Re: FMT_MSA.3: Restrictive/Permissive Default Values

Subject: Re: FMT_MSA.3: Restrictive/Permissive Default Values
From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
Date: Fri, 4 Jun 2004 12:27:18 +0900
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"
References: <4E25ECBBC03F874CBAD03399254ADFDE05D45ECE@US-Columbia-CIST.mail.saic.com> <40A4C252.5050303@itsef.tno.nl> <000701c4477f$6d085da0$2200a8c0@yokota> <000e01c4484a$333c0dd0$2200a8c0@yokota> <40BDAC60.5090805@itsef.tno.nl> <001601c4490f$e7419af0$2200a8c0@yokota> <001201c44945$dad500a0$2200a8c0@yokota>



I thought over this a little bit more.

While I agree that "default values" means "values automatically assigned by
the TSF" and this could be applied without a particular inconsistency in
FMT_MSA.3, I feel that this is an extended interpretation and the original
intent of the CC became vague.

Let's examine FMT_MSA.3 asgain.

******
FMT_MSA.3.1
The TSF shall enforce the [assignment: SFP] to provide [selection:
restrictive, permissive, other property] defaults values, for security
attributes that are used to enforce the SFP.

FMT_MSA.3.2
The TSF shall allow the [assignment: the authorised identified roles] to
specify alternative initial values to override the default values when an
object or information is created.
******

I understand FMT_MSA.3.1 as the following:

1. the TSF should define the property (restrictive, permissive, or other) of
defaults values.
Therefore, if  the TSF provides attribute values automatically (i.e.,
copied) according to the obtained values (either implicitly or explicitly )
from the incomming message, we could not say this that the property is of
TSF decision.

2. I think that FMT_MSA.3 has a fail-safe concept.  If  the TSF provides
attribute values automatically (i.e., copied) according to the obtained
(either implicitly or explicitly ) values from the incomming message, we
wouldn't see the concept in this.

3. While, in FMT_MSA.3.2, the phrase is clearly and explicitly stated that:
"override default values when an object or information is created", there is
no such condition stated in providing default values in FMT_MSA.3.1.
I suppose, this means that "defaults values" are mostly pre-defined before
an each information is created, not when an object or information is
created.


--------------------------------------------------------
Here is a scenario according to the above my understanding.

The TOE receives messages with an classification label ( Unclassified,
InternalUseOnly, Confidential );

FMT_MSA.3.1: The TOE provides a permissive default value "Unclassified" for
all incoming messages, or
FMT_MSA.3.1: The TOE provides a restrictive default value "Confidential" for
all incoming messages.

FMT_MSA.3.2: An administrator is allowed to override the default value by
the classification label of the message that is received.

Based on such scenario, I thought and wanted to say, in my previous message,
that the assignment : "nobody", "no authorized role", or "no subject" in
FMT_MSA.3.2 would be unlikely.

Thks

This is just an opinion.
I welcom and appreciate any your opinions on this.

Yokota

References:
- FMT_MSA.3: Restrictive/Permissive Default Values
  - From: "Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com>
- Re: FMT_MSA.3: Restrictive/Permissive Default Values
  - From: "Dr.Ir. D.J. Out" <out@itsef.tno.nl>
- Re: FMT_MSA.3: Restrictive/Permissive Default Values
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
- Re: FMT_MSA.3: Restrictive/Permissive Default Values
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
- Re: FMT_MSA.3: Restrictive/Permissive Default Values
  - From: "Dr.Ir. D.J. Out" <out@itsef.tno.nl>
- Re: FMT_MSA.3: Restrictive/Permissive Default Values
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
- Re: FMT_MSA.3: Restrictive/Permissive Default Values
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Prev by Date: Re: FMT_MSA.3: Restrictive/Permissive Default Values
Next by Date: RE: FMT_MSA.3: Restrictive/Permissive Default Values
Prev by thread: Re: FMT_MSA.3: Restrictive/Permissive Default Values
Next by thread: RE: FMT_MSA.3: Restrictive/Permissive Default Values

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov