[Public Interpretations Database]

I-0432: List Of Subjects And Objects Refers To Types Thereof

 
TYPE:                 Guidance
NUMBER:               I-0432
STATUS:               Approved, Acceptable to CCIMB, No CCIMB Interpretation

TITLE:                List Of Subjects And Objects Refers To Types Thereof

EFFECTIVE:            2004-01-30

SOURCE REFERENCE:     CC v2.1 Part 2 Subclause 6.1 FDP_ACC
                      CC v2.1 Part 2 Subclause 6.10 FDP_ROL
                      CC v2.1 Part 2 Subclause 6.3 FDP_DAU
                      CC v2.1 Part 2 Subclause 6.5 FDP_IFC
                      CC v2.1 Part 2 Subclause 6.6 FDP_IFF
                      CC v2.1 Part 2 Subclause 6.9 FDP_RIP
                      CC v2.1 Part 2 Subclause F.1 FDP_ACC
                      CC v2.1 Part 2 Subclause F.10 FDP_ROL
                      CC v2.1 Part 2 Subclause F.3 FDP_DAU
                      CC v2.1 Part 2 Subclause F.5 FDP_IFC
                      CC v2.1 Part 2 Subclause F.6 FDP_IFF
                      CC v2.1 Part 2 Subclause F.9 FDP_RIP
RELATED TO:
     I-0416           Association Of Access Control Attributes With Subjects And Objects
     I-0417           Association Of Information Flow Attributes W/Subjects And Information
     I-0353           Association Of Access Control Attributes With Subjects And Objects
     I-0354           Association Of Information Flow Attributes W/Subjects And Information
CCIMB ENTRY:          CCIMB-INTERP-0248

ISSUE:

There are many places in the CC that refers to "list of subjects" or "list of objects". Under a literal reading, this could be read as calling for a list of specific subjects or objects, i.e., process numbers, file names, etc. Such information is too specific.

STATEMENT

The phrases "list of subjects" or "list of objects" can also refer to lists of the types of those entities, i.e., processes, files, etc.

SPECIFIC INTERPRETATION

[Note: The changes stated below are ADVISORY ONLY, and represent one approach to addressing the guidance in the statement. Other approaches that achieve the same goal are acceptable.]

To address this interpretation, the following changes are made to CC v2.1 Part 2 (notation: additions; deletions):

  • Subclause F.2, paragraph 746 is changed as follows:

    In FDP_ACC.1.1, the PP/ST author should specify the list of subjects, objects, and operations among subjects and objects covered by the SFP. The lists of subjects or objects could be very specific, if the subjects/objects are known, or it could be more generic and refer to a "type" of subject/object such as an identified role, process, or file.

  • Subclause F.2, paragraph 750 is changed as follows:

    In FDP_ACC.2.1, the PP/ST author should specify the list of subjects and objects covered by the SFP. All operations among those subjects and objects will be covered by the SFP. The lists of subjects or objects could be very specific, if the subjects/objects are known, or it could be more generic and refer to a "type" of subject/object such as an identified role, process, or file.

  • Subclause F.3, paragraph 774 is changed as follows:

    In FDP_DAU.2.2, the PP/ST author should specify the list of subjects that will have the ability to verify data authentication evidence for the objects identified in the previous element as well as the identity of the user that created the data authentication evidence. The list of subjects could be very specific, if the subjects are known, or it could be more generic and refer to a "type" of subject such as an identified role.

  • Subclause F.9, paragraph 897 is changed as follows:

    In FDP_RIP.1.1, the PP/ST author should specify the list of objects subject to residual information protection. The list of objects could be very specific, if the objects are known, or it could be more generic and refer to a "type" of object such as files, named buffers, etc.

  • Subclause F.10, paragraph 907 is changed as follows:

    In FDP_ROL.1.1 the PP/ST author should specify the list of objects that are subjected to the rollback policy. The list of objects could be very specific, if the objects are known, or it could be more generic and refer to a "type" of object such as files, named buffers, etc.

  • Subclause F.10, paragraph 911 is changed as follows:

    In FDP_ROL.2.1 the PP/ST author should specify the list of objects that are subjected to the rollback policy. The list of objects could be very specific, if the objects are known, or it could be more generic and refer to a "type" of object such as files, named buffers, etc.

SUPPORT:

The potential exists for the phrase "list of subjects" or "list of objects" to be narrowly read. In most cases, the intent is not to give a specific list of subjects and objects (for examples, process 4323 can access file "ntscpe.exe"), but to give types of subjects and objects (processes, files). This interpretation clarifies the guidance portions to make that possibility clearer.

Note: No changes are made to FDP_IFF and FDP_IFC, as the annex text for these families already includes appropriate words.

2004-01-30: This was reviewed by the CCIMB, who said: The CCIMB saw no need to adopt this national interpretation. However, use of this national interpretation will not adversely affect mutual recognition.

The CCIMB disagrees with the statement that "list of subjects" or "list of objects" could be read as a requirement to give a list of specific subjects or objects, i.e., process numbers, file names, etc. It has always been the intent of a PP to be implementation independent specification. This is also true for a ST with the exception of the DES and TSS part. This national interpretation however allows a PP/ST author to write a specification that is requiring a specific implementation.