Fuji Xerox C2265 Manual page 40

Hide thumbs Also See for C2265:

User manual (565 pages)

Administrator's manual (771 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

page of 136

/ 136
Contents
Table of Contents
Bookmarks

Table of Contents

Fuji Xerox C2265/C2263

Rationale:

Quite often a TOE is supposed to perform specific checks and process data received on one

external interface before such (processed) data is allowed to be transferred to another external

interface. Examples are firewall systems but also other systems that require a specific work flow

for the incoming data before it can be transferred. Direct forwarding of such data (i. e. without

processing the data first) between different external interfaces is therefore a function that – if

allowed at all – can only be allowed by an authorized role.

It has been viewed as useful to have this functionality as a single component that allows

specifying the property to disallow direct forwarding and require that only an authorized role

can allow this. Since this is a function that is quite common for a number of products, it has

been viewed as useful to define an extended component.

The Common Criteria defines attribute-based control of user data flow in its FDP class. However,

in this Protection Profile, the authors needed to express the control of both user data and TSF

data flow using administrative control instead of attribute-based control. It was found that

using FDP_IFF and FDP_IFC for this purpose resulted in SFRs that were either too

implementation-specific for a Protection Profile or too unwieldy for refinement in a Security

Target. Therefore, the authors decided to define an extended component to address this

functionality.

This extended component protects both user data and TSF data, and could therefore be placed

in either the FDP or FPT class. Since its purpose is to protect the TOE from misuse, the authors

believed that it was most appropriate to place it in the FPT class. It did not fit well in any of the

existing families in either class, and this lead the authors to define a new family with just one

member.

FPT_FDI_EXP.1

Hierarchical to:

Dependencies:

FPT_FDI_EXP.1.1

Security Target

Restricted forwarding of data to external interfaces

No other components.

SMF.1 Specification of Management Functions

FMT_SMR.1 Security roles.

The TSF shall provide the capability to restrict data received on

[assignment: list of external interfaces] from being forwarded

without further processing by the TSF to [assignment: list of external

interfaces].

- 35 -



2016 by Fuji Xerox Co., Ltd

Table of Contents

This manual is also suitable for:

C2263

Fuji Xerox C2265 Manual page 40

Related Manuals for Fuji Xerox C2265

Related Products for Fuji Xerox C2265

This manual is also suitable for:

Table of Contents