Раздел: Документация

0 ... 30 31 32 33 34 35 36 ... 117

7.6 User-subject binding (FIA USB)

Family behaviour

An authenticated user, in order to use the TOE, typically activates a subject. The users security attributes are associated (totally or partially) with this subject. This family defines requirements to create and maintain the association of the users security attributes to a subject acting on the users

behalf.

Component levelling

FIAjUSB User-subject binding- 1

FIAUSB.1 User-subject binding requires the maintenance of an association between the users security attributes and a subject acting on the users behalf.

Management: FIAUSB.1

The following actions could be considered for the management functions in FMT:

a) an authorised administrator can define default subject security attributes.

Audit: FIA USB.1

The following actions should be auditable if FAUGEN Security audit data generation is included in the PP/ST:

a)Minimal: Unsuccessful binding of user security attributes to a subject (e.g. creation of a subject).

b)Basic: Success and failure of binding of user security attributes to a subject (e.g. success and failure to create a subject).

FIAUSB.1 User-subject binding

Hierarchical to: No other components.

FIAUSB.1.1 The TSF shall associate the appropriate user security attributes with subjects acting on behalf of that user.

Dependencies: FIAATD.1 User attribute definition

---

8 Class FMT: Security management

This class is intended to specify the management of several aspects of the TSF: security attributes, TSF data and functions. The different management roles and their interaction, such as separation of capability, can be specified.

This class has several objectives:

a)management of TSF data, which include, for example, banners;

b)management of security attributes, which include, for example, the Access Control Lists, and Capability Lists;

c)management of functions of the TSF, which includes, for example, the selection of functions, and rules or conditions influencing the behaviour of the TSF;

d)definition of security roles.

---

Security management

- FMTjMOF Management of functions in TSF -[j1

- FMTjMSA Management of security attributes

FMTjMTD Management of TSF data

FMTjREV Revocation- 1

FMTjSAE Security attribute expiration

FMTjSMR Security management roles

Figure 8.1 - Security management class decomposition

1

1

2

3

0 ... 30 31 32 33 34 35 36 ... 117