AVA_CCA.3 Exhaustive covert channel analysis
Objectives
The objective is to identify covert channels that are identifiable, through an exhaustive search for covert channels.
Application notes
Performing a covert channel analysis in an exhaustive way requires that additional evidence be provided that the plan that was followed for identifying covert channels is sufficient to ensure that all possible ways for covert channel exploration have been exercised.
Dependencies:
ADV_FSP.2 Fully defined external interfaces
ADV_IMP.2 Implementation of the TSF
AGD_ADM.1 Administrator guidance
AGD_USR.1 User guidance
Developer action elements:
AVA_CCA.3.1D The developer shall conduct a search for covert channels for each information flow control policy.
AVA_CCA.3.2D The developer shall provide covert channel analysis documentation.
Content and presentation of evidence elements:
AVA_CCA.3.1C The analysis documentation shall identify covert channels and estimate their capacity.
AVA_CCA.3.2C The analysis documentation shall describe the procedures used for determining the existence of covert channels, and the information needed to carry out the covert channel analysis.
AVA_CCA.3.3C The analysis documentation shall describe all assumptions made during the covert channel analysis.
AVA_CCA.3.4C The analysis documentation shall describe the method used for estimating channel capacity, based on worst case scenarios.
AVA_CCA.3.5C The analysis documentation shall describe the worst case exploitation scenario for each identified covert channel.
AVA_CCA.3.6C The analysis documentation shall provide evidence that the method used to identify covert channels is exhaustive.
Evaluator action elements:
AVA_CCA.3.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
AVA_CCA.3.2E The evaluator shall confirm that the results of the covert channel analysis show that the TOE meets its functional requirements.
AVA_CCA.3.3E The evaluator shall selectively validate the covert channel analysis through testing.