Системы безопасности

8(495)909-90-01

8(964)644-46-00

pro@sio.su

Главная

Каталог

Раздел: Документация

0 ... 111 112 113 114 115 116 117

Annex L (informative)

TOE access (FTA)

The establishment of a users session typically consists of the creation of one or more subjects that perform operations in the TOE on behalf of the user. At the end of the session establishment procedure, provided the TOE access requirements are satisfied, the created subjects bear the attributes determined by the identification and authentication functions. This family specifies functional requirements for controlling the establishment of a users session.

A user session is defined as the period starting at the time of the identification/authentication, or if more appropriate, the start of an interaction between the user and the system, up to the moment that all subjects (resources and attributes) related to that session have been deallocated.

Figure L.1 shows the decomposition of this class into its constituent components.

TOE access

FRU LSA Limitation on scope of selectable attributes

FTA MCS Limitation on multiple concurrent sessions

1 Ы 2

FTA SSL Session locking

FTA TAB TOE access banners\-\ 1

FTA TAH TOE access history- 1

FTA TSE TOE session establishment-\ 1

Figure L.1 - TOE access class decomposition

L.1 Limitation on scope of selectable attributes (FTA LSA)

This family defines requirements that will limit the session security attributes a user may select, and the subjects to which a user may be bound, based on: the method of access; the location or port of access; and/or the time (e.g. time-of-day, day-of-week).

User notes

This family provides the capability for a PP/ST author to specify requirements for the TSF to place limits on the domain of an authorised users security attributes based on an environmental condition. For example, a user may be allowed to establish a "secret session" during normal business hours but outside those hours the same user may be constrained to only establishing "unclassified sessions". The identification of relevant constraints on the domain of selectable attributes can be achieved through the use of the selection operation. These constraints can be applied on an attribute-by-attribute basis. When there exists a need to specify constraints on multiple attributes this component will have to be replicated for each attribute. Examples of attributes that could be used to limit the session security attributes are:

a)The method of access can be used to specify in which type of environment the user will be operating (e.g. file transfer protocol, terminal, vtam).

b)The location of access can be used to constrain the domain of a users selectable attributes based on a users location or port of access. This capability is of particular use in environments where dial-up facilities or network facilities are available.

c)The time of access can be used to constrain the domain of a users selectable attributes. For example, ranges may be based upon time-of-day, day-of-week, or calendar dates. This constraint provides some operational protection against user actions that could occur at a time where proper monitoring or where proper procedural measures may not be in place.

FTA LSA.1Limitation on scope of selectable attributes

Operations

Assignment:

In FTA LSA.1.1 the PP/ST author should specify the set of session security attributes that are to be constrained. Examples ofthese session security attributes are user clearance level, integrity level and roles.

In FTA LSA.1.1 the PP/ST author should specify the set of attributes that can be use to determine the scope of the session security attributes. Examples of such attributes are user identity, originating location, time of access, and method of access.

L.2 Limitation on multiple concurrent sessions (FTA MCS)

This family defines how many sessions a user may have at the same time (concurrent sessions). This number of concurrent sessions can either be set for a group of users or for each individual user.

FTAMCS.1 Basic limitation on multiple concurrent sessions

User application notes

This component allows the system to limit the number of sessions in order to effectively use the resources of the TOE.

Operations

Assignment:

In FTAMCS.1.2 the PP/ST author should specify the default number of maximum concurrent sessions to be used.

FTA MCS.2 Per user attribute limitation on multiple concurrent sessions

User application notes

This component provides additional capabilities over those of FTAMCS.1, by allowing further constraints to be placed on the number of concurrent sessions that users are able to invoke. These constraints are in terms of a users security attributes, such as a users identity, or membership of a role.

Operations

Assignment:

For FTA MCS.2.1 the PP/ST author should specify the rules that determine the

maximum number of concurrent sessions. An example of a rule is "maximum number of concurrent sessions is one if the user has a classification level of secret and five otherwise".

In FTAMCS.2.2 the PP/ST author should specify the default number of maximum concurrent sessions to be used.

0 ... 111 112 113 114 115 116 117