Threat Description for the PP by Using the Concept of the Assets Protected by TOE

Evaluation has been the traditional means of providing assurance and is the basis for prior evaluation criteria documents such as ITSEC. The Common Criteria (CC) defines a Protection Profile (PP) that defines the security environments and specifies the security requirements and protections of the product to be evaluated. The security environments consist of assumptions, threats, and organizational security policies, so the editor of the PP must describe the threats for the PP. In this paper, we propose a method for the description of the threats for the PP by introducing the concept of the assets protected by Target of Evaluations (TOE).