FPT_BDP_EXT_change - Githubissues

biometricITC / cPP-biometrics

Contains the development of a Collaborative Protection Profile for biometrics

MIT License

10 stars 2 forks source link

FPT_BDP_EXT_change #334

Closed n-kai closed 3 years ago

n-kai commented 3 years ago

I agree with FPT_BDP_EXT with the following changes.

Application note of FPT_BDP_EXT.1.1 is moved to one of FCS_CKM_EXT.4 because it's about the destruction of biometric data and I see very similar description for REK there.
Add FPT_AEX_EXT.4.3 to modified SFR because, as NIAP commented, mobile device itself have to provide the SEE.
Modify FPT_BDP_EXT based on introduction of FPT_AEX_EXT.4.3

woodbe commented 3 years ago

@n-kai I am worried about adding FPT_AEX_EXT.4.3 to the MDF. While it makes sense, I don't know that I would see this as a refinement of an existing requirement. The MDF basically dances around the requirement that there needs to be something separate from the main OS (as seen before, the only mentions I could come up with that point to it are that the REK needs to be isolated and some vague mumbo-jumbo about protecting keys).

This could be something that we push for as an MDF 3.3 update itself, but we would need to talk with NIAP about that.

I'm good with the FCS_CKM app note.

I guess we could go this way and see what NIAP says, holding the FTP_TRP option as a backup.

n-kai commented 3 years ago

@woodbe The reason why I added FPT_AEX_EXT.4.3 is that adding this requirement can address the following NIAP comment in a better way than FTP_TRP option. But I agree that we would need to talk with NIAP about this.

Section 8.3, FPT_BDP_EXT.x: These requirements are written with respect to a Security Execution Environment. Since this is a PP-Module, there should be some verification that the Base PP requires a Security Execution Environment--in this way, the assurance activities can be written in a more objective way.

woodbe commented 3 years ago

@n-kai So that is why I re-wrote the secure execution environment into the separate execution environment as that matched with some of the language in the MDF. I think that FPT_AEX_EXT.4 could be used for this as it is with some expansions to the app notes. The biometric system is really composed of software and the sensor that should be separate, so maybe the one thing that isn't noted in the app note is that some hardware may need to have restricted access as well. Overall though, I can see getting what we need out of the requirement as it is written, as long as it is understood how to interpret the biometrics system into what is there.

I'm inclined to not have the new SFR for the public review, and add a note that this is a question to be specifically answered (and maybe create a specific issue for it to point the reviewers to for discussion).

n-kai commented 3 years ago

@woodbe OK, I will remove FPT_AEX_EXT.4.3 and add some text to App note.

n-kai commented 3 years ago

@woodbe Thank you. You have already done by #335.