Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [2600] another issue to talk about...

Alas, machines are Users too. At least according to Common Criteria
definitions.

--
Regards,
Brian Smithson
Project Manager, Security Research
PMP, SSCP, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435



Haapanen, Tom wrote:
> OK ... but are we considering the sender (or recipient) of a fax (which is not necessarily a person) a User?
>
> If we are not, the Data Access Policy could be used to grant access to received faxes.
>
> Tom
>
>
> -----Original Message-----
> From: Brian Smithson [mailto:brian.smithson@xxxxxxxxxxxxx] 
> Sent: 04 December 2008 21:37
> To: Haapanen, Tom; STDS-2600@xxxxxxxxxxxxxxxxx
> Subject: Re: [2600] another issue to talk about...
>
> Tom,
>
> Yes, all jobs (print, scan, fax, copy, and store/retrieve) require
> identification, authentication, and authorization, at least in PP-A.
> That is part of the Function Access policy. There is also a Data Access
> Policy which deals with disclosing data (e.g., releasing print jobs).
> The idea is to protect both the use of the TOE and the data in the TOE,
> and they are handled by separate requirements.
>
> --
> Regards,
> Brian Smithson
> Project Manager, Security Research
> PMP, SSCP, CISSP, CISA, ISO 27000 PA
> Advanced Imaging and Network Technologies
> Ricoh Americas Corporation
> (408)346-4435
>
>
>
> Haapanen, Tom wrote:
>   
>> Are we already assuming that print jobs are authenticated as well, and unauthenticated print jobs are refused (sorry, my memory fails me)?
>>
>> One could argue that incoming fax should received, but not be *released* until an authenticated user does so ...
>>
>> Tom
>>
>>
>> -----Original Message-----
>> From: Brian Smithson [mailto:brian.smithson@xxxxxxxxxxxxx] 
>> Sent: 04 December 2008 20:35
>> To: STDS-2600@xxxxxxxxxxxxxxxxx
>> Subject: [2600] another issue to talk about...
>>
>> Jerry Thrasher brought this up (so if you like to shoot messengers...
>> :-). I don't have an answer for it. I remember having some discussions
>> about it some time ago, but apparently it is not resolved. The issue is:
>>
>> In clause 5.4 TOE Operational Model (e.g. P2600.1-40b.pdf page 10 line
>> 12), we state that one of the major security features is that "All Users
>> are identified and authenticated, and are authorized before being
>> granted permission to perform TOE functions". However, in the case of an
>> incoming fax, the sender of the fax is using the TOE functions but is
>> neither identified nor authenticated.
>>
>> So it seems that we need to make some allowance for unidentified
>> unauthenticated TOE users in clause 5.4 without being specific about
>> incoming faxes and without opening up a loophole for other kinds of
>> unidentified unauthenticated uses of the TOE.
>>
>> Any ideas?
>>
>>   
>>