Abstract
The paper presents a new ontology-based approach to the elaboration and management of evidences prepared by developers for the IT security evaluation process according to the Common
Criteria standard. The evidences concern the claimed EAL (Evaluation Assurance Level) for a developed
IT product or system, called TOE (Target of Evaluation), and depend on the TOE features and its
development environment. Evidences should be prepared for the broad range of IT products and systems
requiring assurance. The selected issues concerning the author’s elaborated ontology are discussed, such
as: ontology domain and scope definition, identification of terms within the domain, identification of the hierarchy of classes and their properties, creation of instances, and an ontology validation process. This
work is aimed at the development of a prototype of a knowledge base representing patterns for evidences.
Go to article