Раздел: Документация
0 ... 20 21 22 23 24 25 26 ... 117 FDPIFF.4.2 The TSF shall prevent [assignment: types of illicit information flows]. Dependencies: AVACCA.1 Covert channel analysis FDPIFC. 1 Subset information flow control FDPIFF.5 No illicit information flows Hierarchical to: FDPIFF.4 FDP IFF.5.1 The TSF shall ensure that no illicit information flows exist to circumvent [assignment: name of information flow control SFP] . Dependencies: AVACCA.3 Exhaustive covert channel analysis FDPIFC. 1 Subset information flow control FDPIFF.6 Illicit information flow monitoring Hierarchical to: No other components. FDP IFF.6.1 The TSF shall enforce the [assignment: information flow control SFP]to monitor [assignment: types of illicit information flows] when it exceeds the [assignment: maximum capacity]. Dependencies: AVACCA.1 Covert channel analysis FDPIFC.1 Subset information flow control 6.7 Import from outside TSF control (FDP ITC) Family behaviour This family defines the mechanisms for introduction of user data into the TOE such that it has appropriate security attributes and is appropriately protected. It is concerned with limitations on importation, determination of desired security attributes, and interpretation of security attributes associated with the user data. Component levelling This family contains two components to address the preservation of security attributes of imported user data for access control and information control policies. Component FDPITC. 1 Import of user data without security attributes requires that the security attributes correctly represent the user data and are supplied separately from the object. Component FDPITC.2 Import of user data with security attributes requires that security attributes correctly represent the user data and are accurately and unambiguously associated with the user data imported from outside the TSC. Management: FDPITC.1, FDPITC.2 The following actions could be considered for the management functions in FMT Management: a) The modification of the additional control rules used for import. Audit: FDPITC.1, FDPITC.2 The following events should be auditable if FAUGEN Security audit data generation is included in the PP/ST: a)Minimal: Successful import of user data, including any security attributes. b)Basic: All attempts to import user data, including any security attributes. c)Detailed: The specification of security attributes for imported user data supplied by an 1 FDP ITC Import from outside TSF control 2 authorised user. FDPITC.1 Import of user data without security attributes Hierarchical to: No other components. FDPITC.1.1 The TSF shall enforce the [assignment: access control SFP and/or information flow control SFP] when importing user data, controlled under the SFP, from outside of the TSC. FDP ITC.1.2 The TSF shall ignore any security attributes associated with the user data when imported from outside the TSC. FDP ITC.1.3 The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TSC: [assignment: additional importation control rules]. Dependencies: [FDPACC.1 Subset access control, or FDPIFC.1 Subset information flow control] FMTMSA.3 Static attribute initialisation FDPITC.2 Import of user data with security attributes Hierarchical to: No other components. FDPITC.2.1 The TSF shall enforce the [assignment: access control SFP and/or information flow control SFP] when importing user data, controlled under the SFP, from outside of the TSC. FDP ITC.2.2 The TSF shall use the security attributes associated with the imported user data. FDP ITC.2.3 The TSF shall ensure that the protocol used provides for the unambiguous association between the security attributes and the user data received. FDP ITC.2.4 The TSF shall ensure that interpretation of the security attributes of the imported user data is as intended by the source of the user data. FDP ITC.2.5 The TSF shall enforce the following rules when importing user data controlled under the SFP from outside the TSC: [assignment: additional importation control rules]. Dependencies: [FDPACC.1 Subset access control, or FDPIFC.1 Subset information flow control] [FTPITC.1 Inter-TSF trusted channel, or FTPTRP.1 Trusted path] FPTTDC.1 Inter-TSF basic TSF data consistency 0 ... 20 21 22 23 24 25 26 ... 117
|
