Semi-formal method for security policies and design specifications

被引：0

作者：

Deng H. ^{[1
]}

Shi H. ^{[1
]}

Zhang B. ^{[1
]}

Yang Y. ^{[1
]}

Liu H. ^{[1
]}

机构：

[1] China Information Technology Security Evaluation Center, Beijing

来源：

| 2017年 / Tsinghua University卷 / 57期

关键词：

Design specification; Security policy; Semi-formal;

D O I：

10.16511/j.cnki.qhdxxb.2017.25.024

中图分类号：

学科分类号：

摘要：

Inadequacies in IT products can result from misunderstandings of the security requirements. Semi-formal methods can accurately describe the security requirements and implement reasonable requirements that avoid causing security flaws. Thus, semi-formal descriptions and verification methods are used in this study for security policies and design specifications represented by collections of the security requirements and module designs of security functionality interfaces. The system uses a loosely coupled partitioning method for the subsystem and module. Semi-formal methods are given to describe the security policy and design specification derived from existing semi-formal tools. The approach is applied to an IC card chip product to show that its security policies are adequate and the security design provides reasonable security. This approach can be used to evaluate all kinds of IT products. © 2017, Tsinghua University Press. All right reserved.

引用

页码：695 / 701

页数：6

共 9 条

[1] Banon M., Security evaluation, testing and specification, SC27 Security Techniques of 25 Years of Information Security Standardization (1990-2015), pp. 124-130, (2015)
[2] Information Technology-Security Techniques-Evaluation Criteria for IT Security, (2009)
[3] Information Technology-Security Techniques-Evaluation Criteria for IT Security, (2016)
[4] Guideline for the development and evaluation of formal security policy models in the scope of ITSEC and Common Criteria, version 2.0 [Z/OL]
[5] Narasamdya I., Perin M., Certification of smart-card applications in Common Criteria: Proving representation correspondences, (2008)
[6] Schellhorn G., Reif W., Schairer A., Et al., Verification of a formal security model for multiapplicative smart cards, Lecture Notes in Computer Science, 1, 1, pp. 17-36, (2000)
[7] Information Security Techniques-Security Technical Requirements for IC Card Chip with CPU, (2016)
[8] ASN.1. Abstract Syntax Notation One, (2001)
[9] Schmuller J., Sams Teach Yourself UML in 24 Hours, (2002)

← 1 →