search

commoncriteria / sdn-controller

Protection Profile for Software Defined Networking Controllers
The Unlicense
3 stars 0 forks source link

ESR, Assumption on trustworthy computing platform: explain with example #3

Open HolgerBlasumSYSGO opened 2 years ago

HolgerBlasumSYSGO commented 2 years ago

Referring to https://commoncriteria.github.io/pp/sdn-controller/sdn-controller-esr.html, in Section "Assumptions"

OLD

"* The SDN Controller relies on a trustworthy computing platform for its execution and it is assumed that the platform has not been compromised prior to the installation of the SDN Controller."

CHANGE TO (NEW)

"* The SDN Controller relies on a trustworthy computing platform for its execution and it is assumed that the platform has not been compromised prior to the installation of the SDN Controller. For example, the effectiveness of non-interference and strict information flow control of an SDN controller will typically depend on the effectiveness of an underlying (embedded) operating system or hypervisor to provide non-interference and controlled information flow."

Rationale

For clarity, give an example of some of the security properties (strict information flow control, non-interference) which rely on the underlying platform. (As discussed on our October group call, technically, having strong assumptions is a good thing, as it encourages building modular systems, e.g. using a CC certified OS.)

njgengo commented 2 years ago

Thank you for the input. Requesting the Edit Team to apply your input to the ESR below:

To the ESR Edit Team, please do the following changes to the ESR (change is direct quote, credited to HolgerBlasumSYSGO): OLD: "The SDN Controller relies on a trustworthy computing platform for its execution and it is assumed that the platform has not been compromised prior to the installation of the SDN Controller."

CHANGE TO (NEW): "The SDN Controller relies on a trustworthy computing platform for its execution and it is assumed that the platform has not been compromised prior to the installation of the SDN Controller. For example, the effectiveness of non-interference and strict information flow control of an SDN controller will typically depend on the effectiveness of an underlying (embedded) operating system or hypervisor to provide non-interference and controlled information flow."

jfisherbah commented 2 years ago

change made 11/29, will be reflected in latest build