These are some basics from CAPP that may explain
The Common Criteria (CC) Controlled Access Protection Profile,
hereafter called CAPP, specifies a set of security functional and assurance
requirements for Information Technology (IT) products. CAPP-conformant
products support access controls that are capable of enforcing access
limitations on individual users and data objects. CAPP-conformant products
also provide an audit capability which records the security-relevant
events which occur within the system. The CAPP provides for a level of
protection which is appropriate for an assumed non-hostile and well-managed
user community requiring protection against threats of inadvertent or
casual attempts to breach the system security. The profile is not
intended to be applicable to circumstances in which protection is
required against determined attempts by hostile and well funded
attackers to breach system security. The CAPP does not fully address
the threats posed by malicious system development or administrative
personnel. CAPP-conformant products are suitable for use in both
commercial and government environments.
...
The CAPP is for a generalized environment with a moderate level of
risk to the assets. The assurance requirements and the minimum
strength of function were chosen to be consistent with that level of
risk. The assurance level is EAL 3 and the minimum strength of
function is SOF-medium.
...
TERMS:
An _authorized_user_ is a user who has been properly identified and
authenticated. These users are con-sidered to be legitimate users
of the TOE.
An _authorized_administrator_ is an authorized user who has been granted the authority to manage the TOE. These users are expected to use this authority only in the manner prescribed by the guidance given them.
...
All individual users are assigned a unique identifier. This identifier
supports individual accountability. The TSF authenticates the claimed
identity of the user before allowing the user to perform any actions
that require TSF mediation, other than actions which aid an authorized
user in gaining access to the TOE.
-------
The LUID concept is meant to address the needs of a particular
multi-national security specification (the Common Criteria). The countries
that co-developed the Criteria are: the UK, France, Germany, Canada, Netherlands
and the US. It has been agreed that a CC system evaluated in 1 country will
be accepted in the other 5 countries.
Find the complete document on page
http://www.radium.ncsc.mil/tpep/library/protection_profiles/index.html .
The latest Common Criteria documents can be found at http://commoncriteria.org .
It is my reading of the above that a CAPP system would not be attached
to the internet but only a local 'intranet' composed of other similarly
controlled systems.
This certainly isn't meant to be a be-all, end-all answer to security.
This is a first step for a well defined environment (like a corporate
intranet.
A CAPP compliant system meets "Evaluation Assurance Level 3" which
describes (in exhaustive detail) the level of testing and proof of
Assurance. It is *not* a formal mathematical proof of correctness (EAL7).
For more on EAL's, see page http://commoncriteria.org/docs/index.html,
Document CCV2.1, Part 3.
CAPP compliant systems are thought to be the minimum security
needed for many commercial vendors and will be the minimum requirement DoD
systems next year. These are not firewall system and unlikely to be used
out of an 'internal environment'.
-linda
-- Linda A Walsh | Trust Technology, Core Linux, SGI law@sgi.com | Voice: (650) 933-5338- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:11 EST