计算机安全标准演化与安全产品发展

分析计算机系统安全标准的演化过程，以及安全评价标准在安全产品评价中的实际应用情况。阐明在计算机系统安全标准演化中，TCSCE、ITSCE和CC是影响较大的主要标准；其中，CC标准是在各国寻求共同认可的安全评价标准的意愿驱使下产生的，它基于TCSEC等以往的标准，形式上更加接近于ITSEC。中国1999年颁布的2001年开始实施的“计算机信息系统安全保护等级划分准则”采用的是TCSEC的形式，其不可避免地存在与TCSEC同样的缺陷，按TCSEC标准的原有思路实施中国的标准，是否有利于安全产品的发展，值得认真深思。

Evolution of Computer Security Evaluation Criteria and Progress in Computer Security Products

The evolution history of computer security evaluation criteria and the application of security evaluation criteria to the evaluation of security products are analyzed. The TCSEC, the ITSEC and the Common Criteria (CC) are of heavy weights on the progress of computer security evaluation criteria. The CC is the outcome of the quest of the United States, Canada, the United Kingdom and other countries to seek a basis for mutual recognition of security product evaluation. It is developed on the basis of all the older criteria and much more closely resembles the ITSEC. The Chinese Classified Criteria for Security Protection of Computer Information System (CCSPCIS), which was issued in 1999 and put into effect from 2001 on, inherits the philosophy of the TCSEC completely. The CCSPCIS is hence inevitably of the same drawback as the TCSEC. Whether shaping the Chinese security evaluation standard in accordance with the obsolete TCSEC is possible to advance the development of security products in China is in need of serious consideration.