8(495)909-90-01
8(964)644-46-00
pro@sio.su
Главная
Системы видеонаблюдения
Охранная сигнализация
Пожарная сигнализация
Система пожаротушения
Система контроля удаленного доступа
Оповещение и эвакуация
Контроль периметра
Система домофонии
Парковочные системы
Проектирование слаботочных сетей
Аварийный
контроль
            
Раздел: Документация

0 ... 113 114 115 116 117

L.5 TOE access history (FTA TAH)

This family defines requirements for the TSF to display to users, upon successful session establishment to the TOE, a history of unsuccessful attempts to access the account. This history may include the date, time, means of access, and port of the last successful access to the TOE, as well as the number of unsuccessful attempts to access the TOE since the last successful access by the identified user.

FTATAH.1 TOE access history

This family can provide authorised users with information that may indicate the possible misuse of their user account.

This component request that the user is presented with the information. The user should be able to review the information, but is not forced to do so. If a user so desires he might, for example, create scripts that ignore this information and start other processes.

Operations

Selection:

In FTA TAH.1.1, the PP/ST author should select the security attributes of the last successful session establishment that will be shown at the user interface. The items are: date, time, method of access (such as ftp), and/or location (e.g. terminal 50).

In FTA TAH.1.2, the PP/ST author should select the security attributes of the last unsuccessful session establishment that will be shown at the user interface. The items are: date, time, method of access (such as ftp), and/or location (e.g. terminal 50).

L.6 TOE session establishment (FTA TSE)

This family defines requirements to deny an user permission to establish a session with the TOE based on attributes such as the location or port of access, the users security attribute (e.g. identity, clearance level, integrity level, membership in a role), ranges of time (e.g. time-of-day, day-of-week, calendar dates) or combinations of parameters.

User notes

This family provides the capability for the PP/ST author to specify requirements for the TOE to place constraints on the ability of an authorised user to establish a session with the TOE. The identification of relevant constraints can be achieved through the use of the selection operation. Examples of attributes that could be used to specify the session establishment constraints are:

a)The location of access can be used to constrain the ability of a user to establish an active session with the TOE, based on the users location or port of access. This capability is of particular use in environments where dial-up facilities or network facilities are available.

b)The users security attributes can be used to place constraints on the ability of a user to establish an active session with the TOE. For example, these attributes would provide the capability to deny session establishment based on any of the following:

-a users identity;

-a users clearance level;

-a users integrity level; and

-a users membership in a role.

This capability is particularly relevant in situations where authorisation or login may take place at a different location from where TOE access checks are performed.

c)The time of access can be used to constrain the ability of a user to establish an active session with the TOE based on ranges of time. For example, ranges may be based upon time-of-day, day-of-week, or calendar dates. This constraint provides some operational protection against actions that could occur at a time where proper monitoring or where proper procedural measures may not be in place.

FTA TSE.1 TOE session establishment

Operations

Assignment:

In FTA TSE.1.1 the PP/ST author should specify the attributes that can be used to restrict the session establishment. Example of possible attributes are user identity, originating location (e.g. no remote terminals), time of access (e.g. outside hours), or method of access (e.g. X-windows).

Annex M (informative)

Trusted path/channels (FTP)

Users often need to perform functions through direct interaction with the TSF. A trusted path provides confidence that a user is communicating directly with the TSF whenever it is invoked. A users response via the trusted path guarantees that untrusted applications cannot intercept or modify the users response. Similarly, trusted channels are one approach for secure communication between the TSF and remote IT products.

Figure 1.2 of this part of ISO/IEC 15408 illustrates the relationships between the various types of communication that may occur within a TOE or network of TOEs (i.e. Internal TOE transfers, Inter-TSF transfers, and Import/Export Outside of TSF Control) and the various forms of trusted paths and channels.

Absence of a trusted path may allow breaches of accountability or access control in environments where untrusted applications are used. These applications can intercept user-private information, such as passwords, and use it to impersonate other users. As a consequence, responsibility for any system actions cannot be reliably assigned to an accountable entity. Also, these applications could output erroneous information on an unsuspecting users display, resulting in subsequent user actions that may be erroneous and may lead to a security breach.

Figure M.1 shows the decomposition of this class into its constituent components.

Trusted path/channels

- FTA ITC Inter-TSF trusted channel-Q

- FTP TRP Trusted path-[1

Figure M.1 - Trusted path/channels class decomposition



0 ... 113 114 115 116 117