Level Driven Security Requirement Analysis Method Based On CC Standard

With the rapid development of the Internet and the popularization of computer applications, the software security is more and more important. However,most software security research is concentrated in the coding process of software. The safety problems in the software requirement stage are neglected for long time. Recently the statistical data has shown that a considerable proportion of the security problems are caused in software requirement phase. It is popular agreed that in the field of software development the earlier problem solved the less cost will be spent.Common Criteria can provide guidance and help to solve the problems in software security requirements phase. However, the security requirement analysis method provided by the Common Criteria is highly dependent on expert knowledge. This paper proposes a level driven security requirement analysis method based on Common Criteria standard to fulfill the different security needs for different systems. This paper introduces the security requirement levels and the mechanism of dividing levels. Then this paper describes the whole process to analysis the security requirement in details. Our analysis method can ease the analysis process and lower the threshold of using Common Criteria. To validate this method, we build a tool which implements the method. At last, compare with an actual security requirement analysis we prove the correctness of our method and analysis the existing problems.The paper introduces theory of the level driven requirements analysis method based on CC standard and its engineering system which support the international standards of the software security requirement. At the same time, but also it provide a theoretical basis for the future work.