Раздел:
Документация0 1 2 3 4 5 ...
117 L.5TOE access history (FTA TAH) ................................339
L.6TOE session establishment (FTA TSE) ...........................340
Annex M Trusted path/channels (FTP) .....................................341
M. 1Inter-TSF trusted channel (FTP ITC) ............................342
M.2Trusted path (FTP TRP) ......................................343
List of Figures
Figure 1.1 - | Security functional requirements paradigm (Monolithic TOE) ..... | ....... 3 |
Figure 1.2 - | Diagram of security functions in a distributed TOE .............. | ....... 4 |
Figure 1.3 - | Relationship between user data and TSF data .................. | ....... 7 |
Figure 1.4 - | Relationship between "authentication data" and "secrets" ......... | ....... 8 |
Figure 2.1 - | Functional class structure .................................. | ...... 9 |
Figure 2.2 - | Functional family structure ................................. | 10 |
Figure 2.3 - | Functional component structure ............................. | 12 |
Figure 2.4 - | Sample class decomposition diagram ......................... | ....... 15 |
Figure 3.1 - | Security audit class decomposition ........................... | ....... 17 |
Figure 4.1 - | Communication class decomposition ......................... | ....... 31 |
Figure 5.1 - | Cryptographic support class decomposition .................... | ...... 37 |
Figure 6.1 - | User data protection class decomposition ...................... | ....... 44 |
Figure 6.2 - | User data protection class decomposition (cont.) ................ | ....... 45 |
Figure 7.1 - | Identification and authentication class decomposition ............ | ....... 78 |
Figure 8.1 - | Security management class decomposition .................... | ....... 92 |
Figure 9.1 - | Privacy class decomposition ................................ | 105 |
Figure 10.1 - | Protection of the TSF class decomposition ..................... | .......116 |
Figure 10.2 - | Protection of the TSF class decomposition (Cont.) .............. | .......117 |
Figure 11.1 - | Resource utilisation class decomposition ...................... | 145 |
Figure 12.1 - | TOE access class decomposition ............................ | .......153 |
Figure 13.1 - | Trusted path/channels class decomposition .................... | .......163 |
Figure A.1 - | Functional class structure .................................. | 169 |
Figure A.2 - | Functional family structure for application notes ................ | .......170 |
Figure A.3 - | Functional component structure ............................. | .......171 |
Figure C.1 - | Security audit class decomposition ........................... | 182 |
Figure D.1 - | Communication class decomposition ......................... | 199 |
Figure E.1 - | Cryptographic support class decomposition .................... | 207 |
Figure F.1 - | User data protection class decomposition ...................... | 217 |
Figure F.2 - | User data protection class decomposition (cont.) ................ | .......218 |
Figure G.1 - | Identification and authentication class decomposition ............ | .......256 |
Figure H.1 - | Security management class decomposition .................... | .......270 |
Figure I.1 - | Privacy class decomposition ................................ | 283 |
Figure J.1 - | Protection of the TSF class decomposition ..................... | .......300 |
Figure J.2 - | Protection of the TSF class decomposition (Cont.) .............. | .......301 |
Figure K.1 - | Resource utilisation class decomposition ...................... | 327 |
Figure L.1 - | TOE access class decomposition ............................ | .......333 |
Figure M.1 - | Trusted path/channels class decomposition .................... | .......341 |
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3.
In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote.
International Standard ISO/IEC 15408-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, in collaboration with Common Criteria Project Sponsoring Organisations. The identical text of ISO/IEC 15408-2 is published by the Common Criteria Project Sponsoring Organisations as Common Criteria for Information Technology Security Evaluation. Additional information on the Common Criteria Project and contact information on its Sponsoring Organisations is provided in Annex A of ISO/IEC 15408-1.
ISO/IEC 15408 consists of the following parts, under the general title Information technology - Security techniques - Evaluation criteria for IT security:
-Part 1: Introduction and general model
-Part 2: Security functional requirements
-Part 3: Security assurance requirements
Annexes A to M of this part of ISO/IEC 15408 are for information only.
This LEGAL NOTICE has been placed in all Parts of ISO/IEC 15408 by request:
The seven governmental organisations (collectively called "the Common Criteria Project Sponsoring Organisations") identified in ISO/IEC 15408-1 Annex A, as the joint holders of the copyright in the Common Criteria for Information Technology Security Evaluation, Parts 1 through 3 (called the "CC"), hereby grant non-exclusive license to ISO/IEC to use the CC in the development of the ISO/IEC 15408 international standard. However, the Common Criteria Project Sponsoring Organisations retain the right to use, copy, distribute, or modify the CC as they see fit.
0 1 2 3 4 5 ...
117