Evaluation model for computer security software products based on ISO/IEC 15408 Common Criteria

被引：0

作者：

Alejandro Chamorro, Jose ^{[1
]}

Pino, Francisco ^{[2
]}

机构：

[1] Password Consulting Serv, Informac, Serv Eth Hacking Anal Riesgos & Anal Forense Info, Cali, Colombia

[2] Univ Cauca, Grp I&D Ingn Software, Serv Telemat & Ingn Elect & Telecomunicac, Popayan, Cauca, Colombia

来源：

SISTEMAS & TELEMATICA | 2011年 / 9卷 / 19期

关键词：

Assessment model; Common; Criteria; performance; levels; TOE; ST;

D O I：

10.18046/syt.v9i19.1095

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This article presents a model that enables software developers to evaluate their products under the ISO / IEC 15408 Common Criteria, starting with a risk analysis to several companies in Colombia, selected by the obligations to comply in the level of security law information, with an unfavorable outcome that demonstrate the need to implement the standard. From these results we developed a model, which achieves software conceptualized in a TOE (Target of evaluation) which corresponds to an ICT (Information and Communications), and evaluated according to a ST (Secure Target) Common Criteria portal officer, under the functions and required levels in order to identify shortcomings in compliance and safety recommendations for improvement.

引用

页码：69 / 92

页数：24

共 50 条

[1] Development of Supporting Environment for IT System Security Evaluation Based on ISO/IEC 15408 and ISO/IEC 18045
Bao, Da
Sun, Wen
Goto, Yuichi
Cheng, Jingde
[J]. 2018 IEEE SMARTWORLD, UBIQUITOUS INTELLIGENCE & COMPUTING, ADVANCED & TRUSTED COMPUTING, SCALABLE COMPUTING & COMMUNICATIONS, CLOUD & BIG DATA COMPUTING, INTERNET OF PEOPLE AND SMART CITY INNOVATION (SMARTWORLD/SCALCOM/UIC/ATC/CBDCOM/IOP/SCI), 2018, : 204 - 209
[2] A Supporting Tool for IT System Security Specification Evaluation Based on ISO/IEC 15408 and ISO/IEC 18045
Bao, Da
Goto, Yuichi
Cheng, Jingde
[J]. TRENDS AND APPLICATIONS IN KNOWLEDGE DISCOVERY AND DATA MINING: PAKDD 2019 WORKSHOPS, 2019, 11607 : 3 - 14
[3] Advanced Security Assurance Case Based on ISO/IEC 15408
Potii, Oleksandr
Illiashenko, Oleg
Komin, Dmitry
[J]. THEORY AND ENGINEERING OF COMPLEX SYSTEMS AND DEPENDABILITY, 2015, 365 : 391 - 401
[4] A security requirement management database based on ISO/IEC 15408
Morimoto, S
Horie, D
Cheng, JD
[J]. COMPUTATIONAL SCIENCE AND ITS APPLICATIONS - ICCSA 2006, PT 3, 2006, 3982 : 1 - 10
[5] Challenges and Opportunities in the Information Systems Security Evaluation and Position of ISO/IEC 15408
Vali, Nasser
Modiri, Nasser
[J]. SOFTWARE ENGINEERING AND COMPUTER SYSTEMS, PT 2, 2011, 180 : 321 - +
[6] GEST: A Generator of ISO/IEC 15408 Security Target Templates
Horie, Daisuke
Yajima, Kenichi
Azimah, Noor
Goto, Yuichi
Cheng, Jingde
[J]. COMPUTER AND INFORMATION SCIENCE 2009, 2009, 208 : 149 - 158
[7] An Analysis of Software Supportable Tasks Related with ISO/IEC 15408
Zhang, Ning
Suhaimi, Ahmad Iqbal Hakim
Goto, Yuichi
Cheng, Jingde
[J]. 2013 9TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY (CIS), 2013, : 601 - 606
[8] Supporting Verification and Validation of Security Targets with ISO/IEC 15408
Bao, Da
Miura, Junichi
Zhang, Ning
Goto, Yuichi
Cheng, Jingde
[J]. PROCEEDINGS 2013 INTERNATIONAL CONFERENCE ON MECHATRONIC SCIENCES, ELECTRIC ENGINEERING AND COMPUTER (MEC), 2013, : 2621 - 2628
[9] Evaluating the security levels of the Web-Portals based on the standard ISO/IEC 15408
Hoang Dang Hai
Pham Thieu Nga
[J]. PROCEEDINGS OF THE NINTH INTERNATIONAL SYMPOSIUM ON INFORMATION AND COMMUNICATION TECHNOLOGY (SOICT 2018), 2018, : 463 - 469
[10] Analysis the priority of security requirement items for the process improvement by ISO/IEC 15504 and ISO/IEC 15408
Lee, Eun-Ser
Kim, Haeng-Kon
Hwang, Sun-Myoung
[J]. SERA 2007: 5TH ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING RESEARCH, MANAGEMENT, AND APPLICATIONS, PROCEEDINGS, 2007, : 25 - +

← 1 2 3 4 5 →