Development of Supporting Environment for IT System Security Evaluation Based on ISO/IEC 15408 and ISO/IEC 18045

ISO/IEC 15408 and ISO/IEC 18045 are a pair of international competitive standards for security evaluation and certification of IT systems. Evaluation based on ISO/IEC 15408 and ISO/IEC 18045 is a very complex process that involves tens of documents and tasks. Performing the tasks in evaluation process by human costs a lot of time and it is also difficult to ensure impartial and no subjective mistakes. These issues not only result in consuming a lot of time, but also affect the fairness, correctness and accuracy of evaluation results. A supporting environment was proposed to provide necessary software tools to supports all tasks in the evaluation process automatically to ensure the quality of evaluation resultsat the same time reduce the complexity of all evaluator and certifiers' work. To provide full facilities of the supporting environment, we must clarify every task in the evaluation process and provide appropriate methods for developing supporting tools. This paper deeply analyzes all of the software supportable tasks in the evaluation process and clarifies all detail targets for each task. And then we also provide corresponding methods to support these tasks. This paper also shows a set of developed supporting tools that can perform the evaluation tasks in an organized way.