Development Of CC Toolbox System

With the rapid development of global economy, information technology (IT) has been one of the most applicable and most widely used fields. The issue of developing reliable products has been brought to the forefront. In order to suit the need for mutual recognition of standardized security evaluation results in a global IT market, International Organisation for Standardisation (ISO) has been initiating developing international standard evaluation criteria for general use since 1990. The criteria was called Information technology------Security techniques-----Evaluation criteria for IT Security, commonly abbreviated to Common Criteria (also named after CC), and ISO issued CC as an international standard (ISO/IEC 15408) in 1999.This multipart standard ISO/IEC 15408 defined the criteria used as the basis for evaluation of security properties of IT products and systems. By establishing such a common criteria base, the results of an IT security evaluation should be pretty meaningful to wider audience. Since it covers a wide range of fields, it is tough for users to understand. We have developed CC Toolbox System in order to resolve the tough conundrum. And I was responsible for accomplishing the CC Toolbox. The things I have done include following aspects: the design of module in the CC Toolbox, the functional requirement and overall design of CC Toolbox, the development of user interface on CC Toolbox, study and development of PP report and ST report, and development of Evaluation Assurance Level (EAL).Development of CC Toolbox Sytem can speed the procedure of implementation about ST report and PP report, which shortened the development cycle and suited the aim that CC Toolbox System can automatically generate PP report and ST report to be achieved. Moreover, It reduces the complexity of generating PP report and ST report. And users can explicitly depict the functional requirement of information security products with the aid of CC Toolbox. What's more, it will accelerate the development of information security industry and it also will stimulate information security products to charge toward international market.Of course, there are some incomplete things in the sytem due to the complexity of CC and my limited energy. Some difficulties may exist to common users (though some trouble fell to some extent). And the measures of administration were scarcely addressed, which may cause asssets to be lost. Therefore, improving the performance of CC Toolbox, we should pay more attention to the intelligentisaton and simplification of CC Toolbox and the administration of it. If doing so, we can avoid the unnecessary loss resulting from carelessness.