对安全功能要求的错误理解会在IT产品中引入内在的安全缺陷。半形式化方法可提高描述安全功能要求的准确性,增强设计的合理性,从而有助于降低引入安全缺陷的风险。因此,该文将重点研究产品安全策略及设计规范的半形式化描述及验证方法。首先,论述了通过分析安全功能接口,从安全功能要求中提取安全策略,以及从模块设计中提取设计规范的一般方法,给出了降低耦合性的子系统和模块划分规则;其次,通过选择和改进现有的半形式化工具,给出了描述安全策略以及设计规范的半形式化方法;最后,以IC卡芯片产品的测评为例,通过对部分安全策略以及设计规范进行半形式化处理,论证了产品所采取的安全策略可使安全功能要求得以充分满足,且相应的设计规范也是合理的。结果表明:该文所建立的半形式化方法在一定程度上适于所有信息技术产品的安全测评。
Inadequacies in IT products can result from misunderstandings of the security requirements. Semi-formal methods can accurately describe the security requirements and implement reasonable requirements that avoid causing security flaws. Thus, semi-formal descriptions and verification methods are used in this study for security policies and design specifications represented by collections of the security requirements and module designs of security functionality interfaces. The system uses a loosely coupled partitioning method for the subsystem and module. Semi-formal methods are given to describe the security policy and design specification derived from existing semi-formal tools. The approach is applied to an IC card chip product to show that its security policies are adequate and the security design provides reasonable security. This approach can be used to evaluate all kinds of IT products.
[1] Bañón M. Security evaluation, testing and specification [C]//In SC27 Security Techniques of 25 Years of Information Security Standardization (1990—2015). London, UK:Gipping Press, 2015: 124-130. [2] ISO/IEC 15408. Information Technology-Security Techniques-Evaluation Criteria for IT Security [S]. Wellington, New Zealand: ISO/IEC, 2009. [3] GB/T 18336. 信息技术 安全技术 信息技术安全评估准则[S]. 北京: 中国国家标准化管理委员会, 2016.GB/T 18336. Information Technology-Security Techniques-Evaluation Criteria for IT Security [S]. Beijing: Standardization Administration of the People's Republic of China, 2016. (in Chinese) [4] Bundesam FVr Sicherheit der Informationstechnik. Guideline for the development and evaluation of formal security policy models in the scope of ITSEC and Common Criteria, version 2.0[Z/OL]. (December 2007). http://www.bsi.bund.de/cae/servlet/contentblob/478122/publicationFile/30243/Guideline_FMSP_v20_pdf. [5] Narasamdya I, Périn M. Certification of smart-card applications in Common Criteria: Proving representation correspondences[Z/OL]. (November 2008). http://www-verimag.imag.fr. [6] Schellhorn G, Reif W, Schairer A, et al. Verification of a formal security model for multiapplicative smart cards [J]. Lecture Notes in Computer Science, 2000, 1(1):17-36. [7] GB/T 22186. 信息安全技术 具有中央处理器的IC卡芯片安全技术要求[S]. 北京: 中国国家标准化管理委员会, 2016.GB/T 22186. Information Security Techniques-Security Technical Requirements for IC Card Chip with CPU [S]. Beijing: Standardization Administration of the People's Republic of China, 2016. (in Chinese) [8] ASN.1. Abstract Syntax Notation One [S]. Wellington, New Zealand: ISO/ITU-T, 2001. [9] Schmuller J. UML基础、 案例与应用[M]. 李虎, 王英美, 万里威, 译. 北京: 人民邮电出版社, 2002.Schmuller J. Sams Teach Yourself UML in 24 Hours [M]. LI Hu, WANG Yingmei, WAN Liwei, trans. Beijing: Posts & Telecom Press, 2002. (in Chinese)
