Assurance measures: ADO (a.k.a. input to the debsign discussion)

To: Adamantix developers <developers-l@adamantix.org>, debian-devel <debian-devel@lists.debian.org>
Subject: Assurance measures: ADO (a.k.a. input to the debsign discussion)
From: Magosányi Árpád <mag@bunuel.tii.matav.hu>
Date: 02 Dec 2003 09:59:01 +0100
Message-id: <[🔎] 1070355541.5515.19.camel@kusturica>

Hi! 


Uups, yesterday I have forgot ACM_SCP.
Today's issue is about ADO.


ACM_SCP.3 Development tools CM coverage (appears at EAL5) 
ACM_SCP.3.1D  The developer shall provide a list of 
configuration items for the TOE. 
(dpkg -l) 
ACM_SCP.3.1C  The list of configuration items shall include the 
following: implementation  representation; security flaws; 
development tools and related information; and the 
evaluation evidence required by the assurance components 
in the ST. 
(debian contains all the sources, the tools needed to compile 
itself, the documentation of both the tools and the policy. 
Maybe the DSA reports have no package yet, but it should be 
easy to create one.

ADO_DEL.3 Prevention of modification (appears at EAL7)
(the current deb signing discussion aims at this requirements)
ADO_DEL.3.1D  The developer shall document procedures for delivery of
	the TOE or parts of it to  the user.
	(this is done in multiple documents)
ADO_DEL.3.2D  The developer shall use the delivery procedures.
	(this is the case)
ADO_DEL.3.1C  The delivery documentation shall describe all procedures
	that are necessary to  maintain security when distributing
	versions of the TOE to a user's site.
	(not everything is here, but arguably nearly all steps are
	done)
ADO_DEL.3.2C  The delivery documentation shall describe how the various
	procedures and technical measures provide for the prevention of
	modifications, or any discrepancy between the developer's
	master copy and the version received at the user site.
	(if there is no such description, it can easily compiled from
	the debsign thread)
ADO_DEL.3.3C  The delivery documentation shall describe how the various
	procedures allow detection of attempts to masquerade as the
	developer, even in cases in which the  developer has
	sent nothing to the user's site.
	(this will eventually be an option to apt, I guess)

ADO_IGS.2 Generation log (not appears even at EAL7)
ADO_IGS.2.1D  The developer shall document procedures necessary for the
	secure installation, generation, and start-up of the TOE.
	(several guides)
ADO_IGS.2.1C  The installation, generation and start-up documentation
	shall describe the steps necessary for secure installation,
	generation, and start-up of the TOE.
	(I guess they describe those steps. If not, a quick rereading
	would insert the necessary notes.)
ADO_IGS.2.2C  The installation, generation and start-up documentation
	shall describe procedures capable of creating a log containing
	the generation options used to generate the TOE in such a way
	that it is possible to determine exactly how and when the TOE
	was generated.
	(The build log created by debuild is even more than that)

>From the next issue: Class ADV (development), or what we are really bad
	at, part 1?

-- 
GNU GPL: csak tiszta forrásból

Reply to:

Prev by Date: libvorbis-dev missing from sarge
Next by Date: Re: [custom] Re: Custom Debian Distributions
Previous by thread: libvorbis-dev missing from sarge
Next by thread: Assurance measures: ADV (what we are really bad at)
Index(es):
- Date
- Thread