Security Analysis on the Online Office and Proposal of the Evaluation Criteria

The online office is one of web application. We can easily use the online office through a web browser with internet connected PC. The online office has the advantage of using environment regardless of location or time. When users want to use the online office, they access the online office server and use their content. However, recently developed and launched online office has the weakness of insufficient consideration. In this paper, we analyze the security vulnerabilities of the online office. In addition, we propose the evaluation criteria to make secure online office using Common Criteria. This evaluation criteria can be used to establish trust between the online office server and the user. The online office market will be more active than before.

Authors:

• Hyunsang Park
• Kwangwoo Lee
• Yunho Lee
• Seungjoo Kim
• Dongho Won

Keywords:

• Online Office
• Vulnerabilities
• CommonCriteria(CC)

References:

[1] Google Docs, http://docs.google.com/
[2] Thinkfree, http://www.thinkfree.com/
[3] Zoho. http://www.zoho.com/
[4] Microsoft Office Live. http://workspace.office.live.com/
[5] OWASP, http://www.owasp.org/index.php/Top_10_2007/
[6] WireShark, http://www.wireshark.org
[7] Common Criteria, Common Criteria for Information Technology Security
Evaluation; part 1: Introduction and general model, Version 3.1 R1,
CCMB-2006-09-001(September 2006)
[8] Common Criteria, Common Criteria for Information Technology Security
Evaluation; part 2: Security functional components, Version 3.1 R2,
CCMB-2007-09-002(September 2007)
[9] Common Criteria, Common Criteria for Information Technology Security
Evaluation; part 3: Security assurance components, Version 3.1 R2,
CCMB-2007-09-003(September 2007)