| With the rapid development of computer applications, software security issueshave become increasingly important. It also makes software security issues becomethe focus of various industries, by malware attacks continuously emerge and qualityof software product is not satisfactory. The implementation of effective softwaresecurity assessment to examine the performance of the software system security hasalso become urgent needs of the industry.Common Criteria can provide guidance and help for the assessment ofworldwide information security products, it has become a common scale ofinternational software security assessment. However, requirement for expertise in CCsoftware security assessment methodology is too high, which makes the general usersuse it very difficult. CC Toolbox system makes some contribution to solve thisproblem, but it needs improvement on comprehensiveness, automation andconvenience. This paper complements PP and ST assessment documents andimproves CC Toolbox system. It rebuilds system architecture, adds three functionalmodules, and builds mapping between these modules. Subsequently, it proposes ascreening method of security functional components based on fuzzy and implementsthis method. The paper also the improved CC assessment tools based on web, andgenerates ST and PP reports automatically.The paper improves CC Toolbox and implements assessment tools. It reduces thedifficulty of software security assessment, complements content of software securityassessment, and expands use range of the CC, which gives strong support for theinternationalization of Common Criteria. |
PDF Full Text Request