Раздел: Документация

0 ... 79 80 81 82 83 84 85 ... 117

Operations

Assignment:

In FDPIFF.5.1 the PP/ST author should specify the information flow control SFP for which illicit information flows are to be eliminated. The name of the information flow control SFP, and the scope of control for that policy are defined in components from FDPIFC.

FDPIFF.6 Illicit information flow monitoring

User application notes

This component should be used when it is desired that the TSF provide the ability to monitor the use of illicit information flows that exceed a specified capacity. If it is desired that such flows be audited, then this component could serve as the source of audit events to be used by components from the FAU GEN Security audit data generation family.

Operations

Assignment:

In FDPIFF.6.1 the PP/ST author should specify the information flow control SFPs enforced by the TSF. The name of the information flow control SFP, and the scope of control for that policy are defined in components from FDPIFC.

In FDPIFF.6.1 the PP/ST author should specify the types of illicit information flows that will be monitored for exceeding a maximum capacity.

In FDPIFF.6.1 the PP/ST author should specify the maximum capacity above which illicit information flows will be monitored by the TSF.

---

F.7 Import from outside TSF control (FDP ITC)

This family defines mechanisms for importing user data from outside the TSC into the TOE such that the user data security attributes can be preserved. Consistency of these security attributes are addressed by FPTTDC Inter-TSF TSF data consistency.

FDPITC is concerned with limitations on import, user specification of security attributes, and association of security attributes with the user data.

User notes

This family, and the corresponding export family FDPETC, address how the TOE deals with user data outside its control. This family is concerned with assigning and abstraction of the user data security attributes.

A variety of activities might be involved here:

a)importing user data from an unformatted medium (e.g. floppy disk, tape, scanner, video or audit signal), without including any security attributes, and physically marking the medium to indicate its contents;

b)importing user data, including security attributes, from a medium and verifying that the object security attributes are appropriate;

c)importing user data, including security attributes, from a medium using a cryptographic sealing technique to protect the association of user data and security attributes.

This family is not concerned with the determination of whether the user data may be imported. It is concerned with the values of the security attributes to associate with the imported user data.

There are two possibilities for the import of user data: either the user data is unambiguously associated with reliable object security attributes (values and meaning of the security attributes is not modified), or no reliable security attributes (or no security attributes at all) are available from the import source. This family addresses both cases.

If there are reliable security attributes available, they may have been associated with the user data by physical means (the security attributes are on the same media), or by logical means (the security attributes are distributed differently, but include unique object identification, e.g. cryptographic checksum).

This family is concerned with importing user data and maintaining the association of security attributes as required by the SFP. Other families are concerned with other import aspects such as consistency, trusted channels, and integrity that are beyond the scope of this family. Furthermore, FDPITC is only concerned with the interface to the import medium. FDPETC is responsible for the other end point of the medium (the source).

Some of the well known import requirements are:

a) importing of user data without any security attributes;

---

b) importing of user data including security attributes where the two are associated with one another and the security attributes unambiguously represent the information being imported.

These import requirements may be handled by the TSF with or without human intervention, depending on the IT limitations and the organisational security policy. For example, if user data is received on a "confidential" channel, the security attributes of the objects will be set to "confidential".

If there are multiple SFPs (access control and/or information flow control) then it may be appropriate to iterate these components once for each named SFP.

FDPITC.1 Import of user data without security attributes

User application notes

This component is used to specify the import of user data that does not have reliable (or any) security attributes associated with it. This function requires that the security attributes for the imported user data be initialised within the TSF. It could also be the case that the PP/ST author specifies the rules for import. It may be appropriate, in some environments, to require that these attributes be supplied via a trusted path or a trusted channel mechanism.

Operations

Assignment:

In FDPITC.1.1, the PP/ST author should specify the access control SFP and/or information flow control SFP that will be enforced when importing user data from outside of the TSC. The user data that this function imports is scoped by the assignment of these SFPs.

In FDPITC.1.3, the PP/ST author should specify any additional importation control rules or "none" if there are no additional importation control rules. These rules will be enforced by the TSF in addition to the access control SFPs and/or information flow control SFPs selected in FDPITC.1.1.

FDPITC.2 Import of user data with security attributes

User application notes

This component is used to specify the import of user data that has reliable security attributes associated with it. This function relies upon the security attributes that are accurately and unambiguously associated with the objects on the import medium. Once imported, those objects will have those same attributes. This requires FPT TDC to ensure the consistency of the data. It could also be the case that the PP/ST author specifies the rules for import.

0 ... 79 80 81 82 83 84 85 ... 117