RE: I-0463: Hardware Inclusion In A TOE With FPT_SEP

Subject: RE: I-0463: Hardware Inclusion In A TOE With FPT_SEP
From: "Daniel P. Faigin" <faigin@solarium.aero.org>
Date: Thu, 18 Jul 2002 07:36:46 -0700
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <3C1E3607B37295439F7C409EFBA08E68024850E7@US-Columbia-CIST.mail.saic.com>
References: <3C1E3607B37295439F7C409EFBA08E68024850E7@US-Columbia-CIST.mail.saic.com>


On Thu, 18 Jul 2002 07:24:45 -0700, "Arnold, James L. Jr."
<JAMES.L.ARNOLD.JR@saic.com> said: 

> Regardless, national interpretation processes are not necessarily a good
> thing since they promote international divergence of the CC. I personally
> believe that any such energy should be placed in the international
> interpretation process to promote international consistency.

Of course, I disagree, and I note that national interpretations are allowed
within any scheme. Of course, for national interpretation processes to be a
good thing, they must be open to public input, and provide a clear avenue for
input to the international level. I think these are things you see in the
CCEVS process. We encourage public input through forums such as this, and are
working towards having actual appropriate public participation on the NIB
itself. We have the CCEVS CCIMB representatives participating in the NIB, and
bringing national interpretations to the CCIMB as RIs for concurrence once
they reach the national level. This also allows us to ensure that the
direction taken by the NIB takes into account the direction being taken by the
CCIMB. I'll also note that national interpretations may be overridden by
international interpretations.

>> It is interesting to note how the Oracle DBMS.PP uses FPT_SEP: it refines
>> the TOE SFR to refer to "DATABASE subjects" rather than "subjects", and
>> defines an environmental security objective for the underlying operating
>> system to protect from tampering the files used by the DBMS to store the
>> database and the TOE processes managing the database.
>> 

> I tend to think the refinement is both legal and unnecessary, since
> "subjects" are always relative to the TOE. Hence, for a database TOE it
> makes perfect sense that its subjects are database subjects. Perhaps the
> refinement was necessary to clearly differentiate those subjects from other
> subjects that may exist in the IT environment.

At which point, you seem to be saying, the refinement was actually more of a
clarification.

Daniel

References:
- RE: I-0463: Hardware Inclusion In A TOE With FPT_SEP
  - From: "Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com>

Prev by Date: Re: I-0463: Hardware Inclusion In A TOE With FPT_SEP
Next by Date: Re: I-0460: Empty Selections Or Assignments/One Or More
Prev by thread: RE: I-0463: Hardware Inclusion In A TOE With FPT_SEP
Next by thread: Re: I-0463: Hardware Inclusion In A TOE With FPT_SEP

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov