[Zope3-checkins] SVN: Zope3/trunk/doc/security/SecurityTarget.tex - Restructuring of sections

Christian Theune ct at gocept.com
Wed Apr 20 05:47:31 EDT 2005


Log message for revision 30052:
   - Restructuring of sections
   - Moved summary specification rationale to rationale section
  
  

Changed:
  U   Zope3/trunk/doc/security/SecurityTarget.tex

-=-
Modified: Zope3/trunk/doc/security/SecurityTarget.tex
===================================================================
--- Zope3/trunk/doc/security/SecurityTarget.tex	2005-04-20 09:25:30 UTC (rev 30051)
+++ Zope3/trunk/doc/security/SecurityTarget.tex	2005-04-20 09:47:30 UTC (rev 30052)
@@ -100,23 +100,23 @@
 
 
 \item [Document ID:]
-{\$}Id: SecurityTarget.txt 30023 2005-04-18 13:47:51Z zagy {\$}
+$Id$
 
 
 \item [Document Version:]
-{\$}Rev: 30023 {\$}
+$Rev$
 
 
 \item [Origin:]
-Zope Corporation public CVS server
+Zope Corporation public Subversion server
 
 
 \item [TOE Reference:]
-Zope X3 3.1/CC
+Zope X3 3.1/CC              % XXX still to define. Possible alternative: Zope CC 3.1
 
 
 \item [TOE Commercial Name:]
-Zope X3
+Zope X3                     % XXX to define, depending on TOE Reference
 
 
 \item [TOE Short Description:]
@@ -979,7 +979,7 @@
 
 
 
-\chapter{Security requirements}
+\chapter{IT Security requirements}
 
 
 %___________________________________________________________________________
@@ -1003,14 +1003,14 @@
 
 
 
-\subsection{Class FAU: Audit data generation}
+\subsubsection{Class FAU: Audit data generation}
 
 
 %___________________________________________________________________________
 
 
 
-\subsection{FAU{\_}GEN.1 Audit data generation}
+\minisec{FAU{\_}GEN.1 Audit data generation}
 \begin{description}
 %[visit_definition_list_item]
 \item[FAU{\_}GEN.1.1]
@@ -1076,7 +1076,7 @@
 
 
 
-\subsection{FAU{\_}GEN.2 User identity assocation}
+\minisec{FAU{\_}GEN.2 User identity assocation}
 \begin{description}
 %[visit_definition_list_item]
 \item[FAU{\_}GEN.2.1]
@@ -1094,14 +1094,14 @@
 
 
 
-\subsection{Class FDP: Data protection}
+\subsubsection{Class FDP: Data protection}
 
 
 %___________________________________________________________________________
 
 
 
-\subsection{FDP{\_}ACC.2 Complete access control}
+\minisec{FDP{\_}ACC.2 Complete access control}
 \begin{description}
 %[visit_definition_list_item]
 \item[FDP{\_}ACC.2.1 ]
@@ -1141,7 +1141,7 @@
 
 
 
-\subsection{FDP{\_}ACF.1 Security attribute based access control}
+\minisec{FDP{\_}ACF.1 Security attribute based access control}
 \begin{description}
 %[visit_definition_list_item]
 \item[FDP{\_}ACF.1.1]
@@ -1212,7 +1212,7 @@
 
 
 
-\subsection{FDP{\_}ETC.2 Export of user data with security attributes}
+\minisec{FDP{\_}ETC.2 Export of user data with security attributes}
 \begin{description}
 %[visit_definition_list_item]
 \item[Note]
@@ -1269,7 +1269,7 @@
 
 
 
-\subsection{FDP{\_}ITC.1 Import of user data without security attributes}
+\minisec{FDP{\_}ITC.1 Import of user data without security attributes}
 \begin{description}
 %[visit_definition_list_item]
 \item[Note]
@@ -1333,7 +1333,7 @@
 
 
 
-\subsection{FDP{\_}ITC.2 Import of user data with security attributes}
+\minisec{FDP{\_}ITC.2 Import of user data with security attributes}
 \begin{description}
 %[visit_definition_list_item]
 \item[Note]
@@ -1405,7 +1405,7 @@
 
 
 
-\subsection{FDP{\_}RIP.1 Subset residual information protection}
+\minisec{FDP{\_}RIP.1 Subset residual information protection}
 \begin{description}
 %[visit_definition_list_item]
 \item[FDP{\_}RIP.2.1]
@@ -1433,7 +1433,7 @@
 
 
 
-\subsection{FDP{\_}ROL.2{\_}TRANSACTIONS Advanced Rollback}
+\minisec{FDP{\_}ROL.2{\_}TRANSACTIONS Advanced Rollback}
 \begin{description}
 %[visit_definition_list_item]
 \item[FDP{\_}ROL.2.1 ]
@@ -1472,7 +1472,7 @@
 
 
 
-\subsection{FDP{\_}ROL.1{\_}UNDO Basic rollback}
+\minisec{FDP{\_}ROL.1{\_}UNDO Basic rollback}
 \begin{description}
 %[visit_definition_list_item]
 \item[FDP{\_}ROL.1.1 ]
@@ -1501,14 +1501,14 @@
 
 
 
-\subsection{Class FIA: Identification and authentication}
+\subsubsection{Class FIA: Identification and authentication}
 
 
 %___________________________________________________________________________
 
 
 
-\subsection{FIA{\_}AFL{\_}z.1 Authentication failure handling}
+\minisec{FIA{\_}AFL{\_}z.1 Authentication failure handling}
 \begin{description}
 %[visit_definition_list_item]
 \item[FIA{\_}AFL{\_}z.1.1]
@@ -1542,7 +1542,7 @@
 
 
 
-\subsection{FIA{\_}ATD.1 User attribute definition}
+\minisec{FIA{\_}ATD.1 User attribute definition}
 \begin{description}
 %[visit_definition_list_item]
 \item[FIA{\_}ATD.1.1 ]
@@ -1561,7 +1561,7 @@
 
 
 
-\subsection{FIA{\_}UAU.1 Timing of authentication}
+\minisec{FIA{\_}UAU.1 Timing of authentication}
 \begin{description}
 %[visit_definition_list_item]
 \item[FIA{\_}UAU.1.1 ]
@@ -1594,7 +1594,7 @@
 
 
 
-\subsection{FIA{\_}UAU.5 Multiple authentication systems}
+\minisec{FIA{\_}UAU.5 Multiple authentication systems}
 \begin{description}
 %[visit_definition_list_item]
 \item[FIA{\_}UAU.5.1 ]
@@ -1624,7 +1624,7 @@
 
 
 
-\subsection{FIA{\_}UAU.6 Re-authentication}
+\minisec{FIA{\_}UAU.6 Re-authentication}
 \begin{description}
 %[visit_definition_list_item]
 \item[FIA{\_}UAU.6.1 ]
@@ -1653,7 +1653,7 @@
 
 
 
-\subsection{FIA{\_}USB.1 User-subject binding}
+\minisec{FIA{\_}USB.1 User-subject binding}
 \begin{description}
 %[visit_definition_list_item]
 \item[FIA{\_}USB.1.1]
@@ -1671,14 +1671,14 @@
 
 
 
-\subsection{Class FMT: Security management}
+\subsubsection{Class FMT: Security management}
 
 
 %___________________________________________________________________________
 
 
 
-\subsection{FMT{\_}MOF.1 Management of security functions}
+\minisec{FMT{\_}MOF.1 Management of security functions}
 \begin{description}
 %[visit_definition_list_item]
 \item[FMT{\_}MOF.1.1]
@@ -1709,7 +1709,7 @@
 
 
 
-\subsection{FMT{\_}MSA.1 Management of security attributes}
+\minisec{FMT{\_}MSA.1 Management of security attributes}
 \begin{description}
 \item[FMT{\_}MSA.1.1.grants]
     The TSF shall enforce the \emph{\[formal security policy\]} to restrict the
@@ -1731,7 +1731,7 @@
 
 \end{description}
 
-\subsection{FMT{\_}MSA.2 Secure security attributes}
+\minisec{FMT{\_}MSA.2 Secure security attributes}
 
 \begin{description}
 
@@ -1746,7 +1746,7 @@
 
 
 
-\subsection{FMT{\_}MSA.3 Static attribute initialisation}
+\minisec{FMT{\_}MSA.3 Static attribute initialisation}
 \begin{description}
 %[visit_definition_list_item]
 \item[FMT{\_}MSA.3.1]
@@ -1784,7 +1784,7 @@
 
 
 
-\subsection{FMT{\_}SMR.1 Security roles}
+\minisec{FMT{\_}SMR.1 Security roles}
 
 XXX update/rewrite section
 \begin{description}
@@ -1840,14 +1840,14 @@
 
 
 
-\subsection{Class FPT: Protection of the TSF}
+\subsubsection{Class FPT: Protection of the TSF}
 
 
 %___________________________________________________________________________
 
 
 
-\subsection{FPT{\_}AMT.1 Abstract machine testing}
+\minisec{FPT{\_}AMT.1 Abstract machine testing}
 \begin{description}
 %[visit_definition_list_item]
 \item[FPT{\_}AMT.1.1 ]
@@ -1867,7 +1867,7 @@
 
 
 
-\subsection{FPT{\_}FLS.1 Failure with preservation of secure state}
+\minisec{FPT{\_}FLS.1 Failure with preservation of secure state}
 \begin{description}
 %[visit_definition_list_item]
 \item[FPT{\_}FLS.1.1 ]
@@ -1886,7 +1886,7 @@
 
 
 
-\subsection{FPT{\_}RVM.1 Non-bypassability of the TSP}
+\minisec{FPT{\_}RVM.1 Non-bypassability of the TSP}
 \begin{description}
 %[visit_definition_list_item]
 \item[FPT{\_}RVM.1.1 ]
@@ -1905,7 +1905,7 @@
 
 
 
-\subsection{FPT{\_}SEP.1 TSF domain separation}
+\minisec{FPT{\_}SEP.1 TSF domain separation}
 \begin{description}
 %[visit_definition_list_item]
 \item[FPT{\_}SEP.1.1 ]
@@ -1933,7 +1933,7 @@
 
 
 
-\subsection{FPT{\_}STM.1 Reliable time stamps}
+\minisec{FPT{\_}STM.1 Reliable time stamps}
 \begin{description}
 %[visit_definition_list_item]
 \item[FPT{\_}STM.1.1]
@@ -1950,7 +1950,7 @@
 
 
 
-\section{TOE security assurance requirements}
+\subsection{TOE security assurance requirements}
 
 The Evaluation Assurance Level chosen for this Evaluation is EAL 1.
 
@@ -2093,24 +2093,11 @@
 secure proxies correctly (for example, being sure to accept only
 valid server certificates with HTTPS).
 
-
 %___________________________________________________________________________
 
-
-
-
-
-%___________________________________________________________________________
-
-
-
 \chapter{TOE summary specification}
 
 
-%___________________________________________________________________________
-
-
-
 \section{TOE security functions}
 
 The major functions implemented by the TOE are:
@@ -2120,7 +2107,7 @@
 
 
 
-\section{Protection}
+\subsection{Protection}
 
 The protection subsystem is responsible for controlling the access of subjects
 to objects.  It does this through the use of security proxies.  Any non-basic
@@ -2135,7 +2122,7 @@
 
 
 
-\section{Authentication}
+\subsection{Authentication}
 
 Zope provides a flexible authentication schema that by default supports HTTP
 Basic Auth and is extensible to support different data
@@ -2150,7 +2137,7 @@
 
 
 
-\section{Authorization / Access Control}
+\subsection{Authorization / Access Control}
 
 To determine whether an operation under a given subject is allowed, Zope has an
 authorization subsystem (aka access control). The authorization subsystem uses
@@ -2187,7 +2174,7 @@
 
 
 
-\section{Auditing}
+\subsection{Auditing}
 
 Zope provides an auditing system that listens for events within Zope according
 to the SFRs described above. It is implemented using the event framework of
@@ -2203,7 +2190,7 @@
 
 
 
-\section{Transaction management}
+\subsection{Transaction management}
 
 Most data is stored on persistent objects. The transaction machinery rolls back
 all data that is stored on persistent objects.
@@ -2213,7 +2200,7 @@
 
 
 
-\section{Undo}
+\subsection{Undo}
 \begin{itemize}
 \item {} 
 storage support
@@ -2239,7 +2226,7 @@
 
 
 
-\section{Publication / Server}
+\subsection{Publication / Server}
 
 XXX get servers, protocols and publisher right
 
@@ -2263,7 +2250,7 @@
 
 
 
-\section{Automated Tests}
+\subsection{Automated Tests}
 
 Zope provides a suite of automated tests that allow the user to ensure that the
 security functionality implemented with a delivered package is consistent with
@@ -2274,7 +2261,7 @@
 
 
 
-\section{Python Environment XXX}
+\subsection{Python Environment XXX}
 
 As Zope relies on Python and the host environment to provide reliable time
 stamps, we regard auditing adjustments to the time being out of scope.
@@ -2285,255 +2272,6 @@
 %___________________________________________________________________________
 
 
-
-\section{Table: Functions to Security Functional Requirements Mapping}
-\begin{quote}
-
-\begin{longtable}[c]{|l|l|}
-\hline
-\textbf{
-Functions
-} & \textbf{
-Security Functional Requirements
-} \\
-\hline
-\endhead
-
-Protection
- & 
-FDP{\_}ACC.2, FDP{\_}ACF.1, FDP{\_}ETC.2, FDP{\_}ITC.1,
-FDP{\_}ITC.2, FDP{\_}ROL.1{\_}UNDO, FIA{\_}UAU.1, FMT{\_}MOF.1,
-FMT{\_}MSA.1, FMT{\_}SMR.1, FPT{\_}RVM.1, FPT{\_}SEP.1
- \\
-\hline
-
-Authentication
- & 
-FIA{\_}AFL{\_}z.1, FIA{\_}ATD.1, FIA{\_}UAU.5, FIA{\_}UAU.6,
-FMT{\_}MSA.1
- \\
-\hline
-
-Authorization
- & 
-FDP{\_}ACC.2, FDP{\_}ACF.1, FDP{\_}ETC.2, FDP{\_}ITC.1,
-FTP{\_}ITC.2, FDP{\_}RIP.1, FDP{\_}ROL.1{\_}Undo, FIA{\_}ATD.1,
-FIA{\_}UAU.1, FIA{\_}USB.1, FMT{\_}MOF.1, FMT{\_}MSA.1,
-FMT{\_}MSA.3, FMT{\_}SMR.1,
- \\
-\hline
-
-Auditing
- & 
-FAU{\_}GEN.1, FAU{\_}GEN.2, FPT{\_}STM.1
- \\
-\hline
-
-Transaction
- & 
-FDP{\_}ROL.2{\_}Transactions
- \\
-\hline
-
-management
- &  \\
-\hline
-
-Undo
- & 
-FDP{\_}ROL.1{\_}Undo
- \\
-\hline
-
-Publisher
- & 
-FIA{\_}UAU.1, FIA{\_}USB.1
- \\
-\hline
-
-Automated Tests
- & 
-FPT{\_}AMT.1
- \\
-\hline
-
-Python Environemnt
- & 
-FPT{\_}STM.1
- \\
-\hline
-\end{longtable}
-\end{quote}
-
-
-%___________________________________________________________________________
-
-
-
-\section{Table: Security Functional Requirements to Functions Mapping}
-\begin{quote}
-
-\begin{longtable}[c]{|l|l|}
-\hline
-\textbf{
-SFR
-} & \textbf{
-Function
-} \\
-\hline
-\endhead
-
-FAU{\_}GEN.1
- & 
-Audit
- \\
-\hline
-
-FAU{\_}GEN.2
- & 
-Audit
- \\
-\hline
-
-FDP{\_}ACC.2
- & 
-Authorization, Protection
- \\
-\hline
-
-FDP{\_}ACF.1
- & 
-Authorization, Protection
- \\
-\hline
-
-FDP{\_}ETC.2
- & 
-Authorization, Protection, Synchronization
- \\
-\hline
-
-FDP{\_}ITC.1
- & 
-Authorization, Protection, Synchronization
- \\
-\hline
-
-FDP{\_}ITC.2
- & 
-Authorization, Protection, Synchronization
- \\
-\hline
-
-FDP{\_}RIP.1
- & 
-Authorization
- \\
-\hline
-
-FDP{\_}ROL.2{\_}Transactions
- & 
-Transaction management
- \\
-\hline
-
-FDP{\_}ROL.1{\_}Undo
- & 
-Undo, Authorization, Protection
- \\
-\hline
-
-FIA{\_}AFL{\_}z.1
- & 
-Authentication
- \\
-\hline
-
-FIA{\_}ATD.1
- & 
-Authentication
- \\
-\hline
-
-FIA{\_}UAU.1
- & 
-Publication, Authorization, Protection
- \\
-\hline
-
-FIA{\_}UAU.5
- & 
-Authentication
- \\
-\hline
-
-FIA{\_}UAU.6
- & 
-Authentication
- \\
-\hline
-
-FIA{\_}USB.1
- & 
-Publication, Authorization
- \\
-\hline
-
-FMT{\_}MOF.1
- & 
-Authorization, Protection, Authentication
- \\
-\hline
-
-FMT{\_}MSA.3
- & 
-Authorization
- \\
-\hline
-
-FMT{\_}SMR.1
- & 
-Authorization, Protection
- \\
-\hline
-
-FPT{\_}AMT.1
- & 
-Automated Tests
- \\
-\hline
-
-FPT{\_}RVM.1
- & 
-Protection
- \\
-\hline
-
-FPT{\_}FLS.1
- & 
-Transaction management
- \\
-\hline
-
-FPT{\_}SEP.1
- & 
-Protection
- \\
-\hline
-
-FPT{\_}STM.1
- & 
-Python environment
- \\
-\hline
-\end{longtable}
-\end{quote}
-
-
-%___________________________________________________________________________
-
-
-
 \section{Assurance measures}
 
 
@@ -2588,22 +2326,12 @@
 
 \chapter{PP claims}
 
-There are no PP claims.
+No PP compatibility is beeing claimed.
 
 
 %___________________________________________________________________________
 
 
-
-\chapter{SOF claims}
-
-There is no SOF claim here for EAL 1.
-
-
-%___________________________________________________________________________
-
-
-
 \chapter{Rationale}
 
 
@@ -2906,9 +2634,254 @@
     administrators installing their extensions. FPT\_SEP.1 supports the
     distinction between the trusted and untrusted domain.
 
+\section{Summary Specification Rationale}
+
+\begin{quote}
+
+\begin{longtable}[c]{|l|l|}
+\hline
+\textbf{
+Functions
+} & \textbf{
+Security Functional Requirements
+} \\
+\hline
+\endhead
+
+Protection
+ & 
+FDP{\_}ACC.2, FDP{\_}ACF.1, FDP{\_}ETC.2, FDP{\_}ITC.1,
+FDP{\_}ITC.2, FDP{\_}ROL.1{\_}UNDO, FIA{\_}UAU.1, FMT{\_}MOF.1,
+FMT{\_}MSA.1, FMT{\_}SMR.1, FPT{\_}RVM.1, FPT{\_}SEP.1
+ \\
+\hline
+
+Authentication
+ & 
+FIA{\_}AFL{\_}z.1, FIA{\_}ATD.1, FIA{\_}UAU.5, FIA{\_}UAU.6,
+FMT{\_}MSA.1
+ \\
+\hline
+
+Authorization
+ & 
+FDP{\_}ACC.2, FDP{\_}ACF.1, FDP{\_}ETC.2, FDP{\_}ITC.1,
+FTP{\_}ITC.2, FDP{\_}RIP.1, FDP{\_}ROL.1{\_}Undo, FIA{\_}ATD.1,
+FIA{\_}UAU.1, FIA{\_}USB.1, FMT{\_}MOF.1, FMT{\_}MSA.1,
+FMT{\_}MSA.3, FMT{\_}SMR.1,
+ \\
+\hline
+
+Auditing
+ & 
+FAU{\_}GEN.1, FAU{\_}GEN.2, FPT{\_}STM.1
+ \\
+\hline
+
+Transaction
+ & 
+FDP{\_}ROL.2{\_}Transactions
+ \\
+\hline
+
+management
+ &  \\
+\hline
+
+Undo
+ & 
+FDP{\_}ROL.1{\_}Undo
+ \\
+\hline
+
+Publisher
+ & 
+FIA{\_}UAU.1, FIA{\_}USB.1
+ \\
+\hline
+
+Automated Tests
+ & 
+FPT{\_}AMT.1
+ \\
+\hline
+
+Python Environemnt
+ & 
+FPT{\_}STM.1
+ \\
+\hline
+\end{longtable}
+\end{quote}
+
+
 %___________________________________________________________________________
 
 
+
+\section{Table: Security Functional Requirements to Functions Mapping}
+\begin{quote}
+
+\begin{longtable}[c]{|l|l|}
+\hline
+\textbf{
+SFR
+} & \textbf{
+Function
+} \\
+\hline
+\endhead
+
+FAU{\_}GEN.1
+ & 
+Audit
+ \\
+\hline
+
+FAU{\_}GEN.2
+ & 
+Audit
+ \\
+\hline
+
+FDP{\_}ACC.2
+ & 
+Authorization, Protection
+ \\
+\hline
+
+FDP{\_}ACF.1
+ & 
+Authorization, Protection
+ \\
+\hline
+
+FDP{\_}ETC.2
+ & 
+Authorization, Protection, Synchronization
+ \\
+\hline
+
+FDP{\_}ITC.1
+ & 
+Authorization, Protection, Synchronization
+ \\
+\hline
+
+FDP{\_}ITC.2
+ & 
+Authorization, Protection, Synchronization
+ \\
+\hline
+
+FDP{\_}RIP.1
+ & 
+Authorization
+ \\
+\hline
+
+FDP{\_}ROL.2{\_}Transactions
+ & 
+Transaction management
+ \\
+\hline
+
+FDP{\_}ROL.1{\_}Undo
+ & 
+Undo, Authorization, Protection
+ \\
+\hline
+
+FIA{\_}AFL{\_}z.1
+ & 
+Authentication
+ \\
+\hline
+
+FIA{\_}ATD.1
+ & 
+Authentication
+ \\
+\hline
+
+FIA{\_}UAU.1
+ & 
+Publication, Authorization, Protection
+ \\
+\hline
+
+FIA{\_}UAU.5
+ & 
+Authentication
+ \\
+\hline
+
+FIA{\_}UAU.6
+ & 
+Authentication
+ \\
+\hline
+
+FIA{\_}USB.1
+ & 
+Publication, Authorization
+ \\
+\hline
+
+FMT{\_}MOF.1
+ & 
+Authorization, Protection, Authentication
+ \\
+\hline
+
+FMT{\_}MSA.3
+ & 
+Authorization
+ \\
+\hline
+
+FMT{\_}SMR.1
+ & 
+Authorization, Protection
+ \\
+\hline
+
+FPT{\_}AMT.1
+ & 
+Automated Tests
+ \\
+\hline
+
+FPT{\_}RVM.1
+ & 
+Protection
+ \\
+\hline
+
+FPT{\_}FLS.1
+ & 
+Transaction management
+ \\
+\hline
+
+FPT{\_}SEP.1
+ & 
+Protection
+ \\
+\hline
+
+FPT{\_}STM.1
+ & 
+Python environment
+ \\
+\hline
+\end{longtable}
+\end{quote}
+
+
+%___________________________________________________________________________
+
+
 \subsection{Choice of TOE security assurance requirements}
 
 The choice of assurance requirements is based on the analysis of the security



More information about the Zope3-Checkins mailing list