NXP JCOP 4 Security Target Lite v3.4 11
Requirements | CC Dependencies | Satisfied Dependencies |
FAU_SAA.1 Potential violation analys is | see §7.3.3.1 of [13] | |
No other components. | ||
FIA_UID.1 Timing of identification. | ||
[FCS_CKM.2 Cryptographic key distri bution, or FCS_COP.1 Cryptographic operation] FCS_CKM.4 Cryptographic key destruction | see §7.3.3.1 of [13] | |
[FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction | see §7.3.3.1 of [13] | |
[FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction | see §7.3.3.1 of [13] | |
[FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] | see §7.3.3.1 of [13] | |
[FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction. | see §7.3.3.1 of [13] | |
No dependencies | ||
No dependencies | ||
FDP_ACF.1 Security attribute based access control | FDP_ACF.1[EXTMEM] | |
FDP_ACF.1 Security attribute based access control | ||
FDP_ACF.1 Security attribute based access control | see §7.3.3.1 of [13] | |
FDP_ACF.1 Security attribute based access control | see §7.3.3.1 of [13] | |
FDP_ACF.1 Security attribute based access control | FDP_ACF.1[SecureBox] | |
FDP_ACF.1 Security attribute based access control | ||
FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation | see §7.3.3.1 of [13] | |
FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation | see §7.3.3.1 of [13] | |
FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation | FDP_ACC.1[EXTMEM] | |
FMT_MSA.3[EXTMEM] | ||
FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation | FDP_ACC.2[SecureBox] | |
FMT_MSA.3[SecureBox] | ||
FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation | ||
FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation | ||
FDP_IFF.1 Simple security attributes | see §7.3.3.1 of [13] | |
FDP_IFF.1 Simple security attributes | ||
FDP_IFF.1 Simple security attributes | ||
FDP_IFF.1 Simple security attributes | see §7.3.3.1 of [13] | |
DESIGN] | ||
FDP_IFC.1 Subset information flow control FMT_MSA.3 Static attribute initialisation | see §7.3.3.1 of [13] | |
FDP_IFC.1 Subset information flow control FMT_MSA.3 Static attribute initialisation | ||
FDP_IFC.1 Subset information flow control FMT_MSA.3 Static attribute initialisation | ||
FDP_IFC.1 Subset information flow control, FMT_MSA.3 Static attribute initialisation | FDP_ IFC.1[MODULARDESIGN] | |
DESIGN] | ||
FMT_ MSA.3[MODULARDESIGN] | ||
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] [FTP_ITC.1 Inter-TSF trusted channel, or FTP_TRP.1 Trusted path] FPT_TDC.1 Inter-TSF basic TSF data consistency | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
Refined] | No dependencies. | |
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] | see §7.3.3.1 of [13] | |
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] | ||
No dependencies. | ||
RESULT] | No dependencies. | |
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] [FTP_ITC.1 Inter-TSF trusted channel, or FTP_TRP.1 Trusted path] | ||
FIA_UAU.1 Timing of authentication. | see AppNote in FIA_ AFL.1[PIN] | |
No dependencies. | ||
DESIGN] | No dependencies. | |
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
DESIGN] | No dependencies. | |
FIA_ATD.1 User attribute definition | see §7.3.3.1 of [13] | |
FIA_ATD.1 User attribute definition | FIA_ ATD.1[MODULARDESIGN] | |
DESIGN] | ||
FIA_UID.1 Timing of identification | ||
FIA_UID.1 Timing of identification | ||
No dependencies. | ||
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions | see §7.3.3.1 of [13] | |
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions | see §7.3.3.1 of [13] | |
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions | see §7.3.3.1 of [13] | |
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions | ||
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions | FDP_ACC.1[EXTMEM] | |
FMT_SMF.1[EXTMEM] | ||
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions | FDP_ACC.2[SecureBox] | |
FMT_SMF.1[SecureBox] | ||
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions | ||
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions | ||
[FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions | ||
DESIGN] | [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control], FMT_SMR.1 Security roles, FMT_SMF.1 Specification of Management Functions | FDP_ IFC.1[MODULARDESIGN] |
FMT_ SMR.1[MODULARDESIGN] | ||
FMT_ SMF.1[MODULARDESIGN] | ||
JCVM] | [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions | see §7.3.3.1 of [13] |
FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles | see §7.3.3.1 of [13] | |
FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles | see §7.3.3.1 of [13] | |
FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles | see §7.3.3.1 of [13] | |
FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles | FMT_MSA.1[EXTMEM] | |
FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles | FMT_MSA.1[SecureBox] | |
FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles | ||
FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles | ||
FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles | ||
FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles | ||
DESIGN] | FMT_MSA.1 Management of security attributes, FMT_SMR.1 Security roles | FMT_ MSA.1[MODULARDESIGN] |
FMT_ SMR.1[MODULARDESIGN] | ||
FMT_SMR.1 Security roles FMT_ SMF.1 Specification of Management Functions | see §7.3.3.1 of [13] | |
FMT_MTD.1 Management of TSF data | see §7.3.3.1 of [13] | |
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
DESIGN] | No dependencies. | |
FIA_UID.1 Timing of identification | see §7.3.3.1 of [13] | |
FIA_UID.1 Timing of identification | see §7.3.3.1 of [13] | |
FIA_UID.1 Timing of identification | see §7.3.3.1 of [13] | |
FIA_UID.1 Timing of identification | ||
FIA_UID.1 Timing of identification | ||
DESIGN] | FIA_UID.1 Timing of identification | FIA_ UID.1[MODULARDESIGN] |
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
No dependencies. | ||
DESIGN] | No dependencies. | |
No dependencies. | ||
AGD_OPE.1 Operational user guidance | see §7.3.3.1 of [13] | |
No dependencies. | ||
No dependencies. | ||
ADV_FSP.4 Complete functional specification | see §7.3.3.1 of [13] | |
Tab. 7.40: SFRs Dependencies |
7.5.1 Rationale for Exclusion of Dependencies
The dependency FIA_UID.1 of FMT_SMR.1[INSTALLER] is unsupported. This ST does not require the iden-
tification of the "Installer" since it can be considered as part of the TSF.
The dependency FIA_UID.1 of FMT_SMR.1[ADEL] is unsupported. This ST does not require the identificationof the "applet deletion manager"since it can be considered as part of the TSF.
The dependency FIA_UID.1 of FMT_SMR.1[MODULAR-DESIGN] is unsupported. This ST does not requirethe identification of the "Module Invoker" since it can be considered as part of the TSF.
The dependency FMT_SMF.1 of FMT_MSA.1[JCRE]is unsupported. The dependency between FMT_MSA.1[JCRE]and FMT_SMF.1 is not satisfied because no management functions are required for the Java Card RE.
The dependency FAU_SAA.1 of FAU_ARP.1 is unsupported. The dependency of FAU_ARP.1onFAU_SAA.1assumes that a "potential security violation" generates an audit event. On the contrary, the events listed in FAU_ ARP.1 are self-contained (arithmetic exception, ill-formed bytecodes, access failure) and ask for a straightforward reaction of the TSFs on their occurrence at runtime. The JCVM or other components of the TOE detect these events during their usual working order. Thus, there is no mandatory audit recording in this ST.
The dependency FIA_UAU.1 of FIA_AFL.1[PIN] is unsupported. The TOE implements the firewall accesscontrol SFP, based on which access to the object Implementing FIA_AFL.1[PIN]is organized.
The dependencies FMT_SMR.1 of FMT_MSA.1[SecureBox] and FMT_MSA.3[SecureBox]are unsupported.
Only S.JCRE is allowed to modify security attributes for the Secure Box before S.SBNativeCode is executed. Furthermore does the TOE not allow to specify alternative initial values for the security attributes of the Secure Box.
7.6 Security Assurance Requirements Rationale
The selection of assurance components is based on the underlying PP [13]. The Security Target uses the aug-mentations from the PP, chooses EAL6 and adds the components ASE_TSS.2 and ALC_FLR.1.
The rationale for the augmentations is the same as in the PP.
The assurance level EAL6 is an elaborated pre-defined level of the CC, part 3 [4]. The assurance components in an EAL level are chosen in a way that they build a mutually supportive and complete set of components.
The additional requirements chosen for augmentation do not add any dependencies, which are not already fulfilled for the corresponding requirements contained in EAL6. Therefore, the components ASE_TSS.2 and ALC_FLR.1 add additional assurance to EAL6, but the mutual support of the requirements is still guaranteed.
9 Contents
1 ST Introduction (ASE_INT) | |||
1.2.3 Required non-TOE Hardware/Software/Firmware | |||
2 Conformance Claims (ASE_CCL) | |||
3 Security Aspects | |||
4 Security Problem Definition (ASE_SPD) | |||
6 Extended Components Definition (ASE_ECD) | |||
7 Security Requirements (ASE_REQ) | |||
8 TOE summary specification (ASE_TSS) | |||
13 Legal information | |||