• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.171-182
• /
• 2014

Common Criteria is a scheme that minimize IT products's vulnerabilities in accordance with the evaluation assurance level. SSDLC(Secure Software Development Lifecycle) is a methodology that reduce the weakness that can be used to generate vulnerabilities of software development life cycle. However, Common Criteria does not consider certificated IT products's vulnerabilities after certificated it. So, it can make a problem the safety and reliability of IT products. In addition, the developer and the evaluator have the burden of duplicating evaluations of IT products that introduce into the government business due to satisfy both Common Criteria and SSDLC. Thus, we researched the relationship among the Common Criteria, the static code analysis tools, and the SSDLC. And then, we proposed how to combine SSDLC into Common Criteria.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.57-67
• /
• 2003

Security Policy Model is a structured representation using informal, semiformal or formal method of security policy to be enforced by TOE. It provides TOE to get an assurance to mitigate security flaws resulted from inconsistency between security functional requirements and functional specifications. Therefore, Security Policy Model has been required under an hish evaluation assurance level on an evaluation criteria such as ISO/IEC 15408(Common Criteria, CC). In this paper, we present an evaluation method for security policy model based on assurance requirements for security policy model in Common Criteria through an analysis of concepts, related researches and assurance requirements for security policy model.

• Annual Conference of KIPS
• /
• 2015.10a
• /
• pp.832-834
• /
• 2015

최근 CCRA(Common Criteria Recognition Arrangement) 협정서 개정에 따라 공통평가기준인 CC(Common Criteria) 평가제도에 변화가 생기고 있다. 현재의 CC 평가제도가 가지는 한계를 보완하고자 PP(protection profile)를 대신하는 cPP(collaborative protection profile)가 개발되었는데, 기존의 폐쇄적으로 운영되던 PP 개발 프로세스와 달리 cPP 개발에는 CCRA 회원국의 여러 기관 및 기업이 적극적으로 개발에 참여할 수 있다. 따라서 현재 세계 각국에서 cPP 개발에 관한 논의가 활발히 진행되고 있으며 세분화된 연구도 요구되고 있다. 본 논문에서는 기존의 CC 평가제도가 가지는 한계를 살펴보고 이러한 한계를 극복하기 위한 cPP의 등장 및 개정되는 새로운 CC 평가제도의 운영을 분석한다.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.10 no.1
• /
• pp.55-69
• /
• 2007

The paper provides the approach to apply formal methods to the development and certification criteria of defense safety/security-critical software. RTCA/DO-178B is recognized as a do facto international standard for airworthiness certification but lack of concrete activities and vagueness of verification/certification criteria have been criticized. In the case of MoD Def Stan 00-55, the guidelines based on formal methods are concrete enough and structured for the defense safety-related software. Also Common Criteria Evaluation Assurance Level includes the strict requirements of formal methods for the certification of high-level security software. By analyzing the problems of DO-178B and comparing it with MoD Def Stan 00-55 and Common Criteria, we identity the important issues In safety and security space. And considering the identified issues, we carry out merging of DO-178B and CC EAL7 on the basis of formal methods. Also the actual case studies for formal methods applications are shown with respect to the verification and reuse of software components.

• Journal of Radiation Protection and Research
• /
• v.49 no.3
• /
• pp.121-140
• /
• 2024

Background: Practices involving radionuclides at levels below the International Atomic Energy Agency (IAEA) generic exemptions are exempt from regulation without further consideration. Practices involving radionuclides at levels above those generic exemptions may also be exempt from regulation if they meet certain conditions. These are known as specific exemptions, and each country has established its own specific exemption criteria based on the conditions set out in the IAEA General Safety Requirements (GSR) Part 3. Those conditions relate to the physical or chemical form of the radioactive material as well as to its use or the means of its disposal. Materials and Methods: The specific exemption criteria of eight countries (i.e., the United States of America [US], Japan, France, China, Australia, Canada, the United Kingdom of Great Britain and Northern Ireland [UK], and Germany) were analyzed. Their similarities and differences as compared with the specific exemption criteria of the Republic of Korea (ROK) were analyzed, and suggestions for revision of the Korean regulations were formulated. Results and Discussion: Each country's specific exemption criteria are defined based mostly on the IAEA criteria but tailored to its domestic circumstances. The nine countries with their specific exemption criteria can be broadly categorized into three groups: nuclide-specific exemptions for specific products (the ROK and the US), common criteria for all nuclides without specification of particular products (Japan, France, and China), and both specific and common criteria (Australia, Canada, the UK, and Germany). Conclusion: The specific exemption criteria of the different countries examined in this study could be helpful in reviewing the ROK's specific exemption criteria. Development of common criteria alongside specific criteria for products requiring special attention may be a good way to determine whether new consumer products containing radioisotopes should be regulated.

• The Journal of Society for e-Business Studies
• /
• v.10 no.3
• /
• pp.67-83
• /
• 2005

Common Criteria(CC) was announced in June, 1999 in order to solve a problem which be happened by applying a different evaluation criteria among nations. Currently, a official version is v2.2 and v3.0 is a draft version. Because an evaluation demand is increased in the inside and outside of the country, an evaluation market growth is expected. Also, It needs methodology and work automation and project management for evaluation. In this paper, we propose A CC based Security Evaluation Management System(CC-SEMS) that is managing evaluation resources(deliverables , evaluation criteria, evaluators) and is useful in evaluation environment efficiently. CC-SEMS is to have integrated project management, workflow management, process management and is composed of deliverables, Evaluation Activity Program(EAP), Management Object(MO), Evaluation Database(EDB), Evaluation Workflow Engine(EWE).

• 한국IT서비스학회:학술대회논문집
• /
• 2003.11a
• /
• pp.467-478
• /
• 2003

국제공통평가기준(Common Criteria)2.1을 기반으로 한 국제공통평가인정협정(Common Criteria Recognition Arrangement)은 21세기 정보보호 산업 전반에 수출입 장벽 및 국제적 표준으로 자리매김 할 것이다. 이미 국제공통평가상호인정협정(CC-MRA)에서부터 적극적으로 기술을 축적하고 세계적 표준을 선도한 미국, 캐나다, 영국, 독일, 프랑스 등의 주요 선진국들은 국제공통평가인정협정 인증서발행국(CCRA-CAP)으로서의 우월적 지위를 확보한 상태이다. 이에 본 연구는 CCRA-CAP국가들에 대한 스킴(Skim) 분석을 통하여 우리나라 의 스킴 개발이 국제적인 선도국과 비교하여 어떤 차이를 보이는지와 우리나라의 문제점을 도출해보고자 한다. 이를 통하여 향후, CCRA-CAP국가로 세계적 평가, 인증체계의 선도국이 되기 위한 준비과정에서 얻을 수 있는 통찰력과 시사점을 제공하고자 한다. 본 연구에서는 여러 스킴 중 정보보호시스템 평가, 인증 제도 관련 기관 책임 및 임무에 관한 1번 스킴을 주요 논의의 대상으로 하여 분석 연구한다.

• Convergence Security Journal
• /
• v.8 no.2
• /
• pp.7-13
• /
• 2008

In domestic and international, evaluation of product with Common Criteria(CC) for security product estimation is expanding standard of product estimation. This expansion is due to multi aspects of product versions. However, it is very difficult to approach the most suitable form of security estimation guide in the developer's perspective, because estimation basis presented to developers is indefinite. With this pending dilemma, we are presenting a composition product introduce definite security standard for information security products.

• The Journal of Internal Korean Medicine
• /
• v.37 no.1
• /
• pp.109-134
• /
• 2016

Objectives: The aim of this study was to help develop a guideline for the common cold. We searched recent clinical studies of the common cold in Western medicine and reviewed their objectives, inclusion and exclusion criteria, primary outcome, secondary outcome, and assessment tools to establish evidenced-based guideline.Methods: We searched electronic databases (Cochrane Library, MEDLINE, EMBASE) to identify eligible randomized controlled trials (RCTs) about the common cold for the last 10 years. We included 29 RCTs and showed their research summary via their objectives, participants, interventions, control, treatment duration, and results. We also analyzed the definition of the common cold presented in the article, inclusion and exclusion criteria, primary and secondary outcomes, and assessment tools.Results: We reported the aforementioned areas in detail. At first, the definition of the common cold was confused across the articles. Second, herbal medication clinical trials for the common cold have been extensively studied recently. Third, the eligibility criteria frequently included the Jackson Symptom score. Fourth, validated assessment tools (i.e., the Wisconsin Upper Respiratory Symptom Survey-21) have only been used in a few recent studies.Conclusions: Our research will be helpful to establish Korean herbal medicine clinical trial guidelines for the common cold.

• Journal of Digital Contents Society
• /
• v.5 no.2
• /
• pp.95-100
• /
• 2004

For improve level of information security, the necessity of evaluation and certification of Information Security System(ISS) in increasing. Evalustion and Certification Institute have evaluated ISS for risk prevention of information dysfunction in an advanced countries. But, the problem of the time and cost occurred when it is caused by with application of unlike evaluation criteria each other. The result of effort to solution, Common Criteria(CC) and Common Evaluation Methodology(CEM) is using for evaluation of ISS and mutual recognition. Evaluation participant is needed flexible and active interpretation of CC and CEM for an efficient evaluation preparation and performance.