![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0170: Functional Tests Required For Object Reuse
NUMBER: I-0170
STATUS: Approved by CCEVS Management and Mailed to Public Mailing
List
TITLE: Functional Tests Required For Object Reuse
APPROVAL POSTING: [announce 0350]
EFFECTIVE: 1994-04-18
REQUIREMENT: Security Testing
CRITERIA CLASSES: C2, B1, B2, B3, A1
DOCUMENT(S): <None>
RELATED TO: <None>
STATEMENT:
The following interprets the requirement that ``The security mechanisms of the ADP system shall be tested and found to work as claimed in the system documentation. Testing shall be done to assure that there are no obvious ways for an unauthorized user to bypass or otherwise defeat the security protection mechanisms of the TCB.''TCB interface(s) that allow manipulation and review of the contents of a subject's address space and of other resources available at the TCB interface (storage and named objects, devices) shall have functional tests included in the vendor test suite to supplement the analysis for object reuse.
PROJECTED IMPACT:
Negligible impact anticipated.SUPPORT:
This interpretation starts at C2, even though the testing requirement words begin at C1, because the object reuse requirement starts at C2.For there to be a threat of residual data, unprivileged interfaces must exist to manipulate or review the resources, including the subjects's address space. Those interfaces must be tested, although the analysis for residual data is also required and probably at least as effective.