Family behaviour
This family ensures that a user may use a resource or service without others, especially third parties, being able to observe that the resource or service is being used.
Component levelling
FPR_UNO.1 Unobservability requires that users and/or subjects cannot determine whether an operation is being performed.
FPR_UNO.2 Allocation of information impacting unobservability requires that the TSF provide specific mechanisms to avoid the concentration of privacy related information within the TOE. Such concentrations might impact unobservability if a security compromise occurs.
FPR_UNO.3 Unobservability without soliciting information requires that the TSF does not try to obtain privacy related information that might be used to compromise unobservability.
FPR_UNO.4 Authorised user observability requires the TSF to provide one or more authorised users with a capability to observe the usage of resources and/or services.
Management: FPR_UNO.1, FPR_UNO.2
The following actions could be considered for the management functions in FMT:
a) the management of the behaviour of the unobservability function.
Management: FPR_UNO.3
There are no management activities foreseen for these components.
Management: FPR_UNO.4
The following actions could be considered for the management functions in FMT:
a) the list of authorised users that are capable of determining the occurence of operations.
Audit: FPR_UNO.1, FPR_UNO.2
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:
a) Minimal: The invocation of the unobservability mechanism.
Audit: FPR_UNO.3
There are no actions identified that should be auditable if FAU_GEN Security Audit Data Generation is included in the PP/ST.
Audit: FPR_UNO.4
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:
a) Minimal: The observation of the use of a resource or service by a user or subject.