Раздел: Документация
0 ... 6 7 8 9 10 11 12 ... 73 2.6.6Class ATE: Tests Assurance class ATE states testing requirements that demonstrate that the TSF satisfies the TOE security functional requirements. 2.6.6.1Coverage (ATE COV) Coverage deals with the completeness of the functional tests performed by the developer on the TOE. It addresses the extent to which the TOE security functions are tested. 2.6.6.2Depth (ATE DPT) Depth deals with the level of detail to which the developer tests the TOE. Testing of security functions is based upon increasing depth of information derived from analysis of the TSF representations. 2.6.6.3Functional tests (ATE FUN) Functional testing establishes that the TSF exhibits the properties necessary to satisfy the requirements of its ST. Functional testing provides assurance that the TSF satisfies at least the requirements of the chosen functional components. However, functional tests do not establish that the TSF does no more than expected. This family focuses on functional testing performed by the developer. 2.6.6.4Independent testing (ATE IND) Independent testing specifies the degree to which the functional testing of the TOE must be performed by a party other than the developer (e.g. a third party). This family adds value by the introduction of tests that are not part of the developers tests. 2.6.7Class AVA: Vulnerability assessment Assurance class AVA defines requirements directed at the identification of exploitable vulnerabilities. Specifically, it addresses those vulnerabilities introduced in the construction, operation, misuse, or incorrect configuration of the TOE. 2.6.7.1Covert channel analysis (AVA CCA) Covert channel analysis is directed towards the discovery and analysis of unintended communications channels that can be exploited to violate the intended TSP. 2.6.7.2Misuse (AVA MSU) Misuse analysis investigates whether an administrator or user, with an understanding of the guidance documentation, would reasonably be able to determine if the TOE is configured and operating in a manner that is insecure.
2.8 Maintenance of assurance class and family overview The following summarises the assurance class and families of clause 16. The class and family summaries are presented in the same order as they appear in clause 16. 2.8.1 Class AMA: Maintenance of assurance Assurance class AMA is aimed at maintaining the level of assurance that the TOE will continue to meet its security target as changes are made to the TOE or its environment. Each of the families in Strength of function analysis addresses TOE security functions that are realised by a probabilistic or permutational mechanism (e.g. a password or hash function). Even if such functions cannot be bypassed, deactivated, or corrupted, it may still be possible to defeat them by direct attack. A level or a specific metric may be claimed for the strength of each of these functions. Strength of function analysis is performed to determine whether such functions meet or exceed the claim. For example, strength of function analysis of a password mechanism can demonstrate that the password function meets the strength claim by showing that the password space is sufficiently large. 2.6.7.4Vulnerability analysis (AVA VLA) Vulnerability analysis consists of the identification of flaws potentially introduced in the different refinement steps of the development. It results in the definition of penetration tests through the collection of the necessary information concerning: (1) the completeness of the TSF (does the TSF counter all the postulated threats?) and (2) the dependencies between all security functions. These potential vulnerabilities are assessed through penetration testing to determine whether they could, in practice, be exploitable to compromise the security of the TOE. 2.7 Maintenance categorisation The requirements for the maintenance of assurance are treated as an assurance class and are presented using the class structure defined above. The maintenance of assurance families, and the abbreviation for each family are shown in Table 2.2. Table 2.2 -Maintenance of assurance class decomposition this class identifies developer and evaluator actions that are to be applied after the TOE has been successfully evaluated, although some requirements can be applied at the time of the evaluation. 2.8.1.1Assurance maintenance plan (AMA AMP) The assurance maintenance plan identifies the plans and procedures a developer is to implement in order to ensure that the assurance that was established in the evaluated TOE is maintained as changes are made to the TOE or its environment. 2.8.1.2TOE component categorisation report (AMA CAT) The TOE component categorisation report provides a categorisation of the components of a TOE (e.g. TSF subsystems) according to their relevance to security. This categorisation acts as a focus for the developers security impact analysis. 2.8.1.3Evidence of assurance maintenance (AMA EVD) Evidence of assurance maintenance seeks to establish confidence that the assurance in the TOE is being maintained by the developer, in accordance with the assurance maintenance plan. 2.8.1.4Security impact analysis (AMA SIA) Security impact analysis seeks to establish confidence that assurance has been maintained in the TOE through an analysis performed by the developer of the security impact ofall changes affecting the TOE since it was evaluated. 0 ... 6 7 8 9 10 11 12 ... 73
|
