    
Раздел: Документация
0 ... 14 15 16 17 18 19 20 ... 117 Dependencies: [FDPITC.1 Import of user data without security attributes or FCS CKM.1 Cryptographic key generation] FCS CKM.4 Cryptographic key destruction FMT MSA.2 Secure security attributes 6 Class FDP: User data protection This class contains families specifying requirements for TOE security functions and TOE security function policies related to protecting user data. FDP is split into four groups of families (listed below) that address user data within a TOE, during import, export, and storage as well as security attributes directly related to user data. The families in this class are organised into four groups: a)User data protection security function policies: -FDP ACC Access control policy; and -FDP IFC Information flow control policy. Components in these families permit the PP/ST author to name the user data protection security function policies and define the scope of control of the policy, necessary to address the security objectives. The names of these policies are meant to be used throughout the remainder of the functional components that have an operation that calls for an assignment or selection of an "access control SFP" or an "information flow control SFP". The rules that define the functionality ofthe named access control and information flow control SFPs will be defined in the FDP ACF and FDP IFF families (respectively). b)Forms of user data protection: -FDP ACF Access control functions; -FDP IFF Information flow control functions; -FDP ITT Internal TOE transfer; -FDP RIP Residual information protection; -FDPROL Rollback; and -FDP SDI Stored data integrity. c)Off-line storage, import and export: -FDP DAU Data authentication; -FDP ETC Export to outside TSF control; and -FDP ITC Import from outside TSF control. Components in these families address the trustworthy transfer into or out of the TSC. d)Inter-TSF communication: -FDP UCT Inter-TSF user data confidentiality transfer protection; and -FDP UIT Inter-TSF user data integrity transfer protection. Components in these families address communication between the TSF of the TOE and another trusted IT product. Figures 6.1 and 6.2 show the decomposition of this class into its constituent components. User data protection FDP ACC Access control policy FDP ACF Access control functions
1 FDP DAU Data authentication
FDP ETC Export to outside TSF control  FDP IFC Information flow control policy FDP IFF Information flow control functions  1 - 2 1 2 1 2 3 4 5 6 FDP ITC Import from outside TSF control  FDP ITT Internal TOE transfer  3 - 4 Figure 6.1 - User data protection class decomposition 1 2 1 2 0 ... 14 15 16 17 18 19 20 ... 117 |
