A Supporting Tool for IT System Security Specification Evaluation Based on ISO/IEC 15408 and ISO/IEC 18045

In evaluation and certification framework based on ISO/IEC 15408 and ISO/IEC 18045, a Security Target, which contains the specifications of all security functions of the target system, is the most important document. Evaluation on Security Targets must be performed as the first step of the whole evaluation process. However, evaluation on Security Targets based on ISO/IEC 15408 and ISO/IEC 18045 is very complex. Evaluation process involves of many tasks and costs lots of time when evaluation works are performed by human. Besides, it is also difficult to ensure that evaluation is fair and no subjective mistakes. These issues not only may result in consuming a lot of time, but also may affect the correctness, accuracy, and fairness of evaluation results. Thus, it is necessary to provide a supporting tools that supports all tasks related to the evaluation process automatically to improve the quality of evaluation results at the same time reduce the complexity of all evaluator and certifiers’ work. However, there is no such supporting tool existing until now. This paper proposes a supporting tool, called Security Target Evaluator, that provides comprehensive facilities to support the whole process of evaluation on Security Targets based on ISO/IEC 15408 and ISO/IEC 18045.