Abstract：The Common Criteria (CC) does not adequately explain the security architecture and policy model requirements which hinders security evaluations. This paper classifies the requirements through a general CC evaluation model based on design decomposition. The analysis then categorizes the TOE security functionality (TSF) as the TSF meta-functionality and the TSF obligatory functionality to demonstrate the need for justifying the security properties in the architecture design. Then, security architecture description and evaluation approaches are described for vulnerability analysis activity. Then, this paper describes the need for formalizing the security policy model based on observations of the logical gap between the security target (ST) and the functional specification (FSP) requirements. A (semi-) formalization of the security functional requirements is given to bridge the gap. The national standard GB/T18336 (the Chinese version of CC v3.1) will be adopted soon in China, so the analysis in this paper is needed to improve security evaluation activities.
石竑松, 高金萍, 贾炜, 刘晖. CC标准中安全架构与策略模型的分析方法[J]. 清华大学学报（自然科学版）, 2016, 65(5): 493-498.
SHI Hongsong, GAO Jinping, JIA Wei, LIU Hui. Analyse of the security architecture and policy model in the Common Criteria. Journal of Tsinghua University(Science and Technology), 2016, 65(5): 493-498.
 Bañón M. Security evaluation, testing and specification[C]//SC27 Security Techniques of 25 Years of Information Security Standardization (1990-2015). Ipswich, UK:Gipping Press, 2015:124-130.
 ISO/IEC 15408. Information Technology-Security Techniques-Evaluation Criteria for IT Security[S]. Switzerland:ISO/IEC, 2009.
 GB/T 18336. 信息技术安全技术信息技术安全评估准则[S]. 北京:中国国家标准化管理委员会, 2005. GB/T 18336. Information Technology-Security Techniques-Evaluation Criteria for IT Security[S]. Beijing:Standardization Administration of the People's Republic of China, 2005. (in Chinese)
 CCRA Management Committee. CCRA:Arrangement on the recognition of Common Criteria certificates in the field of information technology security[Z/OL].[2015-06-03] . http://www.commoncriteriaportal.org/ccra/.
 CC Supporting Document. Composite product evaluation for smartcards and similar devices, version 1.2[Z/OL].[2015-06-03] . http://www.commoncriteriaportal.org/cc/.
 毕海英, 石竑松, 高金萍, 等. 通用评估准则的发展与应用现状[J]. 信息技术与标准化, 2013,347(11):14-17. BI Haiying, SHI Hongsong, GAO Jinping, et al. The development of Common Criteria and its applications[J].Information Technology & Standardization, 2013,347(11):14-17. (in Chinese)
 CC Supporting Document. Security architecture requirements (ADV_ARC) for smart cards and similar devices, version 2.0[Z/OL].[2015-06-03] . http://www.commoncriteriaportal.org/cc/.
 Bundesam FVr Sicherheit der Informationstechnik (BSI). Guideline for the development and evaluation of formal security policy models in the scope of ITSEC and Common Criteria, version 2.0[Z/OL].[2015-06-03] . http://www.bsi.bund.de/cae/servlet/contentblob/478122/publicationFile/30243/Guideline_FMSP_v20_pdf.pdf.
 Chetali B, Nguyen Q H. Industrial use of formal methods for a high-level security evaluation[C]//FM 2008:Formal Methods. Berlin, Germany:Springer Berlin Heidelberg, 2008:198-213.
 Narasamdya I, Perin M. Certification of smart-card applications in Common Criteria[C]//Proceedings of the 2009 ACM Symposium on Applied Computing. Berlin, Germany:Springer Berlin Heidelberg, 2009:309-324.
 Beckert B. Mind the gap:Formal verification and the Common Criteria[C]//In 6th International Verification Workshop (VERIFY-2010). Edinburgh, UK:IJCAR, 2010:4-12.