[redhat-lspp] Requirements gathering

Emily Ratliff emilyr at us.ibm.com
Wed May 25 18:08:47 UTC 2005 





Hi James,

Thanks for kicking off this effort and this list of work items. It covers
much of what we had "submitted via IT", just in a slightly different
format. I'll take a stab at mapping the below list to the LSPP functional
requirements which is how we had formatted the submitted list.

James Morris wrote on 05/23/2005 02:20:30 PM:

> That is, enough MLS support to allow the distro to be certified
LSPP/EAL4+
> and also to be procurable.  Initially, we'd likely want to limit the
scope
> of MLS coverage to a minimal, server oriented system, suitable for
> developing into guards and similar types of products.  An MLS desktop is
> too far off, and we're not sure if it's something we want to get involved
> at all, in any case.  We'd also like to think about SLOS and MLOS down
the
> track, with LSPP as a stepping stone.
We definitely agree with this approach. We would like to target the
evaluation to meet the CAPP, LSPP and RBAC protection profiles. Including
CAPP & RBAC has implications on test execution as well as policy design.


> 1) Standard/reference MLS policy (for Fedora initially).
Many of the LSPP functional requirement have implications on what is in the
MLS policy.

> 5) Updated applications (e.g. MTA?).
MTA - labeled export - FDP_ETC.2

> 6) Directory polyinstantiation (via namespaces?).
FDP_IFC.1

> 7) Labeled networking (via IPsec).
FDP_ETC.2

> 10) Labeled printing.
FDP_ETC.2

> 12) Network filesystem support: not needed for LSPP but SMB probably
> useful, less complicated than NFS.
Agree with comment here and Frank, would prefer to postpone this to a later
evaluation and focus on achieving LSPP first.

> 14) Updated audit support.
FAU_GEN.[1|2], FAU_SEL.1, FAU_SAR.[1|2|3]

> 15) Better revocation (e.g. for mmap'd files).
Also immediate termination of user's session when account is revoked.
FMT_REV.1

> 16) Extension of RBAC support has been discussed.
Implications on audit, role management, and FPT_TST.1 - a self-test utility
(TSF analog to AMTU).

17) SELinux and MLS testing (test case development) at the EAL4 level

18) Usability of the final solution

19) Evidence creation (HLD, LLD, FSP, Correspondence, VA, admin & user
guides, test plan)


Emily

Emily Ratliff
IBM Linux Technology Center, Security
CISSP #51839
512-838-0409 (T/L 678-0409)
emilyr at us.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20050525/89c0a077/attachment.htm>

More information about the redhat-lspp mailing list