8(495)909-90-01
8(964)644-46-00
pro@sio.su
Главная
Системы видеонаблюдения
Охранная сигнализация
Пожарная сигнализация
Система пожаротушения
Система контроля удаленного доступа
Оповещение и эвакуация
Контроль периметра
Система домофонии
Парковочные системы
Проектирование слаботочных сетей
Аварийный
контроль
            
Раздел: Документация

0 ... 110 111 112 113 114 115 116 117

K.2 Priority of service (FRU PRS)

The requirements of this family allow the TSF to control the use of resources within the TSC by users and subjects such that high priority activities within the TSC will always be accomplished without interference or delay due to low priority activities. In other words, time critical tasks will not be delayed by tasks that are less time critical.

This family could be applicable to several types of resources, for example, processing capacity, and communication channel capacity.

The Priority of Service mechanism might be passive or active. In a passive Priority of Service system, the system will select the task with the highest priority when given a choice between two waiting applications. While using passive Priority of Service mechanisms, when a low priority task is running, it cannot be interrupted by a high priority task.While using an active Priority of Service mechanisms, lower priority tasks might be interrupted by new high priority tasks.

User notes

The audit requirement states that all reasons for rejection should be audited. It is left to the developer to argue that an operation is not rejected but delayed.

FRUPRS.1 Limited priority of service

User application notes

This component defines priorities for a subject, and the resources for which this priority will be used. If a subject attempts to take action on a resource controlled by the Priority of Service requirements, the access and/or time of access will be dependent on the subjects priority, the priority of the currently acting subject, and the priority of the subjects still in the queue.

Operations

Assignment:

For FRU PRS.1.2, the PP/ST author should specify the list of controlled

resources for which the TSF enforces priority of service (e.g. resources such as processes, disk space, memory, bandwidth).

FRUPRS.2 Full priority of service

User application notes

This component defines priorities for a subject. All shareable resources in the TSC will be subjected to the Priority of Service mechanism. If a subject attempts to take action on a shareable TSC resource, the access and/or time of access will be dependent on the subjects priority, the priority of the currently acting subject, and the priority of the subjects still in the queue.

K.3 Resource allocation (FRU RSA)

The requirements of this family allow the TSF to control the use of resources within the TSC by users and subjects such that unauthorised denial of service will not take place by means of monopolisation of resources by other users or subjects.

User notes

Resource allocation rules allow the creation of quotas or other means of defining limits on the amount of resource space or time that may be allocated on behalf of a specific user or subjects. These rules may, for example:

-Provide for object quotas that constrain the number and/or size of objects a specific user may allocate.

-Control the allocation/deallocation of preassigned resource units where these units are under the control of the TSF.

In general, these functions will be implemented through the use of attributes assigned to users and resources.

The objective of these components is to ensure a certain amount of fairness among the users (e.g. a single user should not allocate all the available space) and subjects. Since resource allocation often goes beyond the lifespan of a subject (i.e. files often exist longer than the applications that generated them), and multiple instantiations of subjects by the same user should not negatively affect other users too much, the components allow that the allocation limits are related to the users. In some situations the resources are allocated by a subject (e.g. main memory or CPU cycles). In those instances the components allow that the resource allocation be on the level of subjects.

This family imposes requirements on resource allocation, not on the use of the resource itself. The audit requirements therefore, as stated, also apply to the allocation of the resource, not to the use of the resource.

FRURSA.1 Maximum quotas

User application notes

This component provides requirements for quota mechanisms that apply to only a specified set of the shareable resources in the TOE. The requirements allow the quotas to be associated with a user, possibly assigned to groups of users or subjects as applicable to the TOE.

Operations

Assignment:

In FRURSA.1.1, the PP/ST author should specify the list of controlled resources for which maximum resource allocation limits are required (e.g. processes, disk space, memory, bandwidth). If all resources in the TSC need to be included, the words "all TSC resources" can be specified.

Selection:

In FRURSA.1.1, the PP/ST author should select whether the maximum quotas apply to individual users, to a defined group of users, or subjects or any combination of these.

In FRU RSA.1.1, the PP/ST author should select whether the maximum quotas are applicable to any given time (simultaneously), or over a specific time interval.

FRURSA.2 Minimum and maximum quotas

User application notes

This component provides requirements for quota mechanisms that apply to a specified set of the shareable resources in the TOE. The requirements allow the quotas to be associated with a user, or possibly assigned to groups ofusers as applicable to the TOE.

Operations

Assignment:

In FRURSA.2.1, the PP/ST author should specify the controlled resources for which maximum and minimum resource allocation limits are required (e.g. processes, disk space, memory, bandwidth). If all resources in the TSC need to be included, the words "all TSC resources" can be specified.

Selection:

In FRURSA.2.1, the PP/ST author should select whether the maximum quotas apply to individual users, to a defined group of users, or subjects or any combination of these.

In FRURSA.2.1, the PP/ST author should select whether the maximum quotas are applicable to any given time (simultaneously), or over a specific time interval.

Assignment:

In FRU RSA.2.2, the PP/ST author should specify the controlled resources for which a minimum allocation limit needs to be set (e.g. processes, disk space, memory, bandwidth). If all resources in the TSC need to be included the words "all TSC resources" can be specified.

Selection:

In FRU RSA.2.2, the PP/ST author should select whether the minimum quotas apply to individual users, to a defined group of users, or subjects or any combination of these.

In FRU RSA.2.2, the PP/ST author should select whether the minimum quotas are applicable to any given time (simultaneously), or over a specific time interval.



0 ... 110 111 112 113 114 115 116 117