A Semiformal Approach to the Security Problem of the Target of Evaluation (TOE) Modeling

The paper deals with the IT security development process according to the Common Criteria, particularly the security problem definition of the target of evaluation (TOE), expressing basic security concerns and needs of the developed IT product or system. The conciseness and preciseness of these concerns and needs influence the security objectives specifications that, in turn, influence the design quality and, finally, the TOE assurance. The UML-based approach and the predefined set of enhanced generics are proposed. The paper shows the used high level ontology, its representation by generics and the operations defined on these generics. The paper deals with more extensive works concerning IT security modeling and the development of computer-aided tools. To conclude the issue, current results, experiences and plans were presented. The emphasis was put on UML-based designs which can be better understood by a wide community of UML users.