Re: I-0463: Hardware Inclusion In A TOE With FPT_SEP
- Subject: Re: I-0463: Hardware Inclusion In A TOE With FPT_SEP
- From: "NIAP Interpretations Board" <firstname.lastname@example.org>
- Date: Tue, 20 Aug 2002 14:23:16 -0700
- Content-description: Mail message body
- Content-transfer-encoding: 7BIT
- Content-type: text/plain; charset=US-ASCII
- Priority: normal
- Reply-to: email@example.com
This transaction consists of a proposal for a NIAP Interpretation of a
Common Criteria document. It is being posted in accordance with the
procedures of the IWG.
Comments on this proposal are welcomed and should be posted to this
transaction chain. If any party wishes to post a comment anonymously,
the comment should be mailed to firstname.lastname@example.org in a form suitable
for posting. All comments should be posted no later than Monday,
September 23, 2002.
CCITSE/CEM GUIDANCE (PROPOSED)
I-0463: Hardware Inclusion In A TOE With FPT_SEP
STATUS: Reposted for External Review
TITLE: Hardware Inclusion In A TOE With FPT_SEP
PREVIOUS POSTING: [cc-cmt 00252]
PREVIOUS POSTING: [cc-cmt TBD]
COMMENTS DUE BY: Monday, September 23, 2002 to email@example.com
RELATED TO: <None>
Must hardware be included in a TOE that includes FPT_SEP as one of the
All TOE Objectives (which map to Security Functional Requirements)
must be met by the TSF. It is not acceptable to meet a TOE Objective
by a requirement allocated to the IT environment.
Hence, if FPT_SEP is included as an objective for the TOE, then one of
the following conditions should be met:
1. The underlying platform should be included.
2. An argument should be made that FPT_SEP is satisfied independent
of the underlying platform.
3. The provision of support for FPT_SEP should be explicitly stated
as objectives for the Operational Environment/IT Environment.
No criteria changes required. This guidance is supported by the CEM
Work Unit ASE_REQ.1-20 as interpreted by CCIMB-INTERP-0058.
CEM Work Unit ASE_REQ.1-20 requires that the security requirements
rationale provide a justification that every security objective for
the TOE is satisfied by the TOE security requirements. There is no
provision for security objectives for the TOE being satisfied by
requirements on the IT environment.
Of particular interest is the FPT_SEP requirement. FPT_SEP.1.1 says
"The TSF shall maintain a security domain for its own execution that
protects it from interference and tampering by untrusted subjects". If
this requirement is allocated to the application TOE, this means the
application is 100% responsible for providing such protection,
completely independent of the behavior of applications on the
underlying abstract machine (operating system, hardware). For an
operating system TOE, this means the TOE provides the protection
independent of the behavior of anything else running on the hardware.
Similarly, FPT_SEP.1.2 talks about enforcing separation between the
security domains of subjects in the TSC (which is typically
interpreted to refer to process address spaces, for operating
systems). If this is allocated to the TOE but not the hardware, this
means the TOE must provide the capability independent of the hardware.
With respect to hardware being required to meet FPT_SEP: Although with
current technology hardware support is always used to achieve domain
separation and process separation, the ability to provide such
separation through software mechanisms alone is conceivable. However,
if hardware is excluded, there must be a clear argument that the
hardware in no way contributes to the software's satisfaction of
FPT_SEP, or there must be an explicit objective for the operational
environment to provide the necessary support.
With respect to applications claiming FPT_SEP: In order to do so, one
must be able to show that the application provides mechanisms that
implement FPT_SEP independent of any operating system support. With
current technology, however, operating system support is usually
required to achieve FPT_SEP, and hence, FPT_SEP should be allocated to
the IT Environment (Operational Environment), or the extent to which
the operating system provides support for FPT_SEP should be detailed
in the Objectives for the Operational Environment (IT Environment).
Date Index |
Thread Index |
Problems or questions? Contact firstname.lastname@example.org