The paper presents a new ontology-based approach to the elaboration and management of evidences prepared by developers for the IT security evaluation process according to the Common Criteria standard. The evidences concern the claimed EAL (Evaluation Assurance Level) for a developed IT product or system, called TOE (Target of Evaluation), and depend on the TOE features and its development environment. Evidences should be prepared for the broad range of IT products and systems requiring assurance. The selected issues concerning the author’s elaborated ontology are discussed, such as: ontology domain and scope definition, identification of terms within the domain, identification of the hierarchy of classes and their properties, creation of instances, and an ontology validation process. This work is aimed at the development of a prototype of a knowledge base representing patterns for evidences.
Go to article