Ricoh Aficio MP 3350B Security Target - Page 33

Access Violation to the Protected Assets Stored in the TOE

Get Ricoh Aficio MP 3350B PDF manuals and user guides View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 33 highlights

Page 33 of 83 A.SUPERVISOR (Supervisor's Assumption) A.SUPERVISOR presupposes that the Supervisor has adequate knowledge to operate the TOE securely in the role assigned to him/her, and does not carry out any malicious acts using Supervisor permissions. By OE.SUPERVISOR, Responsible Manager for MFP selects a trusted person as the Supervisor and provides the Supervisor with the education programmes according to the role of Supervisor. Therefore, A.SUPERVISOR is accomplished. A.NETWORK (Assumption of Network Connections) A.NETWORK presupposes that the Internal Networks are protected from the External Networks when the TOE-connected networks are connected to the External Networks such as the Internet. By OE.NETWORK, when connecting the Internal Networks, to which the TOE is connected, to the External Networks such as the Internet, the organisations that manage the operation of the Internal Networks close the unnecessary ports between the External and Internal Networks. Therefore, A.NETWORK is accomplished. T.ILLEGAL_USE (Malicious Usage of the TOE) To counter this threat, the TOE performs identification and authentication of users with O.I&A prior to their use of the TOE security functions, and allows the successfully authenticated user to use the functions for which the user has the operation permission. In addition, the TOE records the performance of O.I&A as audit logs by O.AUDIT, and provides only the Machine Administrator with the function to read the audit logs so that the Machine Administrator detects afterwards whether or not there was security intrusion of O.I&A. Therefore, the TOE can counter T.ILLEGAL_USE. T.UNAUTH_ACCESS (Access Violation to the Protected Assets Stored in the TOE) To counter this threat, the TOE allows the authorised users identified by O.I&A to access to the Document Data according to the operation permission on Document Data that are assigned to the authorised users' roles and the authorised users by O.DOC_ACC. Specifically, if the authorised user is the General User, the TOE allows the General User to perform operations on Document Data according to the operation permissions for the Document Data that are assigned to the General User, and if the authorised user is the File Administrator, the TOE allows the File Administrator to delete the Document Data stored in D-BOX. Therefore, the TOE can counter T.UNAUTH_ACCESS. T.ABUSE_SEC_MNG (Abuse of Security Management Function) To counter this threat, the TOE allows the users who are successfully authenticated with O.I&A to use the TOE security functions. The TOE also restricts the specific users to manage the security functions behaviour, TSF data, and security attributes by O.MANAGE. In addition, the performance of O.I&A and O.MANAGE is recorded as audit logs by O.AUDIT, and the function to read audit logs is only provided to the Machine Administrator so that the Machine Administrator detects afterwards whether or not there were security intrusion of O.I&A and O.MANAGE. Therefore, the TOE can counter T.ABUSE_SEC_MNG. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 33 of 83
A.SUPERVISOR
(Supervisor's Assumption)
A.SUPERVISOR presupposes that the Supervisor has adequate knowledge to operate the TOE securely in
the role assigned to him/her, and does not carry out any malicious acts using Supervisor permissions.
By OE.SUPERVISOR, Responsible Manager for MFP selects a trusted person as the Supervisor and
provides the Supervisor with the education programmes according to the role of Supervisor. Therefore,
A.SUPERVISOR is accomplished.
A.NETWORK
(Assumption of Network Connections)
A.NETWORK presupposes that the Internal Networks are protected from the External Networks when the
TOE-connected networks are connected to the External Networks such as the Internet.
By OE.NETWORK, when connecting the Internal Networks, to which the TOE is connected, to the External
Networks such as the Internet, the organisations that manage the operation of the Internal Networks close the
unnecessary ports between the External and Internal Networks. Therefore, A.NETWORK is accomplished.
T.ILLEGAL_USE
(Malicious Usage of the TOE)
To counter this threat, the TOE performs identification and authentication of users with O.I&A prior to their
use of the TOE security functions, and allows the successfully authenticated user to use the functions for
which the user has the operation permission. In addition, the TOE records the performance of O.I&A as audit
logs by O.AUDIT, and provides only the Machine Administrator with the function to read the audit logs so
that the Machine Administrator detects afterwards whether or not there was security intrusion of O.I&A.
Therefore, the TOE can counter T.ILLEGAL_USE.
T.UNAUTH_ACCESS
(Access Violation to the Protected Assets Stored in the TOE)
To counter this threat, the TOE allows the authorised users identified by O.I&A to access to the Document
Data according to the operation permission on Document Data that are assigned to the authorised users' roles
and the authorised users by O.DOC_ACC. Specifically, if the authorised user is the General User, the TOE
allows the General User to perform operations on Document Data according to the operation permissions for
the Document Data that are assigned to the General User, and if the authorised user is the File Administrator,
the TOE allows the File Administrator to delete the Document Data stored in D-BOX.
Therefore, the TOE can counter T.UNAUTH_ACCESS.
T.ABUSE_SEC_MNG
(Abuse of Security Management Function)
To counter this threat, the TOE allows the users who are successfully authenticated with O.I&A to use the
TOE security functions. The TOE also restricts the specific users to manage the security functions behaviour,
TSF data, and security attributes by O.MANAGE. In addition, the performance of O.I&A and O.MANAGE
is recorded as audit logs by O.AUDIT, and the function to read audit logs is only provided to the Machine
Administrator so that the Machine Administrator detects afterwards whether or not there were security
intrusion of O.I&A and O.MANAGE.
Therefore, the TOE can counter T.ABUSE_SEC_MNG.
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.