Application and Development of Protection Profile using SSE-CMM

• Main Authors: Sheng-Yu Liang, 梁聖瑜
• Other Authors: 范金鳳
• Format: Others
• Language: en_US
• Published: 2006
• Online Access: http://ndltd.ncl.edu.tw/handle/90520749457592116234

碩士 === 元智大學 === 資訊工程學系 === 94 === The Common Criteria (CC) is the newest and strictest security system evaluation criteria. The CC provides consumers, developers, and evaluators a good product and system standard. The Protection Profile (PP) [2-22] in Common Criteria is implementation independent statements of security requirements that are shown to address threats existing in a specified environment. Although CC is a standard to evaluate information security system, it does not provide an objective and systematic development process of PP. The development of a PP based on the CC requires difficult engineering decisions, complex analyses, and detailed knowledge of the intended environment and system usage. In order to overcome the disadvantages, this thesis applies a process reference model–Systems Security Engineering Capability Maturity Model (SSE-CMM) to developing a PP. SSE-CMM focuses on the requirements for implementing security in an IT system or series of related systems. SSE-CMM can be referenced to identify a desired process to assist development a Protection Profile. Using SSE-CMM greatly increases the likelihood of producing a high quality Protection Profile. Besides, we use UML Diagrams to enhance visualization and to facilitate vulnerability analysis and we proposed using HAZOP to assess the found threats. This thesis provides a visual, systematic, and objective development process of PP. This thesis generates a Personnel Access Control System PP by the method we proposed and proposes visual and formal methods to evaluate systems or products with our PP. Besides, we evaluate our PP in order to prove that our method is efficacious and systematic.