Using Common Criteria Methodology to Express Informal Security Requirements.

摘要

Often, security requirements for complex systems are hard to discern because it is difficult to determine which requirements must be allocated to the system and which pertain to the system environment. In the Common Criteria framework, threat analysis results in a set of objectives that can be subdivided into two major categories: those allocated to the system itself, and the remainder to the environment. By differentiating between these two types of objectives, it is possible to avoid inappropriate requirements specification. Moving beyond systems intended to undergo evaluation, we show that the Common Criteria methodology is effective in requirements analysis for informally specified systems. As a demonstration, a worked example using a Common Criteria-based process for a requirements analysis of an on-line dissemination system is presented.