Раздел: Документация
0 ... 91 92 93 94 95 96 97 ... 117 H.2 Management of security attributes (FMT MSA) This family defines the requirements on the management of security attributes. Users, subjects and objects have associated security attributes that will affect the behaviour of the TSF. Examples of such security attributes are the groups to which a user belongs, the roles he/she might assume, the priority of a process (subject), and the rights belonging to a role or a user. These security attributes might need to be managed by the user, a subject or a specific authorised user (a user with explicitly given rights for this management). It is noted that the right to assign rights to users is itself a security attribute and/or potentially subject to management by FMT MSA.1. FMT MSA.2 can be used to ensure that any accepted combination of security attributes is within a secure state. The definition of what "secure" means is left to the TOE guidance and the TSP model. If the developer provided a clear definition of the secure values and the reason why they should be considered secure, the dependency from FMT MSA.2 to ADV SPM. 1 can be argued away. In some instances subjects, objects or user accounts are created. If no explicit values for the related security attributes are given, default values need to be used. FMT MSA. 1 can be used to specify that these default values can be managed. FMTMSA.1 Management of security attributes This component allows users acting in certain roles to manage identified security attributes. The users are assigned to a role within the component FMT SMR.1. The default value of a parameter is the value the parameter takes when it is instantiated without specifically assigned values. An initial value is provided during the instantiation (creation) of a parameter, and overrides the default value. Operations Assignment: In FMTMSA.1.1, the PP/ST author should list the access control SFP or the information flow control SFP for which the security attributes are applicable. Selection: In FMTMSA.1.1 the PP/ST author should specify the operations that can be applied to the identified security attributes. The PP/ST author can specify that the role can modify the default value (changedefault), query, modify the security attribute, delete the security attributes entirely or define their own operation. Assignment: In FMTMSA.1.1, if selected, the PP/ST author should specify which other operations the role could perform. An example of such an operation could be create. In FMTMSA.1.1 the PP/ST author should specify the security attributes that can be operated on by the identified roles. It is possible for the PP/ST author to specify that the default value such as default access-rights can be managed. Examples of these security attributes are user-clearance, priority of service level, access control list, default access rights. In FMTMSA.1.1 the PP/ST author should specify the roles that are allowed to operate on the security attributes. The possible roles are specified in FMTSMR.1. FMTMSA.2 Secure security attributes This component contains requirements on the values that can be assigned to security attributes. The assigned values should be such that the TOE will remain in a secure state. The definition of what secure means is not answered in this component but is left to the development of the TOE (specifically ADVSPM. 1 Informal TOE security policy model) and the resulting information in the guidance. An example could be that if a user account is created, it should have a non-trivial password. FMTMSA.3 Static attribute initialisation User application notes This component requires that the TSF provide default values for relevant object security attributes, which can be overridden by an initial value. It may still be possible for a new object to have different security attributes at creation, if a mechanism exists to specify the permissions at time of creation. Operations Assignment: In FMT MSA.3.1,the PP/ST author should list the access control SFP or the information flow control SFP for which the security attributes are applicable. Selection: In FMT MSA.3.1, the PP/ST author should select whether the default property of the access control attribute will be restrictive, permissive, or another property. In case of another property, the PP/ST author should refine this to a specific property. Assignment: In FMTMSA.3.2 the PP/ST author should specify the roles that are allowed to modify the values of the security attributes. The possible roles are specified in FMTSMR.1. 0 ... 91 92 93 94 95 96 97 ... 117
|
