RE: TSFI Determination

Subject: RE: TSFI Determination
From: "Mike Boberski" <mike.boberski@cox.net>
Date: Thu, 9 Oct 2008 15:18:00 -0400
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
In-Reply-To: <D035C92076CE06499BD3C9074365349601780E45@0015-its-exmb06.us.saic.com>
References: <48CA7CCA.10872.6A5E78F@faigin.aero.org> <D035C92076CE06499BD3C9074365349601780E45@0015-its-exmb06.us.saic.com>
Thread-Index: AckqPUB7XATOefAESi6cRmCHWL4ymAAAb1Bg


That's quite a literal read of the CCv3.1r2p3 (section A.2.2) figure 20
diagram, which is an example that is specific to a technology type.

For the case of virus scanners, I would modify figure 20 to make it specific
to virus type by: 

1. Adding a subcomponent to the SRV component (representing the subcomponent
management interfaces for inputting/generating the signagures), and

2. Including this new subcomponent's own Ax and Bx interface groups.

This new SRV subcomponent would then be akin to the PLG subcomponent
depicted for the OS, for purposes of identifyint TSFI.

Best regards,
 
Mike

-----Original Message-----
From: cc-cmt@nist.gov [mailto:cc-cmt@nist.gov] On Behalf Of Arnold, James L.
Jr.
Sent: Thursday, October 09, 2008 2:30 PM
To: Multiple recipients of list
Subject: TSFI Determination


CCv3.1r2p1 (para 93) indicates: TSF interface (TSFI) - a means by which
external entities (or subjects in the TOE but outside of the TSF) supply
data to the TSF, receive data from the TSF and invoke services from the TSF.

CCv3.1r2p3 (section A.2.2) figure 20 and surrounding text indicates that a
TOE might be associated with a server (i.e., providing some service the TSF
depends on) in the IT environment. Figure 20 and para 557 are explicit that
the applicable interface is not a TSFI and need not be analyzed or discussed
- that will apparently be handled in an ACO evaluation.

CCv3.1r2p2 includes requirements such as FPT_ITI.1 where the TSF shall
provide a capability to detect modification of transmitted TSF data...and to
verify integrity of transmitted data (presumably received by the TSF).

Is there some distinction between 'another trusted IT product' and a 'server
upon which the TSF depends'? Should FPT_ITI.1, for example, NOT be used when
considering a server upon which the TSF depends, for example?

Consider the case of signature updates for a virus scanner. The TSF depends
on the corporate virus signature server to deliver regular and timely
updates in order to be most effective. Presumably, the signatures must be
protected in transit (e.g., across the Internet). As such, it appears that a
requirement such as FPT_ITI.1 might be appropriate if the TSF were to, for
example, verify digital signatures on newly received signatures. 

However, since the TSF depends on this server, the example presented in
CCv3.1r2p3 (para 557) indicates pretty clearly that the applicable interface
is not a TSFI and need to be discussed or analyzed. How then should an
evaluation team determine conformance to FPT_ITI.1? No TSFI, no description,
perhaps no tests...

References:
- PD 0143: Meeting FTA_TAH_EXP.1 in the DBMS PP
  - From: "Observation Decisions Review Board" <faigin@aero.org>
- TSFI Determination
  - From: "Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com>

Prev by Date: TSFI Determination
Next by Date: unsubscribe
Prev by thread: TSFI Determination
Next by thread: RE: TSFI Determination

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov