Re: PD-0101: Level of Detail Necessary for Assurance Requirements on Third Party Products

["Dr.Ir. D.J. Out" <out@itsef.tno.nl>]

Daniel P. Faigin wrote:
> On Tue, 9 Mar 2004 02:35:50 -0500 (EST), "Dr.Ir. D.J. Out" <out@itsef.tno.nl> said:
> 
> 
>>I use screws as a pathological example. I guess "The RAM chips inside a 
>>HSM" would be a better example. These are definitely part of the TSF, 
>>but doing EAL4 work on them seems silly.
> 
> 
> Are they definately part of the TSF? Do they provide anything other
> (security-wise) than functional correctness and reliability, in contribution
> to the overall TSF policy?

The TSF is "everything that you need to rely upon to enforce the TSP".
If the RAM chips have severe flaws they will break the TSP.

A RAM chip with the feature that whenever you load an address at address 
FFFF+1, will load the contents of that address into FFFF+1 at the next 
clock cyle would have some nice side effects.

Now the answer we all want to give is: RAM chips don't work that way and 
neither do screws.

> Key words in the above: the CC does not make a distinction, and "what interps
> are for". If the CC does not make a distinction, than guidance issued at a
> national level must continue not to make a distinction, otherwise it is going
> beyond what is in the CC. Thus, CCEVS/NIAP cannot add the distinction.

So perhaps I should modify the question into "What should CC 3.0 say on 
this point?" and retract the nasty question below.

WOuld some guidance like "Where the TOE contains certain parts that are 
mass-produced and commonly available over the shelf, it may be the case 
that...." be useful and if so, how should it look?

> Well, the US has a *V*PL; the EPL was around for the TCSEC :-)

If you are going to be like that: in CC you certify TOEs rather than 
products. What if the TOE is only part of a product or consists of two 
products?

> Now, if you are asking if we go to the level of screws: The analysis goes to
> an appropriate level given the type of product and the EAL (i.e., it goes to
> the level of the HLD, LLD, etc., as included in the EAL). I think the US tends
> to get less of the hardware-only products that are more common in Europe;
> smartcards are not as big here. 

Smartcards do not give problems here as you tend to split them into:
= a separate hardware evaluation where you include all hardware in the 
TOE (its usually all made by the same developer anyway)
= and a software+hardware evaluation where all the hardware is also in 
the TOE


-- 
TNO ITSEF BV
P.O. Box 96864          tel +31 70 374 0304
2509 JG The Hague       fax +31 70 374 0651
The Netherlands         www.commoncriteria.nl