[Zope3-checkins] SVN: Zope3/trunk/doc/security/SecurityTarget.tex
added environment objectives and Assumptions to table
Christian Zagrodnick
cz at gocept.com
Tue Apr 19 10:30:08 EDT 2005
Log message for revision 30044:
added environment objectives and Assumptions to table
Changed:
U Zope3/trunk/doc/security/SecurityTarget.tex
-=-
Modified: Zope3/trunk/doc/security/SecurityTarget.tex
===================================================================
--- Zope3/trunk/doc/security/SecurityTarget.tex 2005-04-19 13:56:20 UTC (rev 30043)
+++ Zope3/trunk/doc/security/SecurityTarget.tex 2005-04-19 14:30:08 UTC (rev 30044)
@@ -2630,7 +2630,10 @@
he is allowed to delegate. It must not be possible for him to gain any extra
permissions.
- \item[O.Audit:] This security objective is necessary to counter the threat
+ \item[O.Audit:] This security objective is necessary to detect an recover
+ from most threats: T.IA, T.Perm
+
+
T.AuditFake because it loggs security relevant events and thus supports an
administrator in finding those events.
@@ -2655,31 +2658,35 @@
threat T.IA because it makes ist less likely an attacker impersonates a
principal which allows operations with high negaitive impact since those
principals are better protected.
-
+
+
+% bullet: finished
+% X: todo
\end{description}
\begin{table}
- \begin{tabular}{rRRRRRRRRRRRR}
+ \scriptsize
+ \begin{tabular}{rRRRRRRRRRRRRRRRRRR}
\toprule
- & T.IA & T.Perm &T.Operation&T.AuditFake&T.Import & T.RIP&T.Transaction&T.Undo & T.USB&T.Timestamps & T.Trustedpath & T.Host \\
+ & T.IA & T.Perm &T.Operation&T.AuditFake&T.Import & T.RIP&T.Transaction&T.Undo & T.USB&T.Timestamps & T.Trustedpath & T.Host & A.OS & A.Admin & A.Network & A.Client & A.Credential & A.Integrity \\
\midrule
-O.IA & \oh & & & & & & & & & & & \\
-O.Delegation & & \oh & & & & & & & & & & \\
-O.Audit & & & & \oh & & & & & & & & \\
-O.Protect & & & & \oh & & & & & & & & \\
-O.Access & & & \oh & & & & & & & & & \oh \\
-O.Integrity & & & & & & \oh & & & & & & \\
-O.Attributes & & & & & & & & \oh & & & & \\
-O.ManageRisk & \oh & & & & & & & & & & & \\
+O.IA & \oh & & & & & & & & & & & \\
+O.Delegation & & \oh & & & & & & & & & & \\
+O.Audit & \oh & & & \oh & & & & & & & & \\
+O.Protect & & & & \oh & & & & & & & & \\
+O.Access & & & \oh & & & & & & & & & \oh \\
+O.Integrity & & & & & & \oh & & & & & & \\
+O.Attributes & & & & & & & & \oh & & & & \\
+O.ManageRisk & \oh & & & & & & & & & & & \\
\midrule
-OE.OS \\
-OE.Trust \\
-OE.Manage \\
+OE.OS & & & & & & & & & & X & & & X \\
+OE.Trust & & & & & & & & & & & & & & X \\
+OE.Manage & & & & & & & & & & & & & & & X \\
OE.AUDITLOG \\
-OE.Network \\
-OE.Client \\
-OE.Credential \\
+OE.Network & & & & & & & & & & & & & & & X & X & & X \\
+OE.Client & & & & & & & & & & & & & & & & & X & \\
+OE.Credential& & & & & & & & & & & & & & & & & X & \\
\bottomrule
\end{tabular}
More information about the Zope3-Checkins
mailing list