|
|
|
| 1: | The issue of binding assurance requirements to functional requirements versus treating them as mutually exclusive sets has been debated over the years. Which approach do you think is preferable, and why? |
| 2: | What are the values of doing formal evaluation? What do you see as the drawbacks of evaluation? |
| 3: | Recall that "criteria creep" is the process of refining evaluation requirements as the industry gains experience with them, making the evaluation criteria something of a moving target. (See Section 21.2.4.2.) This issue is not confined to the TCSEC, but rather is a problem universal to all evaluation technologies. Discuss the benefits and drawbacks of the CC methodology for handling criteria creep. |
| 4: | What are the conceptual differences between a reference validation mechanism, a trusted computing base, and the TOE Security Functions? |
| 5: | Choose a Common Criteria protection profile and a security target of a product that implements that profile (see the Common Criteria Web site [211]). Identify the differences between the PP and the ST that implements the PP. |
| 6: | Identify the specific requirements in the Common Criteria that describe a reference validation mechanism. Hint: Look in both security functional classes and security assurance classes. |
| 7: | Use the Common Criteria to write security requirements for identifying the security functional and assurance requirements that define a security policy that implements the Bell-LaPadula Model. |
| 8: | Map the assurance requirements of the TCSEC (as defined in this chapter) to the assurance requirements of the ITSEC and the CC. Map the ITSEC assurance requirements to the CC assurance requirements. |
| 9: | Map the security functional requirements of the CC to the functional requirements of the TCSEC (as described in this chapter). |
| 10: | Describe a family of security functional requirements that is not covered in the Common Criteria. Using the CC style and format, develop several requirements. |
|
|
|
| Top |