| Information security is critical to the security and profits of China. So our country especially cares for the security of information products and systems. This leads to the need of the evaluation and certification on information security which is based on information security standards.So the evaluation and certification on information security is a fundmental research area. Since US DoD developed TCSEC in 1985, the security community in the world has made great progress and at last developed CC (Common Criteria) which latter was publicized as International standard.On the basis of complete investigation on these development this article conducts such research as follow items:Designed the security requirment of swich, e-mail system, and web system, then developed the specific evaluation method of these requirement.Analyzed the core of CC: Protection Profiel and Security Target and showed their difference. And analyzed the relationship between CC and information security engineering. Showd that SSE-CMM can be used to develop Protection Profiles and described the way.The article alse studied the process and status of evaluation, certification , and the standard development in China. Then put forward some ideas on how to construct the evaluation and certification scheme in our country.Then I also researched the difference between system evaluation and product evaluation and desighed a framework to conduct system evaluation.Finally, the article discussed the definition of concepts which aroused many discussions.
|
PDF Full Text Request