(Common Criteria for Information Technology Security Evaluation, ) , , .
2.1 (ISO) 1999 ISO / IEC 15408.
31 1996 . , , , . 1998 ., .
, , . - .
, , : , .
-, . , . , , , .
, - , , .
- , , , . , . .
|
|
, -, , , .
, ‑, , - , , , -, , , . , -, .
, - , . , .
, , .
, -, .
- , , . , , .
, . , , , .
/ 15408-2002 " . . "
/ 15408-2002 " . . " , . ISO/IE 15408-99 " " ( ).
|
|
3- :
1. .
2. .
3. .
‑ , . (), : , , , .
:
1. (), .
2. , .
3. ( ).
4. , .
5. , .
6. , .
7. , .
1 , ( ), ( , ) : , . , , , (, , ).
:
();
();
().
2 .
3 , , , . , , , , , , .
, . .
, ( , , ), .
, , , . , .
, - , . , , .
|
|
. , .
. , , , , .
, .
(ST) ;
(IT) ;
(TSFI) ;
(TSC) ;
(CC) ;
(TOE) ;
(EAL) ;
(TSP) ;
() ;
(SFP) ;
(SOF) ;
(SF) ;
(TSF) .
1.
, , . , .
1. | , | Assets | |
2. | , , / , | Security attribute | |
3. | - | , | Authentication data |
4. | , , , | SOF - basic | |
5. | , , | External IT entity | |
6. | Selection | ||
7. | Internal communication channel | ||
8. | , , , | SOF - high | |
9. | , , | TSF data | |
10. | , , | User data | |
11. | , | Trusted channel | |
12. | , | Trusted path | |
13. | , | Assurance | |
14. | , , , , , , | Dependency | |
15. | , | Security target | |
16. | (, ), . , | Identity | |
17. | , (- ), ( ), - | TOE security functions interface | |
18. | Iteration | ||
19. | , | Class | |
20. | , , | Component | |
21. | , : ; ; , | Reference validation mechanism | |
22. | , | TOE security policy model | |
23. | , | Reference monitor | |
24. | Assignment | ||
25. | Informal | ||
26. | , | TSF scope of control | |
27. | , | Object | |
28. | Target of evaluation | ||
29. | , , | Evaluation authority | |
30. | , | Evaluation | |
31. | 3 , | Evaluation assurance level | |
32. | (, ), | Package | |
33. | Internal TOE transfer | ||
34. | , | Transfer outside TSF control | |
35. | Inter-TSF transfers | ||
36. | , , , | Organizational security policies | |
37. | , , | TOE security policy | |
38. | , | Security function policy | |
39. | - | Semiformal | |
40. | (- ) , | User | |
41. | ( ) , , | Attack potential | |
42. | , - / , | Product | |
43. | , | Protection profile | |
44. | , 2 , / , 3 | Extension | |
45. | , | TOE resource | |
46. | , | Role | |
47. | , , . , | Connectivity | |
48. | , / | Secret | |
49. | , , | Family | |
50. | System | ||
51. | - , | Evaluation scheme | |
52. | , , , | SOF - medium | |
53. | , , | Strength of function | |
54. | , | Subject | |
55. | - | , - | Authorized user |
56. | 3 | Augmentation | |
57. | Refinement | ||
58. | , | TOE security functions | |
59. | , | Security function | |
60. | , | Formal | |
61. | - | , | Human user |
62. | / | Security objective | |
63. | Element |
|
|
|
|
, , . , , ( ). . ( ) .
, . , : , , .
, , . :
, , ;
, ;
, .
, , .
, , , , . , , , .
, .
3 : , () ().
. , . , .
, . , . , , . .
, , . , . , .
, , , , , .
, , :
, , ;
, , (), , , , , ;
, , , , , .
, , . , , .
, , , .
.
, . , , ..
, . , .
, . (). . (), .