Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [2600] question on FMT_MSA.1 and FMT_MSA.3

To: STDS-2600@xxxxxxxxxxxxxxxxx
Subject: Re: [2600] question on FMT_MSA.1 and FMT_MSA.3
From: Nancy Chen <nchen@xxxxxxxxxxx>
Date: Thu, 13 Nov 2008 10:30:12 -0500
Delivered-to: mhonarc@xxxxxxxxxxxxxxxx
In-reply-to: <9A6213D6CEDE5147A5FA6559410C363D037E5053@xxxxxxxxxxxxx>
List-help: <http://listserv.ieee.org/cgi-bin/wa?LIST=STDS-2600>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20STDS-2600>
List-owner: <mailto:STDS-2600-request@LISTSERV.IEEE.ORG>
List-subscribe: <mailto:STDS-2600-subscribe-request@LISTSERV.IEEE.ORG>
List-unsubscribe: <mailto:STDS-2600-unsubscribe-request@LISTSERV.IEEE.ORG>
Reply-to: nchen@xxxxxxxxxxx

Lida,

You are right that "Common Access Control SFP is used to protect user data",
but FMT_MSA.1 and FMT_MSA.3 are requirements for managing the security attributes used to enforce the Common Access Control SFP.

That's definitely a requirement.

Hope this helps.

-Nancy

Lida Wang <Lida.Wang@xxxxxxxxxxxxxxx>

11/12/2008 07:43 PM

Please respond to
Lida Wang <Lida.Wang@xxxxxxxxxxxxxxx>

To	STDS-2600@xxxxxxxxxxxxxxxxx
cc
Subject	[2600] question on FMT_MSA.1 and FMT_MSA.3

Hi all,

I think there are some problems with FMT_MSA.1 and FMT_MSA.3. If I have made a mistake, please clarify me.

Based on FMT_MSA.1.1(a) the TSF shall enforce the Common Access Control SFP, [assignment: access control SFP(s), information flow control SFP(s)] to restrict the ability to [selection: change_default, query, modify, delete, [assignment: other operations]] the security attributes [assignment: list of security attributes] to [assignment: the authorized identified roles].

Here I think the security attributes is TSF data. However Common Access Control SFP is used to protect user data. The object of Common Access Control SFP is user document data and user functional data. Therefore I think we should not use Common Access Control SFP here.

There are the same problem with FMT_MSA.1.1(b), FMT_MSA.1.3(a), and FMT_MSA.1.3(b).

Thanks,

Lida,

Principle engineer,

Kyocera technology development

Hi all,

I think there are some problems with FMT_MSA.1 and FMT_MSA.3. If I have made a mistake, please clarify me.

Based on FMT_MSA.1.1(a) the TSF shall enforce the Common Access Control SFP, [assignment: access control SFP(s), information flow control SFP(s)] to restrict the ability to [selection: change_default, query, modify, delete, [assignment: other operations]] the security attributes [assignment: list of security attributes] to [assignment: the authorized identified roles].

Here I think the security attributes is TSF data. However Common Access Control SFP is used to protect user data. The object of Common Access Control SFP is user document data and user functional data. Therefore I think we should not use Common Access Control SFP here.

There are the same problem with FMT_MSA.1.1(b), FMT_MSA.1.3(a), and FMT_MSA.1.3(b).

Thanks,

Lida,

Principle engineer,

Kyocera technology development

Follow-Ups:
- Re: [2600] question on FMT_MSA.1 and FMT_MSA.3
  - From: Lida Wang

References:
- [2600] question on FMT_MSA.1 and FMT_MSA.3
  - From: Lida Wang

Prev by Date: Re: [2600] question on FMT_MSA.1 and FMT_MSA.3
Next by Date: [2600] question on FMT_MSA.1 and FMT_MSA.3
Previous by thread: [2600] question on FMT_MSA.1 and FMT_MSA.3
Next by thread: Re: [2600] question on FMT_MSA.1 and FMT_MSA.3
Index(es):
- Date
- Thread