Hi Nancy,
I am still confused.
Based on Table 16-Common Access Control SFP:
U.NORMAL cannot delete D.DOC "except for
his/her own documents"
U.NORMAL cannot modify or delete D.FUNC "except
for his/her own documents"
From this, I really can not see how this Common
Access Control rule can be used to protect the security attribute that is used
to enforce the Common Access Control SFP.
Lida
Principle engineer,
Kyocera Technology Development
From: Nancy Chen
[mailto:nchen@xxxxxxxxxxx]
Sent: Thursday, November 13, 2008
7:30 AM
To: STDS-2600@xxxxxxxxxxxxxxxxx
Subject: Re: [2600] question on
FMT_MSA.1 and FMT_MSA.3
Lida,
You
are right that "Common Access Control SFP is used to protect user data",
but
FMT_MSA.1 and FMT_MSA.3 are requirements for managing the security attributes
used to enforce the Common Access Control SFP.
That's
definitely a requirement.
Hope
this helps.
-Nancy
|
Lida Wang <Lida.Wang@xxxxxxxxxxxxxxx>
11/12/2008 07:43 PM
|
Please
respond to
Lida Wang
<Lida.Wang@xxxxxxxxxxxxxxx>
|
|
|
To
|
STDS-2600@xxxxxxxxxxxxxxxxx
|
|
cc
|
|
|
Subject
|
[2600] question on FMT_MSA.1 and FMT_MSA.3
|
|
Hi
all,
I think
there are some problems with FMT_MSA.1 and FMT_MSA.3. If I have
made a mistake, please clarify me.
Based on
FMT_MSA.1.1(a) the TSF shall enforce the Common Access Control
SFP, [assignment: access control SFP(s),
information flow control
SFP(s)] to restrict the ability to [selection:
change_default, query,
modify, delete, [assignment: other operations]]
the security attributes
[assignment: list of security attributes] to [assignment:
the authorized
identified roles].
Here I think
the security attributes is TSF data. However Common Access
Control SFP is used to protect user data. The
object of Common Access
Control SFP is user document data and user
functional data. Therefore I
think we should not use Common Access Control SFP
here.
There are
the same problem with FMT_MSA.1.1(b), FMT_MSA.1.3(a), and
FMT_MSA.1.3(b).
Thanks,
Lida,
Principle
engineer,
Kyocera
technology development