[redhat-lspp] Self tets and the TSOL ST
George C. Wilson
ltcgcw at us.ibm.com
Fri Jan 13 22:10:59 UTC 2006
It looks like the TSOL security target doesn't help us much on the RBACPP self-
test requirement. So we're probably going to have to use tripwire or a
lightweight script. Here's the section that documents the deviation:
5.1.5.3 TSF Self Test
The TSF shall run a suite of self tests periodically during normal operation,
at the request of the authorized user, and when invocation of access rights on
selected objects occurs to demonstrate the correct operation of the TOE.
(FPT_TST.1)
<Application Note: The requirement of FPT_TST.1 for self tests when access
rights are invoked on selected objects is currently not met by Trusted Solaris8.
However, [NIST2] from the RBAC author clarifies that In my best judgement, I
feel this functionality is not implemented as a state of practice and hence
conformance to the PP can be claimed without implementing this particular
aspect of FPT_TST.1.1 requirement. Hence, although Trusted Solaris8 does not
implement this SFR, conformance claims with [RBAC] are not affected.>
The TSF shall provide authorized users with the capability to verify the
integrity of TSF data. (FPT_TST.1.2)
The TSF shall provide authorized users with the capability to verify the
integrity of stored TSF executable code. (FPT_TST.1.3)
[NIST2] Letter from R. Chandramouli, re: FPT_TST.1.1 in RBAC PP, Computer
Security Division, NIST, dated 16 July 2001.
--
George Wilson <ltcgcw at us.ibm.com>
IBM Linux Technology Center
More information about the redhat-lspp
mailing list