This class is intended to specify the management of several aspects of the TSF: security attributes, TSF data and functions. The different management roles and their interaction, such as separation of capability, can be specified.
This class has several objectives:
a) management of TSF data, which include, for example, banners;
b) management of security attributes, which include, for example, the Access Control Lists, and Capability Lists;
c) management of functions of the TSF, which includes, for example, the selection of functions, and rules or conditions influencing the behaviour of the TSF;
d) definition of security roles.
Figure 8.1 - Security management class decomposition