èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽCCæ ‡å‡†çš„ç‰çº§é©±åŠ¨å®‰å…¨éœ€æ±‚åˆ†æžæ–¹æ³•

Level Driven Security Requirement Analysis Method Based on CC Standard

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ åˆ˜ä¸°ç…¦ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ å¤©æ´¥å¤§å¦ ï¼Œ è®¡ç®—æœºç§‘å¦ä¸ŽæŠ€æœ¯ï¼Œ 2012ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ éšç€äº’è”ç½‘çš„è¿…é€Ÿå‘å±•å’Œè®¡ç®—æœºåº”ç”¨æ™®åŠ,äººä»¬å¯¹ITäº§å“çš„å¯ä¿¡éœ€æ±‚è¶Šæ¥è¶Šé«˜,å…¶ä¸è½¯ä»¶å®‰å…¨æ€§æ˜¾å¾—å°¤ä¸ºé‡è¦ã€‚ç„¶è€Œå¯¹äºŽè½¯ä»¶å®‰å…¨çš„ç ”ç©¶å¤šæ•°é›†ä¸åœ¨è½¯ä»¶çš„å®žçŽ°è¿‡ç¨‹ä¸,è‡´ä½¿è½¯ä»¶éœ€æ±‚é˜¶æ®µçš„å®‰å…¨é—®é¢˜é•¿æœŸå¤„äºŽä¸è¢«é‡è§†çš„åœ°ä½ã€‚æ®ç»Ÿè®¡æ•°æ®æ˜¾ç¤º,ç›¸å½“æ¯”ä¾‹çš„è½¯ä»¶å®‰å…¨é—®é¢˜å‡ºçŽ°åœ¨è½¯ä»¶éœ€æ±‚é˜¶æ®µã€‚è€Œä¸”åœ¨è½¯ä»¶å¼€å‘é¢†åŸŸä¸è¶Šæ—©è§£å†³å®‰å…¨é—®é¢˜æ‰€èŠ±è´¹çš„ä»£ä»·ä¹Ÿå°†è¶Šå°ã€‚CCæ ‡å‡†ä¸ºè§£å†³è½¯ä»¶å®‰å…¨éœ€æ±‚é˜¶æ®µçš„é—®é¢˜æä¾›äº†æŒ‡å¯¼å’Œå¸®åŠ©,åŸºäºŽCCæ ‡å‡†åˆ†æžå®‰å…¨éœ€æ±‚ä¹Ÿé€æ¸æˆä¸ºç ”ç©¶çš„å…±è¯†,ä½†æ˜¯æ ‡å‡†æå‡ºçš„å®‰å…¨éœ€æ±‚åˆ†æžæ–¹æ³•å˜åœ¨ç€å¯¹ä¸“å®¶çŸ¥è¯†ä¾èµ–ç¨‹åº¦è¿‡é«˜çš„é—®é¢˜ã€‚æ®æ¤æœ¬æ–‡æå‡ºäº†å®‰å…¨éœ€æ±‚ç‰çº§é©±åŠ¨çš„CCæ ‡å‡†å®‰å…¨åŠŸèƒ½ç»„ä»¶é€‰å–æ–¹æ³•,å¼•å…¥äº†å®‰å…¨éœ€æ±‚ç‰çº§çš„æ¦‚å¿µ,æä¾›äº†ç‰çº§çš„åˆ’åˆ†æ–¹æ³•å’Œç›é€‰å®‰å…¨åŠŸèƒ½ç»„ä»¶çš„æœºåˆ¶,å»ºç«‹èµ·ä¸€å¥—å®Œæ•´çš„å®‰å…¨éœ€æ±‚åˆ†æžçš„å·¥ç¨‹æ–¹æ³•,èƒ½å¤Ÿä¸ºä¸åŒå®‰å…¨éœ€è¦çš„ç³»ç»Ÿæä¾›ä¸åŒç¨‹åº¦çš„æŽ¨èç»„ä»¶,æœ€ç»ˆè¾¾åˆ°é™ä½ŽCCæ ‡å‡†ä½¿ç”¨é—¨æ§›å’Œå®žçŽ°å®‰å…¨è¿‡ç¨‹éƒ¨åˆ†è‡ªåŠ¨åŒ–çš„ç›®æ ‡ã€‚æ–‡ç« è¿˜ç»“åˆå®žé™…æ¡ˆä¾‹å¯¹ç‰çº§é©±åŠ¨çš„å®‰å…¨éœ€æ±‚åˆ†æžæ–¹æ³•ä¸çš„æ¯ä¸ªæ´»åŠ¨éƒ½è¿›è¡Œäº†è¯¦ç»†é˜è¿°,é€šè¿‡ä¸Žå®žé™…çš„å®‰å…¨éœ€æ±‚åˆ†æžçš„ç»“æžœè¿›è¡Œæ¯”ç…§,éªŒè¯äº†ç‰çº§é©±åŠ¨æ–¹æ³•çš„æœ‰æ•ˆæ€§ã€‚è¯¾é¢˜æå»ºäº†ç‰çº§é©±åŠ¨çš„å®‰å…¨éœ€æ±‚åˆ†æžçš„åŸºç¡€æž¶æž„,ä¸ºå®žçŽ°åŸºäºŽå›½é™…æ ‡å‡†çš„è½¯ä»¶å®‰å…¨éœ€æ±‚åˆ†æžæä¾›äº†æœ‰åŠ›çš„æ”¯æŒã€‚åŒæ—¶ä¹Ÿä¸ºå°†æ¥çš„å·¥ä½œæä¾›äº†ç ”ç©¶åŸºç¡€ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ With the rapid development of the Internet and the popularization of computer applications, the software security is more and more important. However,most software security research is concentrated in the coding process of software. The safety problems in the software requirement stage are neglected for long time. Recently the statistical data has shown that a considerable proportion of the security problems are caused in software requirement phase. It is popular agreed that in the field of software development the earlier problem solved the less cost will be spent.Common Criteria can provide guidance and help to solve the problems in software security requirements phase. However, the security requirement analysis method provided by the Common Criteria is highly dependent on expert knowledge. This paper proposes a level driven security requirement analysis method based on Common Criteria standard to fulfill the different security needs for different systems. This paper introduces the security requirement levels and the mechanism of dividing levels. Then this paper describes the whole process to analysis the security requirement in details. Our analysis method can ease the analysis process and lower the threshold of using Common Criteria. To validate this method, we build a tool which implements the method. At last, compare with an actual security requirement analysis we prove the correctness of our method and analysis the existing problems.The paper introduces theory of the level driven requirements analysis method based on CC standard and its engineering system which support the international standards of the software security requirement. At the same time, but also it provide a theoretical basis for the future work.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ å®‰å…¨éœ€æ±‚ç‰çº§ï¼› CCæ ‡å‡†(ISO/IEC 15408)ï¼› å®‰å…¨éœ€æ±‚åˆ†æžï¼› å®‰å…¨åŠŸèƒ½ç»„ä»¶ï¼›
ã€Key wordsã€‘ Security Requirement Levelï¼› Security Requirement Analysisï¼› Common Criteria (ISO/IEC 15408)ï¼› Functional Componentsï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ å¤©æ´¥å¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘1
ã€ä¸‹è½½é¢‘æ¬¡ã€‘81
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽCCæ ‡å‡†çš„ç­‰çº§é©±åŠ¨å®‰å…¨éœ€æ±‚åˆ†æžæ–¹æ³•

Level Driven Security Requirement Analysis Method Based on CC Standard

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

åŸºäºŽCCæ ‡å‡†çš„ç‰çº§é©±åŠ¨å®‰å…¨éœ€æ±‚åˆ†æžæ–¹æ³•