CC 3.0의 변화 내용 분석

  • 강연희 (한남대학교 컴퓨터공학과) ;
  • 김정대 (한남대학교 컴퓨터공학과) ;
  • 최상수 (한남대학교 컴퓨터공학과) ;
  • 이강수 (한남대학교 컴퓨터공학과)
  • Published : 2005.08.01

Abstract

ISO/IEC ISO/IEC 15408인 CC(Common Criteria)는 전세계 정보보호 학계와 산업 분야에서 정보보호 기능과 보증에 대한 표준적 개념, 평가 및 분류체계로 자리매김했다. 현재의 공식적인 버전은 CC 2.2이지만, 2004년 3월에 CC 2.4(초안)가 발표된 후, 공식버전이 되기도 전인 2005년 7월에 CC 3.0 (초안, 수정 2판)이 발표되었다. CC 3.0은$50\%$이상 대폭 변화되었으며 지난 10년간 경험했던 CC의 문제점을 해결하려한 흔적이 역역하다. 본 논문에서는 CC 3.0의 변화를 CC 2.4와 함께 조사 및 분석하였고 변화에 따른 문제점과 대책을 제시한다.

Keywords

References

  1. KISA 보안성평가센터내 수록자료, http// www.kisa.or.kr/
  2. Common Criteria for Information Technology Security Evaluation (CC), Part 1: Introduction and general model, CCEB-96/011, Version 1.0, Jan. 1996
  3. Common Criteria for Information Technology Security Evaluation (CC), Part 2: Security functional requirements, CCEB-96/012, Version 1.0, Jan. 1996
  4. Common Criteria for Information Technology Security Evaluation (CC), Part 2: Annexs, CCEB-96/012_A, Version 1.0, Jan. 1996
  5. Common Criteria for Information Technology Security Evaluation (CC), Part 3: Security assurance requirements, CCEB-96/013, Version 1.0, Jan. 1996
  6. Common Criteria for Information Technology Security Evaluation (CC), Part 4: Predefined Protection Profiles, CCEB96/014, Version 1.0, 96/01/31
  7. Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model, Version 2.1, CCIMB-99-031, August 1999
  8. Common Criteria for Information Technology Security Evaluation, Part 2: Security functional requirements, Version 2.1, CCIMB-99-032, Aug. 1999
  9. Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Requirements, Version 2.1, CCIMB-99-033, August 1999
  10. 국제공통평가기준, CC 2.0, 한국정보보호센터, 1998.11
  11. 정보보호시스템 공통평가기준, 정보통신부 한국 정보보호진흥원, 2002.8
  12. Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model, Version 2.2, Revision 256, CCIMB-2004-01-001, Jan. 2004
  13. Common Criteria for Information Technology Security Evaluation, Part 2: Security functional requirements, Version 2.2, CCIMB-2004-01-002, Jan. 2004
  14. Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Requirements, Version 2.2, Revision 256, CCIMB-2004-01-003, Jan. 2004
  15. Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model, CCIMB2004-03-001, Version 2.4, Revision 256, Mar. 2004
  16. Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Requirements, CCIMB2004-03-003, Version 2.4, Revision 256, Mar. 2004
  17. Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model, CCIMB -2005-07-001, Version 3.0, Revision 2, June 2005
  18. Common Criteria for Information Technology Security Evaluation, Part 2: Security functional requirements, Version 3.0, Revision 2, CCIMB-2005-07-002, July 2005
  19. Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Requirements, Version 3.0, Revision 2, CCIMB-2005-07-003, July 2005
  20. 강연희, 김정대, 방영환, 최성자, 이강수, '공통 평가기준(CC)과 공통평가방법론(CEM)의 변경 내용 분석', 한국정보보호학회지, 제 13권 제 4 호 2004. 8
  21. 최상수, 방영환, 최성자, 이강수, '보안관리 및 위험분석을 위한 분류체계, 평가기준 및 평가스 케일의 조사연구', 한국정보보호학회지, 13권 제 3호, pp. 38-49, 2003.6
  22. Common Methodology for Information Technology Security Evaluation, Part 2: Evaluation Methodology, Version 1.0, CEM-99/045, Aug. 1999
  23. Common Methodology for Information Technology Security Evaluation, Part 2: Evaluation Methodology Supplement: ALC_FLR - Flaw Remediation, Ver 1.1, CEM-2001/0015R, Feb. 2002
  24. Common Methodology for Information Technology Security Evaluation Methodology, Version 2.2, Revision 2.2, CCIMB -2004-01-004, Jan. 2004
  25. Common Methodology for Information Technology Security Evaluation Methodology, Version 2.4, Revision 2.4, CCIMB -2004-03-004, Mar. 2004
  26. Common Criteria for Information Technology Security Evaluation Evaluation Methodology, Version 3.0, Revision 2, CCIMB-2005-07-004, July 2005
  27. Common Criteria Version 3.0 Update, http://www.commoncriteriaportal.org/public/files/CCv3.0%20transition.pdf, June 2005