Раздел: Документация
0 ... 15 16 17 18 19 20 21 ... 117 User data protection FDP RIP Residual information protection
FDP ROL Rollback 1 2 FDP SDI Stored data integrity
FDP UCT Inter-TSF user data confidentiality transfer protection FDP UIT Inter-TSF user data integrity transfer protection  2 - 3 Figure 6.2 - User data protection class decomposition (cont.) 1 1 6.1 Access control policy (FDP ACC) Family behaviour This family identifies the access control SFPs (by name) and defines the scope of control of the policies that form the identified access control portion of the TSP. This scope of control is characterised by three sets: the subjects under control of the policy, the objects under control of the policy, and the operations among controlled subjects and controlled objects that are covered by the policy. The criteria allows multiple policies to exist, each having a unique name. This is accomplished by iterating components from this family once for each named access control policy. The rules that define the functionality of an access control SFP will be defined by other families such as FDPACF and FDPSDI. The names of the access control SFPs identified here in FDPACC are meant to be used throughout the remainder of the functional components that have an operation that calls for an assignment or selection of an "access control SFP." Component levelling FDP ACC Access control policy 1 2 FDPACC.1 Subset access control requires that each identified access control SFP be in place for a subset of the possible operations on a subset of the objects in the TOE. FDPACC.2 Complete access control requires that each identified access control SFP cover all operations on subjects and objects covered by that SFP. It further requires that all objects and operations with the TSC are covered by at least one identified access control SFP. Management: FDPACC.1, FDPACC.2 There are no management activities foreseen for this component. Audit: FDPACC.1, FDPACC.2 There are no events identified that should be auditable if FAUGEN Security audit data generation is included in the PP/ST. FDP ACC.1 Subset access control Hierarchical to: No other components. FDPACC.1.1 The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects, objects, and operations among subjects and objects covered by the SFP]. Dependencies: FDP ACF.1 Security attribute based access control FDP ACC.2 Complete access control Hierarchical to: FDP ACC.1 FDPACC.2.1 The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects and objects] and all operations among subjects and objects covered by the SFP. FDP ACC.2.2 The TSF shall ensure that all operations between any subject in the TSC and any object within the TSC are covered by an access control SFP. Dependencies: FDPACF.1 Security attribute based access control 0 ... 15 16 17 18 19 20 21 ... 117
|
