Supporting Verification and Validation of Security Targets with ISO/IEC 15408

ISO/IEC 15408 is an international standard for security evaluation of information systems, and can be applied throughout the software life cycle to improve security of information systems. A Security Target, which contains specifications of security functions of the target system, is the most important document in development of the system according to ISO/IEC 15408. Verification and Validation of Security Targets must be strictly performed before development of the system. This paper analyzed and clarified 168 targets that Security Targets must satisfy based on ISO/IEC 18045, and the procedures of examining those targets are also provided. Then the paper proposes comprehensive methods to support verification and validation of Security Targets. With these methods, we can implement comprehensive supporting tools for verification and validation of Security Targets.