Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation)

A technology of security functions and functional components, applied in computer security devices, electronic digital data processing, instruments, etc., can solve problems such as difficulty in use by ordinary users, subjective bias, etc., and achieve the goal of reducing dependence, reducing possibilities, and improving security Effect

Inactive Publication Date: 2012-11-28
TIANJIN UNIV
View PDF3 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, there are such problems in the current process of using CC to analyze software security requirements: the whole process requires the participation of security experts. In the process of selecting security functions, it largely depends on the experience of experts. The degree of accuracy will affect the analysis of requirements, which makes it difficult for ordinary users to use, and the quality of component selection is determined by the level of experts, with a certain subjective bias

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation)
  • Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation)
  • Software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation)

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment

[0043] 1. The abstraction of threat knowledge

[0044] Referring to the threat knowledge in the evaluation documents in various fields under the CC standard system (including the protection profile document PP and the security target document ST), 22 threats are preliminarily abstracted according to the preconditions of the threat, the field of occurrence, and the severity of the consequences category. See Schedule 1.

[0045] Table 1 Abstract summary of threat information

[0046]

[0047]

[0048]

[0049] 2. Establish correspondence between threats and security function components

[0050] The total number of security function components is 251, so the correspondence between threats and security function components is one-to-many. As shown in Table 2 below, it shows the corresponding relationship between the level and the 11 safety function categories. According to the possible threats of this level, the corresponding security function components can be selecte...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software safety function component management method based on CC (the Common Criteria for Information Technology Security Evaluation), which is used for implementing recommendation and adjustment of a safety function component based on the CC at the demand analysis stage of software engineering. The method comprises the following steps of: performing abstract analysis and induction on description of threatening information in estimation documents in various fields based on a CC system, thus establishing a threat knowledge base; recommending a corresponding safety function component set for each threat knowledge in the threat knowledge base, and establishing a corresponding relationship between each threat knowledge and safety function components based on standard semantics; and establishing a safety function component cost evaluation table according to each safety function component type, and adjusting the components according to the content of the table. Compared with the prior art, the software safety function component management method points out the safety function component recommending and adjusting method based on the CC at the software requirement analysis stage, so that the software safety problem is considered at the initial stage of the development of a software system, the possibility of a security hole is reduced, and the software safety is improved.

Description

technical field [0001] The invention relates to the technical field of software safety; in particular, it relates to a method for recommending and adjusting safety function components based on CC standards in the trusted computing field. Background technique [0002] With the rapid development of the Internet and the popularization of computer applications, people's demand for trustworthiness of IT products is getting higher and higher. At the same time, software security issues are becoming increasingly prominent and complicated. How to ensure the security of application software has become the focus of people's general attention. In the past, most of the research on software security focused on the process of software implementation, most of which were to repair the loopholes in the system or application software. However, software security issues have not been well resolved. According to statistics, a considerable proportion of software security issues appear in the softw...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00
Inventor 李晓红韩卓兵胡静许光全杜志杰朱明悦
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap