Ricoh Aficio MP 5002 - 5 Extended Components Definition; Restricted Forwarding of Data to External Interfaces (FPT_FDI

To Next Page

To Previous Page

Page 46 of 93

5 Extended Components Definition

This section describes Extended Components Definition.

5.1 Restricted forwarding of data to external interfaces (FPT_FDI_EXP)

Family behaviour

This family defines requirements for the TSF to restrict direct forwarding of information from one external

interface to another external interface.

Many products receive information on specific external interfaces and are intended to transform and process

this information before it is transmitted on another external interface. However, some products may provide

the capability for attackers to misuse external interfaces to violate the security of the TOE or devices that are

connected to the TOE's external interfaces. Therefore, direct forwarding of unprocessed data between

different external interfaces is forbidden unless explicitly allowed by an authorized administrative role. The

family FPT_FDI_EXP has been defined to specify this kind of functionality.

Component levelling:

FPT_FDI_EXP: Restricted forwarding of data to external interfaces 1

FPT_FDI_EXP.1 Restricted forwarding of data to external interfaces provides for the functionality to require

TSF controlled processing of data received over defined external interfaces before these data are sent out on

another external interface. Direct forwarding of data from one external interface to another one requires

explicit allowance by an authorized administrative role.

Management: FPT_FDI_EXP.1

The following actions could be considered for the management functions in FMT:

a) Definition of the role(s) that are allowed to perform the management activities

b) Management of the conditions under which direct forwarding can be allowed by an administrative role

c) Revocation of such an allowance

Audit: FPT_FDI_EXP.1

There are no auditable events foreseen.

Rationale:

Quite often, a TOE is supposed to perform specific checks and process data received on one external

interface before such (processed) data are allowed to be transferred to another external interface. Examples

Ricoh Aficio MP 5002 - 5 Extended Components Definition; Restricted Forwarding of Data to External Interfaces (FPT_FDI_EXP)