CC-Case as an Integrated Method of Security Analysis and Assurance over Life-cycle Process

Secure system design faces many risks such as information leakage and denial of service. We propose a method named CC-Case to describe security assurance cases based on the security structures and thereat analysis. CC-Case uses Common Criteria (ISO/IEC15408). While the scope of CC-Case mainly focuses to the requirement stage, CC-Case can handle the life-cycle process of system design that contains the requirement, design, implementation, test and the maintenance stages. It can make countermeasure easily against the situation which an unexpected new threat produced by invisible attackers incessantly.