Re: PD-0091: Dependencies of Requirements on the IT Environment
- Subject: Re: PD-0091: Dependencies of Requirements on the IT Environment
- From: "Dr.Ir. D.J. Out" <out@itsef.tno.nl>
- Date: Thu, 29 Jan 2004 09:55:10 +0100
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii; format=flowed
- Organization: TNO-ITSEF BV
- References: <4E25ECBBC03F874CBAD03399254ADFDE10FAC8@US-Columbia-CIST.mail.saic.com>
- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020408
> [JLA] I actually meant the TOE Scope of Control as in the things under the
> control of the TOE. Obviously the environment is not able to control its
> environment. Note that your argument leads to the conclusion that FPT_SEP
> cannot be met by ANY TOE.
I'm not sure what the TOE Scope of Control is. It leads to "The TOE
controls the things under control of the TOE". You need to explicitly
list them for a given TOE in order for this to make sense.
Smartcards do a very good job in protecting themselves in my experience.
> In the case of a monolithic operating system, a
> TOE generally cannot protect itself from physical assaults. I am unable to
> explain why I keep seeing claims that an application TOE cannot FULLY
> protect itself while this is obviously for the vast majority of TOEs that
> have historically, seemingly met this requirement.
The claim is: Software TOEs can protect itself, but not through use of
an unmodified FPT_SEP requirement..
Dirk-Jan Out
--
TNO ITSEF BV
P.O. Box 96864 tel +31 70 374 0304
2509 JG The Hague fax +31 70 374 0651
The Netherlands www.commoncriteria.nl
Date Index |
Thread Index |
Problems or questions? Contact list-master@nist.gov