Semiformal Approach to the IT Security Development

The paper concludes the author´s works on the IT security development framework compliant with the common criteria standard. Two basic issues were solved to make this development easier and more effective: the entire development process was better formalized using the UML/OCL approach, and the set of specification means was extended (by defining enhanced generics) thus now the set covers all development stages and is more precise. Moreover, the set of relationships between specification elements was predefined to help developers solve typical security issues. The computer-aided tool, implementing this methodology, has the following elements built in: the simple risk analysis tool, design selfevaluator, reporting and documentation management facilities. The paper presents the volume of works, gives some examples, summarizes the results and gained experiences, and defines the plans of future works.