Раздел: Документация
0 ... 22 23 24 25 26 27 28 ... 117 6.9 Residual information protection (FDP RIP) Family behaviour This family addresses the need to ensure that deleted information is no longer accessible, and that newly created objects do not contain information that should not be accessible. This family requires protection for information that has been logically deleted or released, but may still be present within the TOE. Component levelling FDP RIP Residual information protection
FDP RIP.1 Subset residual information protection requires that the TSF ensure that any residual information content of any resources is unavailable to a defined subset of the objects in the TSC upon the resources allocation or deallocation. FDPRIP.2 Full residual information protection requires that the TSF ensure that any residual information content of any resources is unavailable to all objects upon the resources allocation or deallocation. Management: FDPRIP.1, FDPRIP.2 The following actions could be considered for the management functions in FMT Management: a) The choice of when to perform residual information protection (i.e. upon allocation or deallocation) could be made configurable within the TOE. Audit: FDPRIP.1, FDPRIP.2 There are no events identified that should be auditable if FAU GEN Security audit data generation is included in the PP/ST. FDP RIP.1 Subset residual information protection Hierarchical to: No other components. FDP RIP.1.1 The TSF shall ensure that any previous information content of a resource is made unavailable upon the [selection: allocation of the resource to, deallocation of the resource from] the following objects: [assignment: list of objects]. Dependencies: No dependencies. FDPRIP.2 Full residual information protection Hierarchical to: FDPRIP.1 FDP RIP.2.1 The TSF shall ensure that any previous information content of a resource is made unavailable upon the [selection: allocation of the resource to, deallocation ofthe resource from] all objects. Dependencies: No dependencies. 6.10 Rollback (FDP ROL) Family behaviour The rollback operation involves undoing the last operation or a series of operations, bounded by some limit, such as a period of time, and return to a previous known state. Rollback provides the ability to undo the effects of an operation or series of operations to preserve the integrity of the user data. Component levelling FDP ROL Rollback 1 2 FDPROL.1 Basic rollback addresses a need to roll back or undo a limited number of operations within the defined bounds. FDPROL.2 Advanced rollback addresses the need to roll back or undo all operations within the defined bounds. Management: FDPROL.1, FDPROL.2 The following actions could be considered for the management functions in FMT Management: a)The boundary limit to which rollback may be performed could be a configurable item within the TOE. b)Permission to perform a rollback operation could be restricted to a well defined role. Audit: FDPROL.1, FDPROL.2 The following events should be auditable if FAU GEN Security audit data generation is specified in the PP/ST: a)Minimal: All successful rollback operations. b)Basic: All attempts to perform rollback operations. c)Detailed: All attempts to perform rollback operations, including identification of the types of operations rolled back. FDPROL.1 Basic rollback Hierarchical to: No other components. FDPROL.1.1 The TSF shall enforce [assignment: access control SFP(s) and/or information flow control SFP(s)] to permit the rollback of the [assignment: list of operations] on the [assignment: list of objects]. 0 ... 22 23 24 25 26 27 28 ... 117
|
