共同準則(Common Criteria)為目前世界上最新與最嚴謹的安全系統評估準則。它提供了消費者、開發人員、評估人員一個良好的產品與系統標準。保護剖繪(Protection Profile)則是在共同準則之中,著重於描述與特定環境內所存在之威脅的一個安全需求的描述。然而,共同準則雖是一個評估資訊安全系統的標準,卻未對保護剖繪的建構提供一個有效的產生方法。以共同準則為基準來建構一個保護剖繪需來講,需要對目標系統的環境與使用具有相當的了解,且建構保護剖繪需要經過一連串相當困難的工程決策與複雜的分析。為了要解決這些缺點及問題,本論文提出了一個應用流程參考模組-系統安全工程能力成熟度模組(SSE-CMM)來協助建構保護剖繪的方法。SSE-CMM著重於建構一個IT系統或相關系統的需求之上,可在建構保護剖繪的過程中參考,可大大的增加建構一個高品質保護剖繪的可能性。除此之外,利用UML Diagrams 來協助進行安全環境中潛在威脅的尋找,可增加分析過程的視覺化,並利用HAZOPs表達式,以系統化的方式將找出的威脅進一部表達與分析。本論文可有效提供一個是視覺化、系統化、與客觀的保護剖繪的建構流程。 本論文以提出的方法產生了一個針對門禁系統的保護剖繪,並提出了對於保護剖繪與系統或產品間視覺化與正規化的評估方式。此外,也進行了對於產生出的保繪剖繪的分析,以證明本論文提出的方法為一可行有效並系統化的方法。
The Common Criteria (CC) is the newest and strictest security system evaluation criteria. The CC provides consumers, developers, and evaluators a good product and system standard. The Protection Profile (PP) [2-22] in Common Criteria is implementation independent statements of security requirements that are shown to address threats existing in a specified environment. Although CC is a standard to evaluate information security system, it does not provide an objective and systematic development process of PP. The development of a PP based on the CC requires difficult engineering decisions, complex analyses, and detailed knowledge of the intended environment and system usage. In order to overcome the disadvantages, this thesis applies a process reference model–Systems Security Engineering Capability Maturity Model (SSE-CMM) to developing a PP. SSE-CMM focuses on the requirements for implementing security in an IT system or series of related systems. SSE-CMM can be referenced to identify a desired process to assist development a Protection Profile. Using SSE-CMM greatly increases the likelihood of producing a high quality Protection Profile. Besides, we use UML Diagrams to enhance visualization and to facilitate vulnerability analysis and we proposed using HAZOP to assess the found threats. This thesis provides a visual, systematic, and objective development process of PP. This thesis generates a Personnel Access Control System PP by the method we proposed and proposes visual and formal methods to evaluate systems or products with our PP. Besides, we evaluate our PP in order to prove that our method is efficacious and systematic.