通用标准CC的研究与实现

随着计算机技术及Internet的不断发展，如何保证信息系统安全成为一个重要课题．针对这个问题，设计实现了基于信息技术安全性评估准则(通用标准)的系统评估方法和软件．首先在分析通用标准结构的基础上，设计了安全功能和保证要求的体系结构；接着针对保护轮廓和安全目标这两个通用标准的核心文档进行了分析与设计，并指出了文档结构中的内在联系；然后提出了针对标准结构和其内在关联应完成的评估要素；最后给出了评估系统的设计和实现．通过实际保护轮廓和软件产品的安全目标实例分析表明本文所提出的评估方法和系统能够指导信息系统的评估和实践．

Research and Implementation of Common Criteria

With the development of computer technology and Internet, It becomes a very important issue how to assure information system security. To the question, the paper presents a system evaluation method and software based on the Evaluation Criteria for Information Technology Security (Common Criteria). At first, the architecture of security function and assurance requirement is designed with respect to Common Criteria structure; then analysis and design are applied to the core documents of Common Criteria, Protection Profile and Security Target, and cross relationships among them is specified. Moreover, essentials evaluation properties are presented on the basis of criteria structures and cross relationships. Finally a practical evaluation system are proposed and achieved. According to Protection Profiles and Security Targets in actual software product, the experimental results demonstrate that the proposed evaluation method and system can instruct information system evaluation and practice.