RE: FPT_SEP in an Application TOE (does mutual recognition work?)

Subject: RE: FPT_SEP in an Application TOE (does mutual recognition work?)
From: "Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com>
Date: Mon, 13 Dec 2004 13:16:08 -0500
Content-Type: text/plain


In light of the arguments indicating that FPT_SEP (and other SFRs) might not
be appropriate for TOEs excluding their underlying supporting components
(e.g., OSs and hardware), I am somewhat curious about the following quotes
that occur in a number of Controlled Access Protection Profile conformant OS
STs validated in the German Scheme:

"Tools and commands executed in user mode that are used by an administrative
user need also to be trusted to manage the system in a secure way. But as
with other operating system evaluations they are not considered to be part
of this TSF.

Also the hardware and the BootProm firmware are considered not to be part of
the TOE but part of the TOE
environment."

How is it that security management functions, such as audit review, can be
claimed if the applicable tools are not part of the TSF?

How is it that FPT_SEP.1, FPT_RVM.1, FPT_STM.1 and perhaps other SFRs that
have recently been questioned for applications can be met by an OS TSF (just
a few months ago) that doesn't include components that are directly
responsible to implement the corresponding security functions?

Note that I am pretty certain that no past or current OS evaluation in the
US Scheme excludes administrative utilities or hardware.

Prev by Date: RE: Assets definition
Next by Date: RE: FPT_SEP in an Application TOE (does mutual recognition work?)
Prev by thread: NIB Postings: Third Times The Charm!
Next by thread: RE: FPT_SEP in an Application TOE (does mutual recognition work?)

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov