| This dissertation concentrates on the Common Criteria evaluation of smart cards, especially on their security maintenance.The relationship of CC (Common Criteria) and CEM(Common Evaluation Methodology) is resulted from summarizing their contents and structures .Responsibilities and relationships of the roles in the general model of evaluation are analyzed and the reason why we select CC to evaluate smart cards is explained.Security maintenance of smart cards is discussed based on two aspects. One is about the security during the end-usage of cards. It is concluded that COS is the key point of smart cards' security from the research on the chip technology, COS (chip operation system) and rationale. The other is about CC evaluation. The emphasis is put on the assurance maintenance class and families defined in the third part of CC.Refered to formal verification for VLSI, a new method to formally describe and verify assurance maintenance is brought forward. A formal model of assurance maintenance is constituted using Kripke structure, which states whether assurance has been maintained or not. A quantitative model of reliability is also constructed, which uses a new flexible mode to measure reliability. A concept - security sign - is defined to replace Evaluation Assurance Level.Some problems lying in current CC evaluation progress are showed and corresponding measures are discussed. A simple smart card system model is described, considering that we must take into account the security of the smart card system during the process of evaluation. |
PDF Full Text Request