 requires the TOE(Target of Evaluation) Security Environment section of a Protection Profile(PP) or Security Target(ST) to contain a list of assumptions about the TOE security environment or the intended usage of the TOE. This paper presents a specific conditions should be assumed to exist in the smart card environment and the analysis of those conditions developer of smart card PP must consider.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.57-65
• /
• 2003

A protection profile is the required specification document by consumer groups to specify what security purpose they would like to have in their specialized products. A protection profile assumption is the document that specifies consumer environment in the physical, artificial, network perspective and the contents of intended usage which include usage limitation, the value of latent asset, and additional applications for a TOE (Target of Evaluation). In this paper, we compare the assumptions of the NSA IDS PP and the IDS PP for government.

• Proceedings of the KIEE Conference
• /
• 2003.07d
• /
• pp.2747-2749
• /
• 2003

Security is concerned with the protection of assets from threats, where threats are categorised as the potential for abuse of protected assets. All categories of threats should be considered, but in the domain of security greater attention is given to those threats that are related to malicious or other human activities ISO/IEC 15408 requires the TOE(Target of Evaluation) Security Environment section of a Protection Profile(PP) or Security Target(ST) to contain a list of threats about the TOE security environment or the intended usage of the TOE. This paper presents a specific physical threats should be considered in the smart card PP which developers of smart card PP must consider.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.57-67
• /
• 2003

Security Policy Model is a structured representation using informal, semiformal or formal method of security policy to be enforced by TOE. It provides TOE to get an assurance to mitigate security flaws resulted from inconsistency between security functional requirements and functional specifications. Therefore, Security Policy Model has been required under an hish evaluation assurance level on an evaluation criteria such as ISO/IEC 15408(Common Criteria, CC). In this paper, we present an evaluation method for security policy model based on assurance requirements for security policy model in Common Criteria through an analysis of concepts, related researches and assurance requirements for security policy model.

• The Journal of Society for e-Business Studies
• /
• v.8 no.3
• /
• pp.69-86
• /
• 2003

A Protection Profile(PP) is a common security and assurance requirements for a specific class of Information Technology security products such as firewall and smart card. A PP should be included "TOE(Target of Evaluation) Security Environment", which is consisted of subsections: assumptions, treat, organizational security policies. This paper presents a new threats statement generation method for developing TOE security environment section of PP. Our survey guides the statement of threats in CC(Common Criteria) scheme through collected and analysed hundred of threat statements from certified and published real PPs and CC Tool Box/PKB that is included a class of pre-defined threat and attack statements. From the result of the survey, we present a new asset classification method and propose a threats statement generation model. The former is a new asset classification method, and the later is a production rule for a well formed statement of threats.

• Information and Communications Magazine
• /
• v.24 no.11
• /
• pp.51-57
• /
• 2007

본 고에서는 미 국방성(DoD: Department of Defense) 커뮤니티 지원 하에 국가안전보장국 (NSA: National Security Agency)에 의해 작성된 공개키 기반구조 및 키 관리 기반구조 보안토큰 보호프로파일에서의 평가대상(TOE: Target of Evaluation) 분석을 통해 보안토큰에서의 평가대상 (TOE)에 대한 응용과 보안환경에 대하여 분석한다.

• Transactions of the Korean Society of Automotive Engineers
• /
• v.8 no.2
• /
• pp.120-128
• /
• 2000

At the initial design stage of a new vehicle, the chassis layout has the most important influence on the overall vehicle performance. Most chassis designers have achieved the target performances by trial and error method as well as individual knowhow. Accordingly, a general procedure for determining the optimum location of suspension hard points with respect to the kinematic characteristics needs to be developed. In this paper, a method to optimize the toe angle in the double wishbone type front suspension of the four-wheel-drive vehicle is presented using the design of experiment, multibody dynamic simulation, and optimum design program. The handling performances of two full vehicle models having the initial and optimized toe angle are compared through the single lane change simulation. The sensitive design variables with respect to the kinematic characteristics are selected through the experimental design sensitivity analysis using the perturbation method. An object function is defined in terms of the toe angle among those kinematic characteristics. By the design of experiment and regression analysis, the regression model function of toe angle is obtained. The design variables which make the toe angle optimized ae extracted using the optimum design program DOT. The single lane change simulation and test of the full vehicle model are carried out to survey the handling performances of vehicle with toe angle optimized. The results of the single lane change simulation show that the optimized vehicle has the more improved understeer tendency than the initial vehicle.

• The KIPS Transactions:PartD
• /
• v.11D no.4
• /
• pp.917-928
• /
• 2004

Common Criteria as ISO/IEC 15408 is used to assure and evaluate IT system security. As the Prime class of security assurance requirement, CM Configuration Management needs the more principled quality activities and practices for developer must be supported. So in this paper, we propose the well-defined CM method as guideline for TOE developer based on Process model including common criteria and develop the CMPET a quantitative process evaluating tool for CM using checklist. It can support useful process analyzing data to developer, evaluator and user.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.63-69
• /
• 2017

The middleware in the IoT system is software that acts as a messenger to connect and exchange data between humans and objects, objects and objects. IoT middleware exists in various forms in all areas, including hardware, protocol, and communication of different kinds, which are different in form and purpose. However, IoT middleware exists in various forms across different areas, including hardware, protocol, and communication of different types and purposes. Therefore, even if the system is designed differently for each role, it is necessary to strengthen the security in common. In this paper, we analyze the structure of IoT middleware using Service Oriented Architecture(SOA) approach and design system security requirements based on it. It was defined: Target Of Evaluation(TOE) existing system development method and the object is evaluated by Common Criteria(CC) for verification based otherwise. The proposed middleware system will be correlated with the security problem definition and the security purpose, which will be the basis for implementing the security enhanced IoT system.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.328-330
• /
• 2004

현재 CC는 하나의 제품으로 이루어진 단일 TOE(Target of Evaluation)를 기준으로 작성된 것이며, 여러 제품으로 이루어진 시스템에 대해서는 다루고 있지 않다. 또한 국ㆍ내외적으로 정보보호제품 분류체계가 서로 달라 표준화가 이루어져야 한다. 이에 본 논문에서는 CC기반 통합제품의 산출 모델 및 평가업무량 알고리즘을 제시하고, 환경에 따른 표준화된 정보보호제품 분류체계를 제시한다.