Раздел: Документация
0 ... 100 101 102 103 104 105 106 ... 117 Protection of the TSF FPR AMT Underlying abstract machine test -f FPT FLS Fail secure FPT ITA Availability of exported TSF data FPT ITC Confidentiality of exported TSF data FPT ITI Integrity of exported TSF data FPT ITT Internal TOE TSF data transfer FPT PHP TSF physical protection FPT RCV Trusted recovery 1 - 2 1 - 2 Figure J.1 - Protection of the TSF class decomposition 1 1 1 1 3 1 2 3 1 2 3 4 Protection of the TSF 1 FPT RPL Replay detection and prevention - 1 FPT RVM Reference mediation FPT SEP Domain separation FPT SSP State synchrony protocol FPT STM Time stamps FPT TDC Inter-TSF TSF data consistency FPT TRC Internal TOE TSF data replication consistency FPT TST TSF self test 1- 2
Figure J.2 - Protection of the TSF class decomposition (Cont.) 1 1 1 1 1 From the point of view of this class, there are three significant portions that make up the TSF: a)The TSFs abstract machine, which is the virtual or physical machine upon which the specific TSF implementation under evaluation executes. b)The TSFs implementation, which executes on the abstract machine and implements the mechanisms that enforce the TSP. c)The TSFs data, which are the administrative databases that guide the enforcement of the TSP. All of the families in the FPT class can be related to these areas, and fall into the following groupings: a) FPT PHP (TSF physical protection), which provides an authorised user with the ability to detect external attacks on the parts of the TOE that comprise the TSF. b)FPTAMT (Underlying abstract machine test) and FPTTST (TSF self test), which provide an authorised user with the ability to verify the correct operation of the underlying abstract machine and the TSF as well as the integrity of the TSF data and executable code. c)FPTSEP (Domain separation) and FPTRVM (Reference mediation), which protect the TSF during execution and ensure that the TSF cannot be bypassed. When appropriate components from these families are combined with the appropriate components from ADVINT (TSF internals), the TOE can be said to have what has been traditionally called a "Reference Monitor." d)FPTRCV (Trusted recovery), FPTFLS (Fail secure), and FPTTRC (Internal TOE TSF data replication consistency), which address the behaviour of the TSF when failure occurs and immediately after. e)FPTITA (Availability of exported TSF data), FPTITC (Confidentiality of exported TSF data), FPTITT (Integrity of exported TSF data), which address the protection and availability of TSF data between the TSF and a remote trusted IT product. f)FPTITT (Internal TOE TSF data transfer), which addresses protection of TSF data when it is transmitted between physically-separated parts of the TOE. g)FPTRPL (Replay detection), which addresses the replay of various types of information and/or operations. h)FPTSSP (State synchrony protocol), which addresses the synchronisation of states, based upon TSF data, between different parts of a distributed TSF. i)FPTSTM (Time stamps), which addresses reliable timing. j) FPTTDC (Inter-TSF TSF data consistency), which addresses the consistency of TSF data shared between the TSF and a remote trusted IT product. 0 ... 100 101 102 103 104 105 106 ... 117
|
