PD 0143: Meeting FTA_TAH_EXP.1 in the DBMS PP

Subject: PD 0143: Meeting FTA_TAH_EXP.1 in the DBMS PP
From: "Observation Decisions Review Board" <faigin@aero.org>
Date: Fri, 12 Sep 2008 14:29:30 -0700
Content-description: Mail message body
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=ISO-8859-1
Priority: normal


During its July 2008 meeting, the ORDB reviewed recent ODs and developed the 
following Precedent Decision. Comments on this decision are welcome and will be 
considered at the next ODRB meeting:

PD 0143

TITLE

Meeting FTA_TAH_EXP.1 in the DBMS PP

ISSUE

In the PP "U.S. Government Protection Profile for Database Management Systems 
in Basic Robustness Environments, Version 1.1, June 7, 2006" the explicit 
requirements FTA_TAH_EXP.1.1 and FTA_TAH_EXP.1.2 are unclear:

FTA_TAH_EXP.1.1	Upon successful session establishment, the TSF shall store and 
retrieve the date and time of the last successful session establishment to the 
user.  

FTA_TAH_EXP.1.2	Upon successful session establishment, the TSF shall store and 
retrieve the date and time of the last unsuccessful attempt to session 
establishment and the number of unsuccessful attempts since the last successful 
session establishment.  

Taken together, the TOE must record the success and failure or session 
establishment to the user, however how this data is displayed or used is not 
specified.  Clients would have to be able to accept the information, which may 
not be an implemented client feature and is outside TOE control.  
FTA_TAH_EX.1.2 appears to not make use of the previous session data it is 
retrieving.


RESOLUTION

The TOE shall retrieve previous session success/failure information and make it 
available to the client application.  The client application may or may not 
accept or make use of the information.

The TOE shall present to the Administrator through the Administrator 
application or interface information about the success/failure of previous 
session establishments, including the last successful and unsuccessful attempt 
date and time, and the number of unsuccessful attempts.


RATIONALE

In FTA_TAH_EXP.1.1, though the TOE cannot require a client to access and 
retrieve previous session establishment information, it can make it available.  
The fulfillment of this requirement would be altered slightly from "retrieve" 
to "being able to retrieve".

FTA_TAH_EXP.1.2 as written also has no meaningful way to present session 
establishment information.  The resolution refines this to report to the 
Administrator through the administrative application information about session 
establishment successes and failures.

Follow-Ups:
- TSFI Determination
  - From: "Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com>

Prev by Date: PD 0145: Enabling/Disabling of Verification of Cryptographic Key Testing in WLAN PP
Next by Date: TSFI Determination
Prev by thread: PD 0146: Remote Administration and Cryptographic Functionality in the TFWPP
Next by thread: TSFI Determination

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov