Re: FDP_ITT.4 Attribute-based integrity monitoring

Subject: Re: FDP_ITT.4 Attribute-based integrity monitoring
From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
Date: Wed, 18 Oct 2006 17:10:14 +0900
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"
References: <44C87EEF.23728.7D7AFC@localhost> <003701c6b210$1bb47530$0200a8c0@AlexDell> <17610.1099.474992.551998@solarium.aero.org> <000f01c6ed0a$003a3b70$6858a8c0@yokota>



Hi,

I was wrong.

Referring the intent of FDP_ITT.4 written at para 206 ( CC V3.1 part2),
I thought my suggested change of FDP_ITT.4.2 was wrong.

It must be corrected....

FDP_ITT.4.2 The TSF shall monitor data controlled by the SFP(s) when
transmitted between physically-separated parts of the TOE, based on the
following attributes: [assignment: security attributes that require separate
transmission channels], for the following errors: [assignment: integrity
errors].

And, though (I admit) the statements FDP_ITT.4.1 is correct, I felt it was
hard to read.

Regards,

----- Original Message ----- 
From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
To: "Multiple recipients of list" <cc-cmt@nist.gov>
Sent: Wednesday, October 11, 2006 5:04 PM
Subject: FDP_ITT.4 Attribute-based integrity monitoring


>
> Hi,
>
> Considering the meaning and the symmetry with FDP_ITT.1 and FDP_ITT.2, I
> think that FDP_ITT.4 should be changed as the following.
>
> -------------------------------------
> [current]
>
> FDP_ITT.4.1 The TSF shall enforce the [assignment: access control SFP(s)
> and/or information flow control SFP(s)] to monitor user data transmitted
> between physically-separated parts of the TOE for the following errors:
> [assignment: integrity errors], based on the following attributes:
> [assignment: security attributes that require separate transmission
> channels].
>
> FDP_ITT.4.2 Upon detection of a data integrity error, the TSF shall
> [assignment: specify the action to be taken upon integrity error].
>
> -------------------------------------
> [suggested change]
>
> FDP_ITT.4.1 The TSF shall enforce the [assignment: access control SFP(s)
> and/or information flow control SFP(s)] to monitor user data transmitted
> between physically-separated parts of the TOE for the following errors:
> [assignment: integrity errors].
>
> FDP_ITT.4.2 The TSF shall separate data controlled by the SFP(s) when
> transmitted between physically-separated parts of the TOE, based on the
> following attributes: [assignment: security attributes that require
separate
> transmission channels].
>
> FDP_ITT.4.3 Upon detection of a data integrity error, the TSF shall
> [assignment: specify the action to be taken upon integrity error].
> --------------------------------------
>
> It is not clear what is attempted to try based on the attributes in the
> current statement.
> I suggest to make it clear that it is to separate data ......, as it is
> written so in FDP_ITT.2.2.
> Am I wrong?
>
> Regards,
> Hirofumi Yokota
>
>
>

Follow-Ups:
- RE: TSS Level of Detail/PD 0063: What Information Must Be Provided in the TSS
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

References:
- Re: TSS Level of Detail/PD 0063: What Information Must Be Provided in the TSS
  - From: "Observation Decisions Review Board" <faigin@aero.org>
- RE: TSS Level of Detail/PD 0063: What Information Must Be Provided in the TSS
  - From: Alex Ragen <aragen@netvision.net.il>
- RE: TSS Level of Detail/PD 0063: What Information Must Be Provided in the TSS
  - From: "Daniel P. Faigin" <faigin@aero.org>
- FDP_ITT.4 Attribute-based integrity monitoring
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Prev by Date: RE: wordings are not consistent in CCV3.1
Next by Date: RE: TSS Level of Detail/PD 0063: What Information Must Be Provided in the TSS
Prev by thread: FDP_ITT.4 Attribute-based integrity monitoring
Next by thread: RE: TSS Level of Detail/PD 0063: What Information Must Be Provided in the TSS

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov