Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

To continue our discussion from the last meeting on PP for High

advertisement 
The followings are my examples for Access Control SFRs using
the “Plain English” approach.
The original FDP_ACC.1 in CCv3 is:
FDP_ACC.1 Access control
Hierarchical to: No other components.
Dependencies: FDP_ISA.1 Security attribute initialisation
FDP_ACC.1.1 The TSF shall [selection: allow, disallow] an operation of a subject on an
object [selection: if, if and only if] [assignment: rules for operations, based
on security attributes of the subjects and objects].
Example SFRs for Access Control 1.1.1.1
FDP_ACC.1 (1) Access control
FDP_ACC.1.1
The TSF shall allow an operation blocking or unblocking of a
subject Network Transmission or Receiving Process bound to a user
on an object Inbound or Outbound Network Traffic [selection: if only
if] [assignment: The TSF shall always enforce network information
flow rules, based on the security attributes of the subjects and objects.]
Dependencies: FDP_ISA.1(1&2) Security attribute initialization
The original Security Attribute Initialization SFR in CCv3 is:
FDP_ISA.1 Security attribute initialisation
Hierarchical to: No other components.
Dependencies: FDP_ACC.1 Access control
FDP_ISA.1.1 The
TSF shall [selection: use the following rules [assignment: rules] to assign
an initial value , assign the value [assignment: value]] to the security
attribute [assignment: security attribute] whenever a [assignment: object
or subject] is created.
Here is my proposal to the corresponding SAI SFR for FDP_ACC.1(1)
above:
1.1.1.2
FDP_ISA.1(1) Security attribute initialization
FDP_ISA.1.1 The TSF shall [selection: use the following rules [assignment: Use the
current configuration setting of the security attributes for a Network
Transmission or Receiving Process bound to a user at any time] to
assign the value [assignment: current configured value]] to the security
attribute [assignment: any in the following list – port, protocol, source
and destination IP or MAC address, other security attributes]
whenever a [assignment: Network Transmission or Receiving Process
bound to a user] is created.
1.1.1.3
FDP_ACC.1 (2) Access control
FDP_ACC.1.1
The TSF shall allow an operation Configuration of a subject a
Network Interface Configuration Process bound to a user on an object
in the following list: port, protocol, service, IP address, MAC address,
other security attributes of the subject, [selection: if only if]
[assignment: The user bound to the Network Interface Configuration
Process shall be authenticated and authorized, based on the security
attributes of the subjects and objects.]
Dependencies: FDP_ISA.1(2) Security attribute initialization
Here is the corresponding ISA SFR to FDP_ACC.1 (2)
1.1.1.4
FDP_ISA.1(2) Security attribute initialisation
FDP_ISA.1.1
1.1.1.5
The TSF shall [selection: use the following rules [assignment: Disable all
unused ports, protocols, services at startup] to assign an initial value
[assignment: value] to the security attribute [assignment: any of the
following security attributes – unused port, protocol, service]
whenever a [assignment: network interface configuration initialization
process] is created.
FDP_ACC.1 (3) Access control
FDP_ACC.1.1
The TSF shall allow an operation in the following sets for the
corresponding subjects and objects listed later in the same order:
1)
print, copy, scan, fax, configuration, update, view, modify, delete, store,
retrieve, other operations
2)
configuration, update, view, modify, delete, store, retrieve, other operations
3)
installation, configuration, update, modify, other operations
of a subject a process bound to a user
on an object in the following list corresponding to operation sets listed above in the
same order:
1)
User Document Data,
2)
User Function Data, Management Data
3)
Firmware
[selection: if and only if] [assignment: The user bound to the subject is properly
authenticated and authorized, based on the security attributes of the subjects and
objects.]
Dependencies: FDP_ISA.1(3) Security attribute initialization
PP Application Notes:
The security attributes of the object could include: the PIN code or password and/or other
information used for authorization of the operation on the object.
Here is my proposal to the corresponding SAI SFR for FDP_ACC.1(3) above:
1.1.1.6
FDP_ISA.1(3) Security attribute initialization
FDP_ISA.1.1
1.1.1.7
The TSF shall [selection: use the following rules [assignment: use a rolebased access control ] to assign the value [assignment: value]] to the
security attribute [assignment: any security attribute in the following list
– Security Role, other security attributes] whenever a [assignment:
process bound to a human user, PC/workstation, or server] is created.
FDP_ACC.1 (4) Access control
FDP_ACC.1.1
The TSF shall allow an operation Encryption of a subject a
Process that transmits or receives Management Data on an object User
Credential [selection: if and only if] [assignment: User credential
shall be protected for confidentiality while being transmitted over a
communication path, based on the security attributes of the subjects and
objects.]
Dependencies: FDP_ISA.1(4 & 5) Security attribute initialization
Here is my proposal to the corresponding SAI SFR for FDP_ACC.1(4) above:
1.1.1.8
FDP_ISA.1(4) Security attribute initialisation
FDP_ISA.1.1
1.1.1.9
FDP_ISA.1(5) Security attribute initialisation
FDP_ISA.1.1
1.1.1.10
The TSF shall [selection: use the following rules [assignment: use the
current configuration settings of the security attributes of a process
that transmits or receives Management Data] to assign the value
[assignment: current configured value] to the security attribute
[assignment: any of the security attributes – protocol, encryption key,
encryption algorithm of the protocol] whenever a [assignment: Process
that transmits or receives Management Data] is created.
The TSF shall [selection: use the following rules [assignment: use an input
value by an authorized user at initial configuration according to
operational environment’s network security policy] to assign an initial
value [assignment: an input value by an authorized user] to the security
attribute [assignment: any of the following security attributes –
protocol, encryption key, encryption algorithm of the protocol]
whenever a [assignment: Network Interface Configuration
Initialization Process] is created.
FIA_AFL.1 Authentication failure handling
FIA_AFL.1.1
The TSF shall detect when [assignment: positive integer] unsuccessful
authentication attempts occur related to [selection: the same user, the same
subject, [assignment: other common property of the unsuccessful
authentication attempts]].
FIA_AFL.1.2
When the defined number of unsuccessful authentication attempts has been
met or surpassed, the TSF shall [assignment: list of actions].
Dependencies: FIA_UAU.1 User authentication by TSF
1.1.1.11
FIA_UAU.1 User authentication by TSF
FIA_UAU.1.1 The
TSF shall authenticate a local registered user before the user can bind to
[assignment: a process that operates on User Document Data, User
Function Data, Management Data, Firmware].
Dependencies: FIA_UID.2 User identification
FIA_URE.2 User registration with storage of authentication data
1.1.1.12
FIA_UAU.2 User authentication by third party
FIA_UAU.2.1
The TSF shall verify that a network registered user has been authenticated
by [assignment: a network domain authentication service] before the
user can bind to [assignment: a process that operates on User Document
Data, User Function Data, Management Data, Firmware].
Dependencies: FIA_UID.2 User identification
1.1.1.13
FIA_UID.2 User identification
FIA_UID.2.1 The TSF shall identify a user before the user can bind to [assignment: a
process that operates on User Document Data, User Function Data,
Management Data, Firmware]
Dependencies: FIA_USB.1 User-subject binding
1.1.1.14
FIA_USB.1 (2) User-subject binding
FIA_USB.1.1 Upon binding a user to [assignment: a process that operates on User
Document Data, User Function Data, Management Data, Firmware]
[selection: the security attributes of the subject shall remain unchanged,
the TSF shall change the values of security attributes of that subject
as follows: [assignment: the values of security attributes of that subject
shall be changed accordingly to the values determined from the user
security properties]].
Dependencies: No dependencies.
1.1.1.15
FIA_URE.2 User registration with storage of authentication data
FIA_URE.1.1 The TSF shall be able to register new users.
FIA_URE.1.2 The TSF shall obtain values for [assignment: user security properties]
from the registering user as follows: [assignment: rules for deriving
security properties for the registering user].
FIA_URE.2.3 The TSF shall store these user security properties in [assignment: object].
Dependencies: FDP_ACC.1 Access control
1.1.1.16
FIA_TOB.1 TSF-initiated termination of binding
FIA_TOB.1.1 The TSF shall terminate a binding to a process that operates on User
Document Data, User Function Data, Management Data, Firmware after [selection:
completion of [assignment: operation], [assignment: time interval of user inactivity],
[assignment: other condition]].
FIA_TOB.1.2 The TSF shall [selection: leave the security attributes of the subject
unchanged, terminate the subject, set the security attributes of the subject to [assignment:
rules for setting the security attributes of the subject]].
Dependencies: FIA_USB.1 User-subject binding
1.1.1
1.1.1.17
Communication (FCO)
FCO_CID.1 Confidentiality of imported data
FCO_CID.1.1 The TSF shall assist in protecting the confidentiality of User Document
Data, User function Data, Management Data, Firmware provided to [assignment: a
process that receives imported data] by a user bound to that subject.
Dependencies: No dependencies
1.1.1.18
FCO_CED.1 Confidentiality of exported data
FCO_CED.1.1
The TSF shall protect the confidentiality of User Document Data,
User Function Data, Management Data provided by [assignment: subject a process
that transmits exported data] to a user bound to that subject.
Dependencies: No dependencies
1.1.1.19
FCO_IED.1 Integrity of exported data without recovery
FCO_IED.1.1 When [assignment: subject] transmits [assignment: list of data User
Document Data, User Function Data, Management Data and/or security attributes] to
a user bound to that subject, the TSF shall provide that user the means to detect
[selection: modification, deletion, insertion, replay, [assignment: other integrity]]
anomalies.
Dependencies: No dependencies
1.1.1.20
FCO_IID.1 Integrity of imported data without recovery
FCO_IID.1.1 The TSF shall monitor the integrity of [assignment: list of data User
Document Data, User Function Data, Management Data, Firmware and/or security
attributes] provided to [assignment: subject] by a user bound to that subject for
[selection: modification, deletion, insertion, replay] anomalies.
FCO_IID.1.2 On detection of an anomaly the TSF shall discard the data and/or security
attributes.
Dependencies:
1.1.1.21
No dependencies
Security audit (FAU)
1.1.1.21.1 FAU_GEN.2 Audit data generation with time
FAU_GEN.2.1
FAU_GEN.2.2
The TSF shall store an audit record in [assignment: object] of the
following events:
[selection: start-up of the audit functions, shut-down of the audit
functions, [assignment:
1) All operation events that subject to access controls,
2) All Subjects / objects creation events for operations that
subject to access controls
3) All Registration events of users
4) All local and network authentication events of users
5) Data export events
6) Data import events
7) Self-tests execution events
8) rules for which other events will be audited]].
The TSF shall record within each audit record the following
information:
a) Date and time of the event, type of event, values of [assignment:
identity and/or credentials of the user bound to the subject,
number of attempts until success or failure, other security
attributes of the subject, references of exported data, references
of imported data, detected anomaly of data import and export
events], the [selection: success, failure, [assignment: other
outcome(s)]] of the event;
and
b) [assignment: other information].
Dependencies: FMI_TIM.1 Time stamps
FDP_ACC.1 Access control
FPT_RSA.1 Maximum quotas for subjects and objects
1.1.1.22
FMI_TIM.1 Time stamps
FMI_TIM.1.1 The
TSF shall maintain the current time in [assignment: object] to an accuracy
of [assignment: accuracy metric].
Dependencies: FDP_ACC.1 Access control
1.1.1.23
FPT_RSA.1 Maximum quotas for subjects and objects
FPT_RSA.1.1
The TSF shall enforce maximum quotas for [selection: processing resources,
storage resources, communication resources, [assignment: other
resources]] that [assignment: list of subjects and/or objects] can use
[selection: simultaneously, over a specified period of time].
FPT_RSA.1.2
The TSF shall [assignment: detect and log the event and take other
action(s) if possible] when a maximum quotum is [selection: almost
surpassed, surpassed].
Dependencies: No dependencies.
Related documents
Omni-Circular UW Work Group Slides for MRAM
Omni-Circular UW Work Group Slides for MRAM
TSF Software Database 4 is the platform used to make information at
TSF Software Database 4 is the platform used to make information at
Plain english SFR examples for PP-C
Plain english SFR examples for PP-C
gwat12398-sup-0001-AppendixS1
gwat12398-sup-0001-AppendixS1
Factitious Disorder by Proxy
Factitious Disorder by Proxy
2015 TSF Student Director application
2015 TSF Student Director application
KAYMAZ GOLD MINE ENVIRONMENTAL MEASURINGS AND
KAYMAZ GOLD MINE ENVIRONMENTAL MEASURINGS AND
First of all it gives me great pleasure to welcome delegates to
First of all it gives me great pleasure to welcome delegates to
Full Disclosure Policy
Full Disclosure Policy
Download
advertisement