RE: Possible request for interpretation: low-level design doc questions
- Subject: RE: Possible request for interpretation: low-level design doc questions
- From: "Knoke, Jim" <Jim.Knoke@GetronicsGov.com>
- Date: Fri, 21 Jun 2002 13:42:38 -0400
- content-class: urn:content-classes:message
- Content-Transfer-Encoding: 8bit
- Content-Type: text/plain; charset="us-ascii"
- Thread-Index: AcHXQZQz/ZSJiC8/TE2+Ii8nMOQ+ZRCAvmbg
- Thread-Topic: Possible request for interpretation: low-level design doc questions
> In cases where both FPT_SEP and FPT_RVM are
> included in the collection of functional requirements, there
> doesn't seem to be
> any difference between TSF and TCB.
One difference between TCB and TSF might be that the TSF includes test
code and the TCB didn't.
> The NIB believes that, once the TSF is identified, then its
> constituent parts
> must be described; however, because some parts need only work
> the details of those parts need not be as extensive.
I think this is key.
> opposite view,
> expressed by some on this list, appears to hold that these
> parts that need
> only work correctly are not part of the TSF and, therefore,
> need not be
> described at all.
Or is there a middle ground where the CEM directs the evaluators to
certain kinds of analyses on some things outside the TSF?
> The NIB believes
> that "relied upon"
> includes all portions of the executing TOE that must operate
> correctly, rather
> than only those portions that actively enforce any of the
> security policies. The
> NIB has therefore created a queue entry on the phrase "relied
> upon"; as the
> entry is developed, we'll explore the varying views to arrive
> at a community
Its almost like we need a third-category of stuff which is "quasi-TSF".
And then don't apply the standard CC assurance and CEM analysis to it,
but define some lesser or alternative assurance and analysis. If done
carefully, I don't think this would measurably reduce the secureness of
the TOE and it will reduce costs to evaluate and therefore encourage
Date Index |
Thread Index |
Problems or questions? Contact firstname.lastname@example.org