Re: FDP_IFC.1(Information flow control (Part2)

Subject: Re: FDP_IFC.1(Information flow control (Part2)
From: Gary Stoneburner <gary.stoneburner@nist.gov>
Date: Fri, 27 Dec 2002 09:28:39 -0500
Content-Type: multipart/alternative; boundary="=====================_1864796==.ALT"
In-Reply-To: <000f01c2adae$1686c140$0815a8c0@yokota>

The TOE can only control subjects within the TOE. What your example does not say is whether the processes acting on behalf of the user are within the TOE. If not then I would suggest choice 2. (For example, the user is across the Internet and only a message from the user is within the TOE.) If these processes are within the TOE I would suggest choice 3.

Cheers,
Gary

At 08:49 AM 12/27/2002, YOKOTA HIROFUMI wrote:

I have lost my way about the use of FDP_IFC.1 (Subset information flow
control).

Could someone help me about the following?

I am going to put FDP_IFC.1 in a ST for the TOE
that requires information flow control policy that controls
information flow between users (outside of the TOE) and
an application process-X in the TOE..

I thought of it and have got three choices
about how to write the information flow control policy in the ST.

The choices I made up are the following.

Choice-1)
     FDP_IFC.1.1
     list of subjects:      users
     list of information: user information
     list of operations:   transmit to application process-x,
                               receive from application process-x

Choice-2)
     FDP_IFC.1.1
     list of subjects:      application process-X
     list of information: user information
     list of operations:   transmit to users,
                               receive from users

Choice-3)
     FDP_IFC.1.1
     list of subjects:      users,
                               application process-X
     list of information: user information
     list of operations:   pass information from users to application
process-x,
                               pass information from application process-x
to users

-----------------
Which one is correct?
Which one is incorrect?
Or, are all of them correct to be used in the ST?

Thanks for your help.

Regards,
   Yokota

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20877-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
**************************************************************************

References:
- FDP_IFC.1(Information flow control (Part2)
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Prev by Date: Re: CC conformance claim
Next by Date: RE: CC conformance claim
Prev by thread: FDP_IFC.1(Information flow control (Part2)
Next by thread: CC conformance claim

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov