- 學位論文
資訊安全共同準則之圖形化電腦輔助審查工具
A Graph Computer-aided Review Tool for Common Criteria
摘要
資訊技術安全共同準則(Common Criteria,CC, ISO/IEC 15408)為世界各國進行資通安全產品評估及驗證時所遵循之共同標準,因為其內容非常龐大,因此CC的電腦輔助審查工具越顯重要。一般的電腦輔助審查工具能將送審文件內容加以萃取,可以減少審查事務性的工作。本實驗室之前發展一套CC 審查工具。 本研究延伸此套工具提供了自動化審查功能及圖形化介面。本研究首先提出審查證據的類型分類,並實作了CEM(Common Evaluation Methodology:CC審查指引)的審查規則。證據類型可分為形式證據及語意證據。後者有部分可用程式以規則(rules)來自動判斷。本研究延伸的自動化審查功能可減少專家評估的工作量,本研究延伸的圖形化介面能有系統的提供透明審查過程;此工具可提升審查的效率,進而確保資訊系統的資訊安全。
並列摘要
The common criteria (CC, ISO/IEC 15408) is a common standard which is followed by all over the world to assess and validate information and communication security products. A computer-aided review tool for CC is getting more and more important due to CC’s complex contents. In general, a computer-aided review tool can extract relevant information from submitted documents so as to reduce the clerical work for the reviewer. Our laboratory has constructed a CC review tool .This thesis extends this tool to provide the automatic review function and graphical interface. We first proposed the types of review evidence, and then, implemented review guidelines specified in the CEM(Common Evaluation Methodology : CC review guidance). The proposed evidence types are syntactic type and semantic type. Part of the latter CEM requirements can be implemented by using rules in the program to perform review judgment. The automatic review function provided by our tool can reduce the workload of expert assessment; the graphic interface provided by our tool support a transparent review process. Thus, our tool can enhance the efficiency of review so as to ensure the information security in IT systems.