Re: The reasons of SFP(s) enforcement are not consistent

["Dr.Ir. D.J. Out" <out@itsef.tno.nl>]

YOKOTA HIROFUMI wrote:
> On Friday, April 11, 2003 10:25 PM Nir Naaman wrote:
> 
>>Both access control SFPs and information flow control SFPs,
>>identified by FDP_ACC.1 and FDP_IFC.1, respectively, are a
>>function of subjects, operations, and objects or information.
>>
>>The annex does not mention that the subject is a factor for ETC,
>>but it is clear that it is. The dependency on FDP_ACC.1 or
>>FDP_IFC.1 provides this relationship.
>>
> 
> 
> I think differently.
> It is very difficult to find relationships of factors between SFR and SFPs
> without CC Part2 Anexxes..
> 
> 1)
> 
> For example, FMT_MSA.1.1, CC Part2 Annexes H.2 says:
> In FMT_MSA.1.1, the PP/ST author should list the access control SFP or the
> information flow control SFP for which the security attributes are
> appricable.
> 
> In this requirement only attributes are concerned, and subjects, objects,
> information and operations are not concerned.

And does this mean that FMT_MSA.1. can be used to circumvent other 
policies that are not listed?

> 2)
> Another example is FDP_ROL.1.1, CC Part2 Annexes F.10, which says:
> In FDP_ROL.1.1, the PP/ST author should specify the access control SFP(s)
> and/or information flow control SFP(s) that will be enforced when performing
> rollback operations. This is necessary to make sure that roll back is not
> circumvent the specified SFPs.

But does this mean that rollback is allowed to circumvent all SFPs that 
are not specified?

If so, what does it mean to specify an access control SFP, when this can 
apparently be arbitrarily circumvented by rollback?

Dirk-Jan
-- 
TNO ITSEF BV
P.O. Box 96864          tel +31 70 374 0304
2509 JG The Hague       fax +31 70 374 0651
The Netherlands         www.commoncriteria.nl