Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series

Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target

Page 68 of 85

O.RESIDUAL_

INFORMATION

The TOE will ensure that

any information contained

in a protected resource

within its Scope of Control

is not released when the

resource is reallocated.

FDP_RIP.1(1)

FCS_CKM_EXP.2

FCS_CKM.4

FDP_RIP.1 is used to ensure the contents of

resources are not available once the resource

is reallocated. For this TOE it is critical that the

memory used to build network packets is

either cleared or that some buffer

management scheme be employed to prevent

the contents of a packet being disclosed in a

subsequent packet (e.g., if padding is used in

the construction of a packet, it must not

contain another user’s data or TSF data).

FCS_CKM_EXP.2 places requirements on

how cryptographic keys are managed within

the TOE. This requirement places restrictions

in addition to FDP_RIP.1, in that when a

cryptographic key is moved from one location

to another (e.g., calculated in some scratch

memory and moved to a permanent location)

that the memory area is immediately cleared

as opposed to waiting until the memory is

reallocated to another subject.

FCS_CKM.4 applies to the destruction of

cryptographic keys used by the TSF. This

requirement specifies how and when

cryptographic keys must be destroyed. The

proper destruction of these keys is critical in

ensuring the content of these keys cannot

possibly be disclosed when a resource is

reallocated to a user.

O.SELF_PROTECTION

The TSF will maintain a

domain for its own

execution that protects

itself and its resources

from external interference,

tampering, or unauthorized

disclosure.

FPT_SEP.1(1)

FPT_RVM.1(1)

FPT_SEP.1(1) was chosen to ensure the TSF

provides a domain that protects itself from

untrusted users. If the TSF cannot protect

itself it cannot be relied upon to enforce its

security policies.

FPT_RVM.1(1) ensures that the TSF makes

policy decisions on all interfaces that perform

operations onsubjects and objects that are

within the scope of the policies. Without this

non-bypassability requirement,the TSF could

not be relied upon to completely enforce the

security policies, since an interface(s) may

otherwise exist that would provide a user with

access to TOE resources (including TSF data

and executable code) regardless of the

defined policies. This includes controlling the

accessibility to interfaces, as well as what

access control is provided within the

interfaces.