Раздел: Документация
0 ... 21 22 23 24 25 26 27 ... 117 6.8 Internal TOE transfer (FDP ITT) Family behaviour This family provides requirements that address protection of user data when it is transferred between parts of a TOE across an internal channel. This may be contrasted with the FDP UCT and FDPUIT families, which provide protection for user data when it is transferred between distinct TSFs across an external channel, and FDP ETC and FDP ITC, which address transfer of data to or from outside the TSFs control. Component levelling FDP ITT Internal TOE transfer  FDPITT.l Basic internal transfer protection requires that user data be protected when transmitted between parts of the TOE. FDPITT.2 Transmission separation by attribute requires separation of data based on the value of SFP-relevant attributes in addition to the first component. FDPITT.3 Integrity monitoring requires that the SF monitor user data transmitted between parts of the TOE for identified integrity errors. FDPITT.4 Attribute-based integrity monitoring expands on the third component by allowing the form of integrity monitoring to differ by SFP-relevant attribute. Management: FDPITT.1, FDPITT.2 The following actions could be considered for the management functions in FMT Management: a) If the TSF provides multiple methods to protect user data during transmission between physically separated parts of the TOE, the TSF could provide a pre-defined role with the ability to select the method that will be used. Management: FDPITT.3, FDPITT.4 The following actions could be considered for the management functions in FMT Management: a) The specification of the actions to be taken upon detection of an integrity error could be configurable. Audit: FDPITT.1, FDPITT.2 The following events should be auditable if FAUGEN Security audit data generation is included in the PP/ST: a)Minimal: Successful transfers of user data, including identification of the protection method used. b)Basic: All attempts to transfer user data, including the protection method used and any errors that occurred. Audit: FDPITT.3, FDPITT.4 The following events should be auditable if FAUGEN Security audit data generation is included in the PP/ST: a)Minimal: Successful transfers of user data, including identification of the integrity protection method used. b)Basic: All attempts to transfer user data, including the integrity protection method used and any errors that occurred. c)Basic: Unauthorised attempts to change the integrity protection method. d)Detailed: The action taken upon detection of an integrity error. FDPITT.1 Basic internal transfer protection Hierarchical to: No other components. FDP ITT.1.1 The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] to prevent the [selection: disclosure, modification, loss of use] of user data when it is transmitted between physically-separated parts of the TOE. Dependencies: [FDPACC.1 Subset access control, or FDPIFC.1 Subset information flow control] FDPITT.2 Transmission separation by attribute Hierarchical to: FDPITT.1 FDP ITT.2.1 The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] to prevent the [selection: disclosure, modification, loss of use] of user data when it is transmitted between physically-separated parts of the TOE. FDP ITT.2.2 The TSF shall separate data controlled by the SFP(s) when transmitted between physically-separated parts of the TOE, based on the values of the following: [assignment: security attributes that require separation]. Dependencies: [FDPACC.1 Subset access control, or FDP IFC.1 Subset information flow control] FDPITT.3 Integrity monitoring Hierarchical to: No other components. FDPITT.3.1 The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] to monitor user data transmitted between physically-separated parts of the TOE for the following errors: [assignment: integrity errors]. FDPITT.3.2 Upon detection of a data integrity error, the TSF shall [assignment: specify the action to be taken upon integrity error]. Dependencies: [FDPACC.1 Subset access control, or FDPIFC.1 Subset information flow control] FDPITT.1 Basic internal transfer protection FDPITT.4 Attribute-based integrity monitoring Hierarchical to: FDP ITT.3 FDPITT.4.1 The TSF shall enforce the [assignment: access control SFP(s) and/or information flow control SFP(s)] to monitor user data transmitted between physically-separated parts of the TOE for the following errors: [assignment: integrity errors], based on the following attributes: [assignment: security attributes that require separate transmission channels]. FDP ITT.4.2 Upon detection of a data integrity error, the TSF shall [assignment: specify the action to be taken upon integrity error]. Dependencies: [FDPACC.1 Subset access control, or FDPIFC. 1 Subset information flow control] FDPITT.2 Transmission separation by attribute 0 ... 21 22 23 24 25 26 27 ... 117
|
