The present invention relates to a security system design supporting method for designing the security measures for an information system or a product in its planning or design stage and a design supporting tool based on the same method.
The common criteria for security evaluation (hereinafter referred to as CC) internationally standardized stipulates the basic functional requirements for security, the assurance requirements for the functional quality and seven stages of evaluation assurance levels necessary for an information system or a product.
The person in charge of the user information, the product developer and the system engineer (SE) for designing and constructing a system selects the factors required for the product or system involved from the CC requirements thereby to prepare security requirements (protection profile, hereinafter called the PP) and security specifications (security target, hereinafter referred to as ST) to carry out the development and construction.
Also, an evaluation and certification scheme based on this standard is established, so that the evaluation and certification are acquired from designated evaluation and certification bodies.
After the standardization, the construction, the acquired evaluation and certification based on the CC are utilized for all information-related products and systems as purchase requirements for customers, requirements for network connection, a condition for system operation, a legal system and a business system. Thus the acquisition of the certification becomes an essential condition.
In view of this, a guide and a support tool for supporting the work of preparing the PP/ST essential in the planning/design stage for acquisition of the certification have been developed.
A technique for supporting the documentation of the PP/ST by proposing the items to be described in each chapter of the PP or ST specification, a format of expression and case samples is described in “ISO/SC27 N2333 Guide for Production of Protection Profiles and Security Targets Version 0.8, July, 1999” and the reference “Information Technology security evaluation standards”, pp. 26–33, ISO/IEC 15408 Seminar Materials (Sep. 8, 1999, sponsored by Information Promotion Agency, Security Center in Japan).
The aforementioned conventional CC-based security design supporting technique basically supports only the matching of the format of the PP/ST specifications, and the technique for introduction of the specific information and the definition support are required to be prepared from the very beginning each time for each product or system involved.
Therefore, although the format adjustment of the PP/ST and the extraction and definition of the contents of description are possible as a procedure, the problem is that the person in charge of preparation is required to be equipped with the special knowledge of CC, security threats and countermeasures and the special technique for risk assessment. As a result, a vast amount and steps of labor are imposed and the quality of the prepared PP/ST which depends on the knowledge and ability of the person in charge of preparation lacks uniformity.
Further, the PP should inherently be reused and shared by product/system designs of the same type, and the prepared PP granted a successful evaluation by a designated evaluation body and registered in a designated PP registration body is basically required to be utilized for designing products or systems of the same type to which the registered PP is applied.
The conventional CC-based security design supporting technique described above, however, fails to support the reuse of the registered PP or the past cases of preparation as a supporting tool.