Раздел: Документация
0 ... 19 20 21 22 23 24 25 ... 117 Management: FDPIFF.3, FDPIFF.4, FDPIFF.5 There are no management activities foreseen for these components. Management: FDPIFF.6 The following actions could be considered for the management functions in FMT Management: a)The enabling or disabling of the monitoring function. b)Modification of the maximum capacity at which the monitoring occurs. Audit: FDPIFF.1, FDPIFF.2, FDPIFF.5 The following events should be auditable if FAUGEN Security audit data generation is included in a PP/ST: a)Minimal: Decisions to permit requested information flows. b)Basic: All decisions on requests for information flow. c)Detailed: The specific security attributes used in making an information flow enforcement decision. d)Detailed: Some specific subsets of the information that has flowed based upon policy goals (e.g. auditing of downgraded material). Audit: FDPIFF.3, FDPIFF.4, FDPIFF.6 The following events should be auditable if FAUGEN Security audit data generation is included in a PP/ST: a)Minimal: Decisions to permit requested information flows. b)Basic: All decisions on requests for information flow. c)Basic: The use of identified illicit information flow channels. d)Detailed: The specific security attributes used in making an information flow enforcement decision. e)Detailed: Some specific subsets of the information that has flowed based upon policy goals (e.g. auditing of downgraded material). f)Detailed: The use of identified illicit information flow channels with estimated maximum capacity exceeding a specified value. FDPIFF.1 Simple security attributes Hierarchical to: No other components. FDPIFF.1.1 The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: the minimum number and type of security attributes]. FDPIFF.1.2 The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: [assignment: for each operation, the security attribute-based relationship that must hold between subject and information security attributes]. FDPIFF.1.3 The TSF shall enforce the [assignment: additional information flow control SFP rules]. FDPIFF.1.4 The TSF shall provide the following [assignment: list of additional SFP capabilities]. FDPIFF.1.5 The TSF shall explicitly authorise an information flow based on the following rules: [assignment: rules, based on security attributes, that explicitly authorise information flows]. FDPIFF.1.6 The TSF shall explicitly deny an information flow based on the following rules: [assignment: rules, based on security attributes, that explicitly deny information flows]. Dependencies: FDPIFC.1 Subset information flow control FMTMSA.3 Static attribute initialisation FDPIFF.2 Hierarchical security attributes Hierarchical to: FDPIFF.1 FDPIFF.2.1 The TSF shall enforce the [assignment: information flow control SFP] based on the following types of subject and information security attributes: [assignment: the minimum number and type of security attributes]. FDP IFF.2.2 The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules, based on the ordering relationships between security attributes hold: [assignment: for each operation, the security attribute-based relationship that must hold between subject and information security attributes]. FDP IFF.2.3 The TSF shall enforce the [assignment: additional information flow control SFP rules]. FDP IFF.2.4 The TSF shall provide the following [assignment: list of additional SFP capabilities] FDP IFF.2.5 The TSF shall explicitly authorise an information flow based on the following rules: [assignment: rules, based on security attributes, that explicitly authorise information flows]. FDP IFF.2.6 The TSF shall explicitly deny an information flow based on the following rules: [assignment: rules, based on security attributes, that explicitly deny information flows]. FDPIFF.2.7 The TSF shall enforce the following relationships for any two valid information flow control security attributes: a)There exists an ordering function that, given two valid security attributes, determines if the security attributes are equal, if one security attribute is greater than the other, or if the security attributes are incomparable; and b)There exists a "least upper bound" in the set of security attributes, such that, given any two valid security attributes, there is a valid security attribute that is greater than or equal to the two valid security attributes; and c)There exists a "greatest lower bound" in the set of security attributes, such that, given any two valid security attributes, there is a valid security attribute that is not greater than the two valid security attributes. Dependencies: FDPIFC. 1 Subset information flow control FMTMSA.3 Static attribute initialisation FDPIFF.3 Limited illicit information flows Hierarchical to: No other components. FDPIFF.3.1 The TSF shall enforce the [assignment: information flow control SFP] to limit the capacity of [assignment: types of illicit information flows] to a [assignment: maximum capacity]. Dependencies: AVACCA.1 Covert channel analysis FDP IFC.1 Subset information flow control FDPIFF.4 Partial elimination of illicit information flows Hierarchical to: FDPIFF.3 FDP IFF.4.1 The TSF shall enforce the [assignment: information flow control SFP] to limit the capacity of [assignment: types of illicit information flows] to a [assignment: maximum capacity]. 0 ... 19 20 21 22 23 24 25 ... 117
|
