Раздел: Документация
0 ... 92 93 94 95 96 97 98 ... 117 H.3 Management of TSF data (FMT MTD) This component imposes requirements on the management of TSF data. Examples of TSF data are the current time and the audit trail. So, for example, this family allows the specification of whom can read, delete or create the audit trail. FMTMTD.1 Management of TSF data This component allows users with a certain role to manage values of TSF data. The users are assigned to a role within the component FMTSMR. 1. The default value of a parameter is the values the parameter takes when it is instantiated without specifically assigned values. An initial value is provided during the instantiation (creation) of a parameter and overrides the default value. Operations Selection: In FMT MTD.1.1 the PP/ST author should specify the operations that can be applied to the identified TSF data. The PP/ST author can specify that the role can modify the default value (change default), clear, query or modify the TSF data, or delete the TSF data entirely. If so desired the PP/ST author could specify any type of operation. To clarify "clear TSF data" means that the content ofthe TSF data is removed, but that the entity itself remains in the system. Assignment: In FMT MTD.1.1, if selected, the PP/ST author should specify which other operations the role could perform. An example could be create. In FMT MTD.1.1 the PP/ST author should specify the TSF data that can be operated on by the identified roles. It is possible for the PP/ST author to specify that the default value can be managed. In FMT MTD.1.1 the PP/ST author should specify the roles that are allowed to operate on the TSF data. The possible roles are specified in FMT SMR.1. FMTMTD.2 Management of limits on TSF data This component specifies limits on TSF data, and actions to be taken if these limits are exceeded. This component, for example, will allow limits on the size of the audit trail to be defined, and specification of the actions to be taken when these limits are exceeded. Operations Assignment: In FMTMTD.2.1 the PP/ST author should specify the TSF data that can have limits, and the value of those limits. An example of such TSF data is the number of users logged-in. In FMTMTD.2.1 the PP/ST author should specify the roles that are allowed to modify the limits on the TSF data and the actions to be taken. The possible roles are specified in FMTSMR.1. In FMTMTD.2.2 the PP/ST author should specify the actions to be taken if the specified limit on the specified TSF data is exceeded. An example of such TSF action is that the authorised user is informed and an audit record is generated. FMTMTD.3 Secure TSF data This component covers requirements on the values that can be assigned to TSF data. The assigned values should be such that the TOE will remain in a secure state. The definition of what secure means is not answered in this component but is left to the development of the TOE (specifically ADVSPM.1 Informal TOE security policy model) and the resulting information in the guidance. If the developer provided a clear definition of the secure values and the reason why they should be considered secure, the dependency from FMT MSA.2 to ADV SPM. 1 can be argued away. H.4 Revocation (FMT REV) This family addresses revocation of security attributes for a variety of entities within a TOE. FMTREV.1 Revocation This component specifies requirements on the revocation of rights. It requires the specification of the revocation rules. Examples are: a)Revocation will take place on the next login of the user; b)Revocation will take place on the next attempt to open the file; c)Revocation will take place within a fixed time. This might mean that all open connections are re-evaluated every x minutes. Operations Selection: In FMTREV.1.1, the PP/ST author should specify whether the ability to revoke security attributes from users, subjects, objects, or any other resources shall be provided by the TSF. If the last option is chosen, then the PP/ST author should use the refinement operation to define the resources. Assignment: In FMTREV.1.1 the PP/ST author should specify the roles that are allowed to modify the functions in the TSF. The possible roles are specified in FMT SMR.1. In FMT REV.1.2, the PP/ST author should specify the revocation rules. Examples of these rules could include: "prior to the next operation on the associated resource", or "for all new subject creations". 0 ... 92 93 94 95 96 97 98 ... 117
|
