PD 0142: Meeting FTA_TAH_EXP.1 in the DBMS PP

["Observation Decisions Review Board" <faigin@aero.org>]

During its February 2008 meeting, the ODRB issued the following PD. Any 
comments on this PD will be considered at the next ODRB meeting.

PD 0142

TITLE
Meeting FTA_TAH_EXP.1 in the DBMS PP

ISSUE
In the PP "U.S. Government Protection Profile for Database Management
Systems in Basic Robustness Environments, Version 1.1, June 7, 2006" the
explicit requirements FTA_TAH_EXP.1.1 and FTA_TAH_EXP.1.2 are unclear:

   FTA_TAH_EXP.1.1 Upon successful session establishment, the TSF shall
   store and retrieve the date and time of the last successful session
   establishment to the user.   

   FTA_TAH_EXP.1.2 Upon successful session establishment, the TSF shall
   store and retrieve the date and time of the last unsuccessful attempt
   to session establishment and the number of unsuccessful attempts
   since the last successful session establishment.   

Taken together, the TOE must record the success and failure or session
establishment to the user, however how this data is displayed or used is
not specified.  Clients would have to be able to accept the information,
which may not be an implemented client feature and is outside TOE
control.  FTA_TAH_EX.1.2 appears to not make use of the previous session
data it is retrieving. 

RESOLUTION
The TOE shall provide the capability to retrieve previous session
success/failure information and make it available to client applications
external to the TOE.  The client applications may or may not accept or
make use of the information. 

Any TOE interfaces that provide interactive session establishment shall
present information about the success/failure of previous session
establishments, including the last successful and unsuccessful attempt
date and time, and the number of unsuccessful attempts. 

RATIONALE
Database products compliant with the DBMS PP have the requirement to
maintain a record of successful and unsuccessful session establishments,
and to present to the user upon session establishment information on the
last successful and unsuccessful session establishment, as well as the
number of unsuccessful session establishments since the last successful
one. The problem is that many database products provide interactive
interfaces only to administrators, and there is difficulty enforcing
this requirement when the DBMS is serving as a backend database. 

The issue was discussed with the PP author, and the compromise position
is captured in this PD. The TOE is still required to maintain the record
of successful and unsuccessful establishments. For the interactive
session establishment interfaces it provides, it needs to display that
information. For pure backend interactions (which are not interacting in
the GUI or command-line sense), the TOE must provide the ability for the
actual interface to present this information, although the TOE cannot
enforce that the actual interface does so. 

Specifically, in FTA_TAH_EXP.1.1, though the TOE cannot require a client
to access and retrieve previous session establishment information, it
can make it available.  The fulfillment of this requirement would be
altered slightly from "retrieve" to "being able to retrieve". 

FTA_TAH_EXP.1.2 as written also has no meaningful way to present session
establishment information.  The resolution refines this to report to the
interactive users through the application interface information about
session establishment successes and failures.