[Zope3-checkins] SVN: Zope3/trunk/doc/security/SecurityTarget.tex removed oe.manage, A.integrity (merged with a.os)

Christian Zagrodnick cz at gocept.com
Wed Apr 20 08:12:21 EDT 2005


Log message for revision 30056:
  removed oe.manage, A.integrity (merged with a.os)
  
  removed T.USB and T.Trustedpath
  
  
  

Changed:
  U   Zope3/trunk/doc/security/SecurityTarget.tex

-=-
Modified: Zope3/trunk/doc/security/SecurityTarget.tex
===================================================================
--- Zope3/trunk/doc/security/SecurityTarget.tex	2005-04-20 12:06:49 UTC (rev 30055)
+++ Zope3/trunk/doc/security/SecurityTarget.tex	2005-04-20 12:12:21 UTC (rev 30056)
@@ -858,13 +858,6 @@
   Those responsible for the TOE must be trustworthy.
    \\
 
-  OE.Manage
-   & 
-  Those responsible for the TOE must ensure that the TOE
-  is delivered, installed, managed, and operated in a
-  manner which maintains IT security.
-   \\
-
   OE.AUDITLOG
    & 
   Administrators of the TOE must ensure that audit
@@ -2279,34 +2272,29 @@
 % bullet: finished
 % X: todo
 
-\begin{table}
-  \scriptsize
-  \begin{tabular}{rRRRRRRRRRRRRRRRRRR}
+  \begin{longtable}{rRRRRRRRRRRRRRRR}
     \toprule
-    & T.IA  & T.Perm &T.Operation&T.AuditFake&T.Import  & T.RIP&T.Transaction&T.Undo &  T.USB&T.Timestamps &  T.Trustedpath & T.Host & A.OS & A.Admin & A.Network & A.Client & A.Credential & A.Integrity \\
+              & T.IA  & T.Perm &T.Operation&T.AuditFake&T.Import & T.RIP&T.Transaction&T.Undo &T.Timestamps & T.Host & A.OS & A.Admin & A.Network & A.Client & A.Credential  \\
     \midrule
-O.IA         &  \oh  &       &            &            &         &      &             &       &       &             &         &       \\
-O.Delegation &       &   \oh &            &            &         &      &             &       &       &             &         &        \\
-O.Audit      & \oh   &       &            &    \oh     &         &      &             &       &       &             &         &        \\
-O.Protect    &       &       &            &    \oh     &         &      &             &       &       &             &         &        \\
-O.Access     &       &       &      \oh   &            &         &      &             &       &       &             &         &  \oh   \\
-O.Integrity  &       &       &            &            &         &  \oh &             &       &       &             &         &        \\
-O.Attributes &       &       &            &            &         &      &             &  \oh  &       &             &         &        \\
-O.ManageRisk &   \oh &       &            &            &         &      &             &       &       &             &         &        \\
+O.IA         &  \oh  &       &            &            &         &      &             &       &             &        &      &       \\
+O.Delegation &       &   \oh &            &            &         &      &             &       &             &        &      &        \\
+O.Audit      & \oh   &       &            &    \oh     &         &      &             &       &             &        &      &        \\
+O.Protect    &       &       &            &    \oh     &         &      &             &       &             &        &      &        \\
+O.Access     &       &       &      \oh   &            &         &      &             &       &             &        &      &  \oh   \\
+O.Integrity  &       &       &            &            &         &  \oh &             &       &             &        &      &        \\
+O.Attributes &       &       &            &            &         &      &             &  \oh  &             &        &      &        \\
+O.ManageRisk &   \oh &       &            &            &         &      &             &       &             &        &      &        \\
 \midrule
-OE.OS        &       &       &            &            &         &      &             &       &       &   \oh       &         &      & \oh  \\
-OE.Trust     &       &       &            &            &         &      &             &       &       &             &         &      &      &   \oh \\
-OE.Manage    &       &       &            &            &         &      &             &       &       &             &         &      &      &        &         &              &                & \oh \\
-OE.AUDITLOG \\
-OE.Network   &       &       &            &            &         &      &             &       &       &             &         &      &      &        &  \oh    &              &                &     \oh  \\
-OE.Client    &       &       &            &            &         &      &             &       &       &             &         &      &      &        &         &              &       X        &       \\
-OE.Credential&       &       &            &            &         &      &             &       &       &             &         &      &      &        &         &              &       X        &       \\
-
+OE.OS        &       &       &            &            &         &      &             &       &    \oh      &        &  \oh &         &         &            &          \\
+OE.Trust     &       &       &            &            &         &      &             &       &             &        &      &  \oh    &         &            &            \\
+OE.AUDITLOG  &       &       &            &            &         &      &             &       &             &        &      &         &         &            &                   \\  
+OE.Network   &       &       &            &            &         &      &             &       &             &        &      &         &  \oh    &            &                   \\   
+OE.Client    &       &       &            &            &         &      &             &       &             &        &      &         &         &    \oh     &                   \\
+OE.Credential&       &       &            &            &         &      &             &       &             &        &      &         &         &            &    \oh    \\ 
 \bottomrule
-  \end{tabular}
-  \label{tab-SOR}
   \caption{Mapping of Threats and Assumptions to Security Objectives}
-\end{table}
+  \label{tab-SOR}
+\end{longtable}
 
 Table~\vref{tab-SOR} shows that all threads and assumptions are covered
 by a security objectives. The following list explains why the objectives cover
@@ -2361,17 +2349,21 @@
 
   \item[OE.Trust:] This security objective covers the assumption
   \textbf{A.Admin}.
-  
-  \item[OE.Manage:] This security objective covers the assumption
-  \textbf{A.Integrity} because it ensures the TOE is administered in a way to
-  maintain IT security preventing malicious software.
 
   \item[OE.AUDITLOG:] XXX
 
   \item[OE.Network:] This security objective covers the assumptions
-  \textbf{A.Network} and \textbf{A.Integrity} because it asserts that all
+  \textbf{A.Network} because it asserts that all
   network connections which are not related to the TOE are secure in way not
   compromising the integrity.
+
+  \item[OE.Client:] This security objective covers the assumption
+  \textbf{A.Client} because it makes sure that the identification and
+  authentication data is not monitored or interfered.
+
+  \item[OE.Credential:] This security objective covers the assumption
+  \textbf{A.Credentialt} because it demands that the user is keeping the
+  credentials to authenticate secret.
   
 \end{description}
 %___________________________________________________________________________



More information about the Zope3-Checkins mailing list