NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0204:  Protection of Selected User Data

Publication Date
2017.05.08

Protection Profiles
PP_APP_SWFE_EP_v1.0

Other References
FDP_PRT_EXT

Issue Description

The test activity for FDP_PRT_EXT.1.2 does not adequately capture the intent of the SFR claim.

Resolution

The test activity for FDP_PRT_EXT.1.2 is replaced as follows:

 

This test only applies for application provided functionality.


1. Using a file editor, create and save a text file that is encrypted per the evaluation configured encryption policy.  The contents of the file will be limited to a known text pattern to ensure that the text pattern will be present in all encryption/decryption operations performed by the TOE.

2. Exit the file editor so that the file (including its known text pattern) has “completed the decryption/encryption operation” and process memory containing the known text pattern is released.

3. The evaluator will take a dump of volatile memory and search the generated dump for the known pattern.  The test fails if the known plaintext pattern is found in the memory dump.

4. Open the file again with a file editor.

5. The evaluator will take a dump of volatile memory and search the generated dump for the known text pattern.  Note that the known text pattern is expected to be present since the file editor has the file open. The test fails if the known plaintext pattern is not found in the memory dump.

6. Close the file and exit the file editor.

7. The evaluator will take a dump of volatile memory and search the retrieved dump for the known pattern.  The test fails if the known plaintext pattern is found in the memory dump.

Justification

See issue description.

 
 
Site Map              Contact Us              Home