Specifications
Samsung MFP Security Kit Type_B V1.5 Security Target
37
Copyright
2010 Samsung Electronics Co., Ltd., All rights reserved
3 Definition of Security Problems
3.1 Threats
Threat agents are IT entities or users that can adversely access the
internal asset or harm the internal asset in an abnormal way. The threat
agents are assumed in this ST to have low-level of expertise, resources,
and motivation. The threats that described in this chapter will be resolved
by security objectives in chapter 4.
T.TOE_ACCESS_ON_NETWORK
The threat agents may attempt outflow, removal, or camouflaging/forgery
of user data and TSF data stored on MFP through network access by using
well-known protocol and ports.
T.DATA_ACCESS
The threat agents may attempt unauthorized removal or camouflage /
forgery of a preserved file on MFP’s hard disk drive.
T.RECOVER
The threat agent(s) attempts to recover a deleted image file or preserved
file using a commercial tool to open a preserved file and image file of the
TOE.
T.CERTIFICATION_TRIAL_IN_A_ROW
In order to approach the TOE, the threat agent(s) attempts to
authenticate continuously and gain access level of an authorized
administrator.
T.CHANGE_AND_READ_STORAGE_DATA
The threat agents may outflow or change stored image data and
configuration data on the HDD after moving the HDD from the MFP to the
outside.
T.UNAUTHORIZED_ACCESS_ON_TOE
The threat agent(s) may attempt to access the management functions of
the TOE in an unauthorized way or change the TOE setting value by an
unauthorized way and set up new values.
T. INFAX
The threat agents may access the TOE or a component in the internal
network via fax line to add malicious code.