中文摘要：

通用评估准则（CC）未论述安全架构及策略模型这2个保障要求的具体分析方法,因而不利于实际的安全评估工作。为此,首先从设计分解的角度论述了CC的基本评估模型,将安全功能（TSF）从内涵功能和元功能2个角度进行定义,以此论述安全架构设计的意义,并基于脆弱性分析活动来描述安全架构及评估方法。其次,从论述保护轮廓（ST）与功能规范（FSP）的逻辑差距出发,描述了形式化安全策略模型的意义,并提出了对TSF要求进行（半）形式化的方法来弥补此差距的途径。由于等同于CC v3.1标准的国标GB/T18336即将在中国推行,该文结论将有助于改进后续的安全评估工作。

英文摘要：

The Common Criteria （CC） does not adequately explain the security architecture and policy model requirements which hinders security evaluations. This paper classifies the requirements through a general CC evaluation model based on design decomposition. The analysis then categorizes the TOE security functionality （TSF） as the TSF meta-functionality and the TSF obligatory functionality to demonstrate the need for justifying the security properties in the architecture design. Then, security architecture description and evaluation approaches are described for vulnerability analysis activity. Then, this paper describes the need for formalizing the security policy model based on observations of the logical gap between the security target （ST） and the functional specification （FSP） requirements. A （semi-） formalization of the security functional requirements is given to bridge the gap. The national standard GB/T18336 （the Chinese version of CC v3.1） will be adopted soon in China, so the analysis in this paper is needed to improve security evaluation activities.