CC verification description template automatic generation method and system for software security assessment

A software security and automatic generation technology, applied in the field of Internet security, can solve problems such as low writing efficiency, error-prone, CC verification description template writing difficulties, etc., to achieve the effect of improving writing efficiency and reducing writing error rate

Pending Publication Date: 2020-12-15
浙江望安科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In view of the above problems, the present invention provides a method and system for automatically generating a CC verification description template for software security assessment, which solves the problems of difficulty in writing CC verification description templates for non-professionals, low writing efficiency, and prone to errors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • CC verification description template automatic generation method and system for software security assessment
  • CC verification description template automatic generation method and system for software security assessment
  • CC verification description template automatic generation method and system for software security assessment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0097] The specific process of CC modeler modeling to obtain CC verification description template is as follows: image 3 As shown, the steps are as follows:

[0098] The first step is the preparation of specification documents.

[0099] The specification document consists of four parts:

[0100] (1) Security requirements (Functional_Element). Including security function requirements (Element), security function requirements inheritance relationship (Hierarchy) and security function requirements dependency relationship (Dependency)

[0101] (2) Safety requirements and operating instructions. It mainly uses natural language to introduce the detailed description of security function requirements and operation mode function specifications. The grammar and requirements required by the formal specification are clearly stated to make the formal verification specification easier to understand. Examples are as follows:

[0102] FDP_ITT.2transmission separation by attribute

[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a CC verification description template automatic generation method and system for software security assessment, and belongs to the technical field of Internet security, and themethod comprises the steps: building a standard document according to a software security function demand, and importing the standard document into a CC modeler; determining, by the CC modeler, whether the format of the standard document meets a requirement or not; if so, checking a CC component name in the standard document, and generating a corresponding initialized CC verification description template; reading the software security function demand in the standard document, and perfecting the initialized CC verification description template; and reading the standarddocument, selecting a template specification according to the security function demand, performing mathematical modeling, and obtaining and outputting a final CC verification description template. The beneficial effects of themethod are that the modeler achieves the automatic modeling of 251 security function demands proposed by the CC criterion, and the generated model follows the Isabel / HOL use grammar specification; byautomatically establishing the CC verification description template, the verification efficiency can be improved, and the error rate of manual writing is reduced to a great extent.

Description

technical field [0001] The invention relates to the technical field of Internet security, in particular to a method and system for automatically generating a CC verification description template for software security assessment. Background technique [0002] With the rapid development of the Internet, software has become more and more closely related to the lives of ordinary people. In the Internet age, people pay more and more attention to software security. The level of security of a software will directly affect the leakage of the user's personal privacy data, the loss of the user's property, etc., and even more seriously, it will affect the safety of human life. Therefore, software that involves life safety must achieve a high level of safety. [0003] CC (Common Criteria) is the "Common Evaluation Criteria for Information Technology Security" jointly developed by the United States, the European Union and Canada. It is an evaluation standard for computer product securi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F40/186
CPCG06F11/3608G06F40/186
Inventor 赵永望陈建明陈卓玲
Owner 浙江望安科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap