关键词: 密码测评工具, 自动调度, 测评工具模型, 调度平台

Abstract: In the process of cryptographic application evaluation, the evaluators complete the on-site evaluation and result analysis with the help of cryptographic evaluation tools. In practical application, the evaluators often need to use multiple evaluation tools in series. The output of one cryptographic evaluation tool needs to be used as the input of another tool to obtain further detection results. For example, when analyzing the SSL protocol, the digital certificate used for authentication should be extracted to complete the certificate format compliance verification. However, the existing evaluation tools are usually designed and developed independently for specific evaluation purposes, and they do not have the ability to work together with each other. The input and output data required by each tool still need evaluators to carry out manual collection, data conversion, import and export, which is time-consuming and labor-consuming, and it is easy to introduce manual errors in the process of processing data. This paper proposes a scheme of automatic scheduling platform for cryptographic evaluation tools. The scheme can automatically assemble according to the dependency between evaluation tools, schedule evaluation tasks in an orderly manner, collect evaluation intermediate data and schedule real-time data flow, output reports according to templates, and support three evaluation scenarios:product access, new system and system operation. Evaluators only need to upload the application scenario topology map of the evaluation object, identify checkpoints in the map, select the evaluation tool to be used, and then send scheduling instructions to the evaluation tool through the scheduling platform to complete the evaluation task. The scheduling platform adopts the network interface scheduling evaluation tool, which has scalability. The existing evaluation tools only need to be adapted and adjusted according to the unified interface model of evaluation tools proposed in this paper, and can be integrated into the scheduling platform to accept scheduling.

Key words: cypher evaluation tool, automatic scheduling, evaluation tool model, dispatching platform