KS X ISO IEC 18045-2010 Information technology－Security techniques－Methodology for IT security evaluation《信息技术 安全技术 IT安全评估的方法论》.pdf

1、 KSKSKSKS KSKSKSK KSKSKS KSKSK KSKS KSK KS KS X ISO/IEC 18045 KS X ISO/IEC 18045 :2010 2010 12 31 http:/www.kats.go.krKS X ISO/IEC 18045:2010 : e- ( ) ( ) () () ( ) : (http:/www.standard.go.kr) ： ：2006 12 26 ：2010 12 31 2010-0684 ： e- ： ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , . KS X ISO/IEC 18

2、045:2010 i . iii . iv . v 1 1 2 1 3 .1 4 .3 5 3 5.1 .3 6 .4 6.1 .4 6.2 4 6.3 4 6.4 ISO/IEC 15408 ISO/IEC 18045 4 7 .5 7.1 .5 7.2 6 7.3 9 7.4 10 7.5 10 8 APE： .17 8.1 .17 8.2 .17 8.3 (APE_INT)18 8.4 (APE_CCL.) 20 8.5 (APE_SPD) .25 8.6 (APE_OBJ).26 8.7 (APE_ECD)29 8.8 (APE_REQ).34 9 ASE： .42 9.1 .42 9

3、.2 .42 9.3 (ASE_INT)43 9.4 (ASE_CCL) .46 9.5 (ASE_SPD) .52 9.6 .54 9.7 (ASE_ECD)57 9.8 (ASE_REQ).61 9.9 TOE (ASE_TSS) .69 10 ADV：72 10.1 .72 10.2 .72 10.3 (ADV_ARC).73 10.4 (ADV_FSP).77 10.5 (ADV_IMP) 104 10.6 TSF (ADV_INT).107 10.7 (ADV_SPM) .111 10.8 TOE (ADV_TDS).111 KS X ISO/IEC 18045:2010 ii 11

4、 AGD：140 11.1 .140 11.2 .140 11.3 (AGD_OPE)140 11.4 (AGD_PRE)143 12 ALC： 145 12.1 145 12.2 (ALC_CMC) 146 12.3 (ALC_CMS).165 12.4 (ALC_DEL)170 12.5 (ALC_DVS) 172 12.6 (ALC_FLR).177 12.7 (ALC_LCD) .188 12.8 (ALC_TAT) .191 13 ATE： 198 13.1 198 13.2 199 13.3 (ATE_COV) .200 13.4 (ATE_DPT)203 13.5 (ATE_FU

5、N)210 13.6 (ATE_IND)213 14 AVA： .222 14.1 222 14.2 (AVA_VAN)222 15 ACO：250 15.1 250 15.2 250 15.3 (ACO_COR).251 15.4 (ACO_DEV) .256 15.5 (ACO_REL)262 15.6 TOE (ACO_CTT) 267 15.7 (ACO_VUL).273 A() 285 A.1 .285 A.2 285 A.3 .287 A.4 288 A.5 .292 B() (AVA) .294 B.1 294 B.2 .294 B.3 .304 B.4 306 B.5 313

6、KS X ISO/IEC 18045:2010 315 KS X ISO/IEC 18045:2010 iii . KS X ISO/IEC 18045：2006 . . , , . , , . ISO() IEC() . ISO IEC . ISO IEC . ISO IEC , , . ISO IEC ISO/IEC JTC 1 . (IS) ISO/IEC , 2 . ISO/IEC JTC1 . ISO/IEC JTC1 (DIS) . 75 % . . ISO IEC . ISO/IEC 18045 Joint Technical Committee ISO/IEC JTC 1, I

7、nformation technology, Subcommittee SC 27, IT Security techniques . ISO/IEC 18045 (Common Criteria Project Sponsoring Organisations) (Common Methodology for Information Technology Security Evaluation) . XML http:/i.es/xml . (ISO/IEC 18045:2005) , . KS X ISO/IEC 18045:2010 iv . 3.1( CEM 3.1) ISO/IEC

8、18045 ISO/IEC CEM 3.1 . CEM 3.1 , , , , . /： The Defence Signals Directorate and the Government Communications Security Bureau respectively ： Communications Security Establishment ： Direction Centrale de la Scurit des Systmes dInformation ： Bundesamt fr Sicherheit in der Informationstechnik ： Inform

9、ation Technology Promotion Agency ： Netherlands National Communications Security Agency ： Ministerio de Administraciones Pblicas and Centro Criptolgico Nacional ： Communications-Electronic Security Group ： The National Security Agency and the National Institute of Standards and Technology KS X ISO/I

10、EC 18045:2010 v 2008 2 ISO/IEC 18045, Information technologySecurity techniques Methodology for IT security evaluation , . KS X ISO/IEC 15408 . , , IT . IT . , . A . KS X ISO/IEC 18045:2010 Information technologySecurity techniques Methodology for IT security evaluation 1 KS X ISO/IEC 15408 . KS X I

11、SO/IEC 15408 KS X ISO/IEC 15408 . KS X ISO/IEC 15408 . 2 . . ( ) . KS X ISO/IEC 15408( ), 3 . . 3.1 (action) KS X ISO/IEC 154083 KS X ISO/IEC 154083 ( ) . 3.2 (activity) KS X ISO/IEC 154083 KS X ISO/IEC 18045:2010 2 3.3 (check) . . . 3.4 (evaluation deliverable) 3.5 (evaluation evidence) 3.6 (evalua

12、tion technical report) 3.7 (examine) . . 3.8 (interpretation) KS X ISO/IEC 15408, KS X ISO/IEC 18045, 3.9 (methodology) IT , , 3.10 (observation report) 3.11 (overall verdict) . 3.12 (oversight verdict) . 3.13 (record) , , , . KS X ISO/IEC 18045:2010 3 3.14 (report) . 3.15 (scheme) , IT . 3.16 (sub-

13、activity) KS X ISO/IEC 154083 . 3.17 (tracing) . . 3.18 (verdict) KS X ISO/IEC 15408 , , , , . 3.19 (work unit) , KS X ISO/IEC 15408 . KS X ISO/IEC 15408 . ALC_TAT.1-2 , ALC_TAT.1 KS X ISO/IEC 15408 (, ) , (2) ALC_TAT.1 . 4 ETR (Evaluation Technical Report) OR (Observation Report) 5 5.1 6. . KS X IS

14、O/IEC 18045:2010 4 7. KS X ISO/IEC 15408 . 8. . 9.15. . A . B . 6 6.1 KS X ISO/IEC 15408 , KS X ISO/IEC 15408 . , , . KS X ISO/IEC 15408 “ ” “ ” . 6.2 “ (shall)” , . . KS X ISO/IEC 15408 . ISO . “ (should)” . “ (may)” . “ (check)”, “(examine)”, “(report)”, “(record)” , 3. . 6.3 . A EAL . . . 6.4 KS

15、X ISO/IEC 15408 KS X ISO/IEC 18045 (, , , ) KS X ISO/IEC 15408 . 1 , , KS X KS X ISO/IEC 18045:2010 5 ISO/IEC 15408 , , . KS X ISO/IEC 15408 , , . 1 KS X ISO/IEC 15048 KS X ISO/IEC 18045 7 7.1 , . TOE( ) , , , . KS X ISO/IEC 18045:2010 6 . ( TOE ) KS X ISO/IEC 15408 . . KS X ISO/IEC 15408 . . . , .

16、A.5 . 7.2 7.2.1 , . a) b) 7.2.2 , , , . . ( ) . . TOE , (：, ) . . , . , , / . 7.2.3 . . , . (：EAL1 ) . TOE . KS X ISO/IEC 18045:2010 7 7.2.4 , , . 2 . 2 . . . 7.2.5 KS X ISO/IEC 15408 . KS X ISO/IEC 15408 ( ) . KS X ISO/IEC 15408 . KS X ISO/IEC 154081 9. “” . KS X ISO/IEC 18045:2010 8 3 . a) “(pass)

17、” KS X ISO/IEC 15408 , TOE . . 1) . 2) . 3) . “ ” , . b) “(fail)” KS X ISO/IEC 15408 , TOE KS X ISO/IEC 18045:2010 9 , , . c) “ (inconclusive)”, “” “ ” . “ ” “ ” . 3 “ ” , , , “ ” . 7.3 7.3.1 . , . 7.3.2 . . TOE TOE . TOE . , TOE (ADV_TDS) TSF(TOE ) . (ALC_CMC) (ALC_DEL) ( ) TOE . . . ( , ) . . , . . , . . a) ： . b) ： TOE c) ： . TOE KS X ISO/IEC 18045:2010 10 . TOE (： ) (： TOE KS X ISO/IEC 15408 ) . 7.3.3 7.3.3.1 . KS X ISO/IEC 15408 , ,