Assurance measures: ADO (a.k.a. input to the debsign discussion)
Hi!
Uups, yesterday I have forgot ACM_SCP.
Today's issue is about ADO.
ACM_SCP.3 Development tools CM coverage (appears at EAL5)
ACM_SCP.3.1D The developer shall provide a list of
configuration items for the TOE.
(dpkg -l)
ACM_SCP.3.1C The list of configuration items shall include the
following: implementation representation; security flaws;
development tools and related information; and the
evaluation evidence required by the assurance components
in the ST.
(debian contains all the sources, the tools needed to compile
itself, the documentation of both the tools and the policy.
Maybe the DSA reports have no package yet, but it should be
easy to create one.
ADO_DEL.3 Prevention of modification (appears at EAL7)
(the current deb signing discussion aims at this requirements)
ADO_DEL.3.1D The developer shall document procedures for delivery of
the TOE or parts of it to the user.
(this is done in multiple documents)
ADO_DEL.3.2D The developer shall use the delivery procedures.
(this is the case)
ADO_DEL.3.1C The delivery documentation shall describe all procedures
that are necessary to maintain security when distributing
versions of the TOE to a user's site.
(not everything is here, but arguably nearly all steps are
done)
ADO_DEL.3.2C The delivery documentation shall describe how the various
procedures and technical measures provide for the prevention of
modifications, or any discrepancy between the developer's
master copy and the version received at the user site.
(if there is no such description, it can easily compiled from
the debsign thread)
ADO_DEL.3.3C The delivery documentation shall describe how the various
procedures allow detection of attempts to masquerade as the
developer, even in cases in which the developer has
sent nothing to the user's site.
(this will eventually be an option to apt, I guess)
ADO_IGS.2 Generation log (not appears even at EAL7)
ADO_IGS.2.1D The developer shall document procedures necessary for the
secure installation, generation, and start-up of the TOE.
(several guides)
ADO_IGS.2.1C The installation, generation and start-up documentation
shall describe the steps necessary for secure installation,
generation, and start-up of the TOE.
(I guess they describe those steps. If not, a quick rereading
would insert the necessary notes.)
ADO_IGS.2.2C The installation, generation and start-up documentation
shall describe procedures capable of creating a log containing
the generation options used to generate the TOE in such a way
that it is possible to determine exactly how and when the TOE
was generated.
(The build log created by debuild is even more than that)
>From the next issue: Class ADV (development), or what we are really bad
at, part 1?
--
GNU GPL: csak tiszta forrásból
Reply to: