Categorisation of SFRs for the TOE and for the IT environment
- Subject: Categorisation of SFRs for the TOE and for the IT environment
- From: "Agievich Sergei V." <email@example.com>
- Date: Thu, 1 Apr 2004 11:38:15 +0300
- Content-Transfer-Encoding: 8bit
- Content-Type: text/plain; charset="koi8-r"
- Importance: high
- Return-Receipt-To: "Agievich Sergei V." <firstname.lastname@example.org>
We plan to develop a PP for software cryptographic modules that run under
a general-purpose operational system. During the preliminary analysis,
we encounter a problem with categorisation of SFRs for the TOE (software
and for the IT environment (operational system, OS).
Let us illustrate this problem with an example.
Let the τοε implement role-based access control policy.
Before using the TOE functionality, an end-user must be identified and
The following implementations of I &A are possible:
a) the OS identifies and authenticates end-users, and maps their identity
to an OS role. The TOE roles are equivalent to the OS ones;
b) the OS identifies and authenticates end-users, and maps their identity
to the OS role "TOE User". Members of this role have access to the TOE
authentication service. The TOE identifies and authenticates members
of the role "TOE User", and maps their identity to a TOE role;
c) the TOE identifies and authenticates all users of the OS, and maps their
to a TOE role.
We suppose that any of the scenarios above can be implemented.
Developers can choose a target scenario during the ST creation and their
yields some combination of SFRs for the TOE and SFRs for the IT environment.
Now, how to declare all such combinations in the PP?
In our opinion, the most flexible solution consists in the series of
"The TSF shall..." --> "The [selection: TSF, IT environment, TSF and IT
Does this solution meet the concept of the CC?
P.S. We have been embarrassed by the following paragraph
(CC, part 1, section 4.3.2):
The intent of determining security objectives is to address all of the
and to declare which security aspects are either addressed directly by the
TOE or by
its environment. This categorisation is based on a process incorporating
judgement, security policy, economic factors and risk acceptance decisions.
National Research Center for Applied Problems of Mathematics and Informatics
Belarusian State University
Fr. Skorina av. 4, Minsk 220050, Belarus
Date Index |
Thread Index |
Problems or questions? Contact email@example.com