5. CC ToolBox Use of the Knowledge Base

This section is intended for those who will be using both the knowledge base and the CC Toolbox. Section 5.1 explains how the CC Toolbox makes use of the knowledge base, and Section 5.2 shows how to port new versions of the knowledge base to the CC Toolbox
 

5.1 How the CC ToolBox Uses the Knowledge Base

This section is organized around the seven main tabs of the CC Toolbox interface, i.e., the Environment Interview, Context, Component Interview, Allocation, Elaboration, EAL, and Report tabs.  However, the Elaboration and EAL tabs do not play a significant role in utilization of the knowledge base. 

In addition to the main tabs, there is a pop-up tab for Objectives.  In any tab where an objective is listed, you may get this pop-up tab by double clicking on an Objective (or by selecting the Objective, right clicking, and selecting Show Detail). 
 

5.1.1 Environment Interview Tab

In the Environment Interview, the knowledge base categories and the organization provided by the Prompts hierarchy (see Section 4.3) allow for efficiency in interviewing you about relevant environmental aspects.  For example, if some threat agents are not a concern for a particular PP, a large number of threats involving those agents may be immediately skipped over. 

Table 5-1 lists the panes of the Environment Interview tab and shows which knowledge base tables and fields are displayed in each pane.

Table 5-1.  Origin of Environment Interview Data

Pane

Table(s)

Field(s)

Prompt Prompts PromptString
Answer Options Prompts AnswerList
Detail / Identifier Prompts Environment statement identifier
Detail / Descriptive Name,
Detail / Description
Category or Environment table for selected answer from Prompts AnswerList Descriptive Name,
Description field
Detail / Guidance
     Selection Guidance
 
     Implementation Guidance
Environment table for selected nontrivial answer
Selection Guidance
,
Coverage Rationale
Detail / Objective List Mapping table for selected environment statement,
Objectives
Identifier key field,
Descriptive name
Description field
Unnamed Bottom Pane Prompts PromptStrings

5.1.2 Context Tab

The information for this tab is taken primarily from environment-statement tables (see Sections 4.1.5, 4.1.6, 4.1.7) and from detail tables (see Sections 4.1.8, 4.1.9), with additional related information from Objectives (see Section 4.1.10) and other tables depending on what item is highlighted.

Table 5-2 treats the case where a general environment statement is highlighted.  The additional information comes from the mapping queries that link the environment statement to Objectives (see Sections 4.2.10 and 4.2.11).

If an environment statement is selected, clicking on a "" icon in the Context tab changes the icon to "" and reveals those detailed statements that are linked to the environment statement by its mapping table (see Sections 4.2.5, 4.2.6).  Table 5-3 treats the case where a detailed environment statement has then been selected.

Table 5-2.  Origin of Context Data for a General Environment Statement

Pane

Tables or Queries

Field(s)

Top left pane Objectives Identifier key field,
Descriptive name
Policies,
Threats,
Assumptions
General Policy Statements,
General Threats,
General Assumptions
Identifier key field,
Descriptive name
Above, with Filter 1 Above restricted to PP-selected items amplified via the Attributes table Identifier key field,
Descriptive name
Above, with Filter 2 Above restricted to interview-selected items amplified via the Attributes table Identifier key field,
Descriptive name
Policy, Threat, or Assumption Detail Table associated with selected item Identifier key field,
Descriptive name
Description field
Guidance /
   Selection Guidance
Table associated with selected item Selection Guidance
Guidance /
   Implementation Guidance
Table associated with selected item Coverage Rationale
Objective List General Policy / Objective Mapping Query,

Threat / Objective Mapping Query,

Objectives

Objective key field,
Descriptive name

 

As explained in Sections 4.1.8 and 4.1.9, Detailed Attacks and Policies play a crucial role by supporting the security analyses used to justify knowledge base content.  For the same reason, they play a major role in the CC Toolbox, both in selecting Objectives and in building Rationale.  Table 5-3 shows how they relate to Objective selection.  Section 5.1.7 explains how they are used in building the Rationale.

Table 5-3.  Origin of Context Data for a Detailed Environment Example

Pane

Tables or Queries

Field(s)

Top left pane Objectives Identifier key field,
Descriptive name
Top right pane Detailed environment statement table Identifier key field
Select an Objective and a Detailed Example from the above two panes; in the upper right pane, right click on Objective Usage.
     Objective Application
     Objective Component
          Application
     Objective Application
          Rationale
Mappings from detailed statements to Objectives






Objective Application,
X-Ray Component Application,
Objective Application Rationale
Lower left pane; Policies, Threats, Assumptions Detailed environment statement table Identifier key field,
Descriptive name
Lower right pane
* Detail, * Example tabs
Table associated with selected item Identifier key field,
Descriptive name,
Description field
Lower right pane
Guidance /
   Selection Guidance
Table associated with selected item

Selection Guidance
Lower right pane Guidance /
     Implementation
          Guidance
Table associated with selected item

Safeguard Application,
Countermeasure Application
Lower right pane Objective List Mappings from detailed statements to Objectives,

Objectives

Objective key field,
Descriptive name

5.1.3 Component Interview Tab

The Component Interview tab draws primarily on the Common Criteria for component names, but also makes use of the CC-Extending tables if available (see Section 4.5).  In addition, this tab includes an Objectives pane that may contain information from the Objectives table (see Section 4.1.10).

Table 5-4.  Origin of Component Interview Data

Pane

Tables or Queries

Field(s)

Top left pane
Prompt
CC-Extending tables (plus other CC Toolbox prompts) Prompt for PP Report,
Prompt for ST Report
Bottom left pane
Functional Components,
Assurance Components
CC-Extending tables (plus CC Class, Family, and Component names) Identifier key field,
Descriptive Name,
(Parent table field)
Top right pane
Elements
CC-Extending Elements (plus CC Element descriptions) Element Identifier,
Element Description,
Containing Component
Top right pane
Dependencies
(Common Criteria) (Not supported)
Top right pane
Mapped Objectives
Objectives Identifier key field,
Descriptive Name
Select a Component, right click on Component Usage.
     Component Application
Objective/Component Mapping


Component Application

5.1.4 Allocation Tab

This tab uses knowledge-base information in essentially the same way as the Component Interview tab. 

The Allocation tab draws primarily on the Common Criteria for component names, but also makes use of the CC-Extending tables if available (see Section 4.5).  In addition, this tab includes an Objectives pane that may contain information from the Objectives table (see Section 4.1.10), as well as a pop-up menu.  The pop-up menu may provide component-usage information from the Objective/Component Mapping, Detailed Policy Statement/Objective Mapping, and Attack/Objective Mapping tables (see Sections  4.2.9, 4.2.8, and 4.2.7, respectively).

Table 5-5.  Origin of Allocation Data

Pane

Tables or Queries

Field(s)

Top left pane
Security Objectives
Objectives Identifier key field,
Descriptive Name
Top right pane
TOE, Non-TOE sub-panes
CC Components, CC-Extending Components Identifier key field
Top right pane
Elements
CC-Extending Elements (plus CC Element descriptions) Element Identifier,
Element Description,
Containing Component
Top right pane
Dependencies
(Common Criteria) (Not supported)
Top right pane
Mapped Objectives
Objectives Identifier key field,
Descriptive Name
Select an Objective, select a Component, right click on Component Usage.
     Component Application
     Component Application
          Rationale

     Detailed stmt ID
          Objective
             Application


          Objective
            Component
            Application


          Objective
            Application
            Rationale

Objective/CC Component Mapping






Mapping table linking detailed statement to Objectives




Component Application
Component Application Rationale




Objective Application



X-Ray Component Application




Objective Application Rationale

5.1.5 Elaboration Tab

The knowledge base does not play a significant role in the workings of the Elaboration tab.  However, a Component Usage pop-up tab is available that provides information from the knowledge base:

Table 5-6. Component Usage data in the Elaboration tab 

Pane

Tables or Queries

Field(s)

Select a Component, right click on Component Usage.

  Objective ID
     Component Application
     Component Application
          Rationale

     Detailed stmt ID
          Objective
             Application


          Objective
            Component
            Application


          Objective
            Application
            Rationale





Objective/CC Component Mapping



Mapping table linking detailed statement to Objectives





Component Application
Component Application Rationale




Objective Application


X-Ray Component Application



Objective Application Rationale

 

5.1.6 EAL Tab

The knowledge base does not play a significant role in the workings of the EAL tab.

 

5.1.7 Report Tab

Information from all major knowledge-base tables turns up in the PP and ST reports, in the sections indicated in Table 5-7.

Table 5-7.  Disposition of Knowledge-Base Data in PP Reports 

PP Section

Tables or Queries

Field(s)

1 - Introduction

The Knowledge Base does not contribute to this portion of the PP Report.

2 - TOE Description

The CC Toolbox does not place knowledge base information here, but this may be the best place for some General Assumptions.

3 - TOE Security Environment

The toolbox does not output category identifiers, names, or descriptions.  However, some of this information may be useful for organizing the Environment section of a PP.

3.1 - Secure Usage Assumptions General Assumptions Identifier key field,
Descriptive Name,
Description field
3.2 - Threats to Security General Threats. (In addition, some Detailed Attacks may be appropriate here.) Identifier key field,
Descriptive Name,
Description field
3.3 - Organisational Security Policies General Policy Statements(In addition, some Detailed Policy Statements may be appropriate here.) Identifier key field,
Descriptive Name,
Description field
4 - Security Objectives
4.1 - Security Objectives for the TOE
4.2 - Security Objectives for the Environment
Objectives Identifier key field,
Descriptive Name,
Description field
5 - IT Security Requirements
5.1 - TOE Security Functional Requirements

5.2 - TOE Security Assurance Requirements

5.3 - Security Requirements for the IT Environment
(CC Components),
CC-Extending Components

(CC Elements),
CC-Extending Elements

Identifier key field,
Descriptive Name

Identifier key field,
Element Description

5.4 - Security Requirements for the Non-IT Environment Not used.  However, some refinements of AGD_ADM and AGD_USR supplied by the knowledge base might be placed here.
6 - Rationale
Table 6-1 Tracing of Security Objectives to the TOE Security Environment Threat/Objective Mapping Query,

General Policy/Objective Mapping Query

Source key field,
Target key field
6.2.1 - Policies


DP ID as Title


Safeguard Application

Objective ID as Title
   


     
Objective
          Application
     Objective
          Component
          Application
     Objective
          Application
          Rationale
General Policy Statements Identifier key field,
Descriptive Name,
Description field
Detailed Policy Statements selected via the Detailed Policy Statement/Objective Mapping Identifier key field,
Descriptive Name, 
Description field,
Safeguard Application field

 
Objectives Identifier key field,
Descriptive Name,
Description field
Detailed Policy Statement/Objective Mapping Objective Application, 
 
X-Ray Component 
     Application,
 
 
 
Objective Application Rationale
 
6.2.2 - Threats



Attack ID as Title


Objective ID as Title

   


     Objective
          Application
     Objective
          Component
          Application
     Objective
          Application
          Rationale
General threats Identifier key field,
Descriptive Name,
Description field
Coverage rationale
Detailed Attacks selected via the Threat/Attack mapping Identifier key field,
Descriptive Name,
Description field,
Safeguard Application field
Supporting Objectives for each Attack Identifier key field,
Descriptive Name,
Description field
Attack/Objective Mapping Objective Application, 
 
X-Ray Component 
     Application,
 
 
 
Objective Application Rationale
 
Table 6-2 Functional Component to Security Objective Mapping Objective/Component Mapping Source key field,
Target key field
6.3.1, 6.3.2 - * Security Requirements Rationale
     
Implementation
          Application

Component ID as Title

     Component
          Application
     Component
          Application
          Rationale
Objectives Identifier key field,
Descriptive Name,
Description field,

Implementation Application
Objective/Component Mapping,
Related descriptive-name data
Target Identifier key field,
Descriptive Name,
Component Application,


Component Application Rationale
Table 6-4 Requirements to Objectives Mapping Objective/Component Mapping,
Related descriptive-name data
Source Identifier key field,
Target Identifier key field
6.6 - Rationale for Extensions CC-Extending Components Rationale

5.1.8 The Objective Pop-Up Tab

In any tab where an objective is listed, you may get this pop-up tab by double clicking on an Objective (or by selecting the Objective, right clicking, and selecting Show Detail).

Table 5-8.  Origin of Objective Pop-Up Data

Pane

Tables or Queries

Field(s)

Objective Detail Objectives Identifier key field,
Descriptive name
Description field
Guidance tab Objectives Objective-Selection Guidance,
Implementation Application
Component List Objective/Component Mapping,
All Components Query
Identifier key field,
Descriptive name
Select a Component, right click on Component Usage. Objective/Component Mapping Component Application
Component Application Rationale
Non IT This tab is not used.  Although the CC allows for non-IT requirements, we found it expedient to codify such requirements as refinements to documentation requirements, i.e., Components AGD_ADM.1 and AGD_USR.1.

 

5.2 Porting the Knowledge Base to the CC ToolBox

The knowledge base can be edited within the bounds specified in Sections 3 and 4 of this document and then used as a new source of domain knowledge for the CC ToolBox.  Once the knowledge base has been edited, it is stored in a transitional format that cannot be accessed directly by the CC ToolBox, which must then be transformed into another format.  The following sections describe all actions needed to transform the knowledge base into the appropriate format, first in a general way, then in terms of practical specifics.
 

5.2.1 Performing the Conversion - General Explanation

Figure 5-1 indicates how to edit the knowledge base and make it accessible to the CC ToolBox.  The action labeled Edit knowledge base represents interactions with the knowledge base that are required to create a new CC Profiling knowledge base for use with the CC ToolBox.  Information needed to perform the Edit knowledge base action is given above in Sections 4 and 5.1.  The resulting new knowledge base is depicted as the box labeled Knowledge base.

 

Figure 5-1:  Knowledge Source Conversion

The Dump Tables action transfers the knowledge base elements and relationships among those elements from the Knowledge base to a new Knowledge Source file.  This is a Java .properties file with the structure specified in Appendix A.5.4

Once the Knowledge Source has been created in the form of a .properties file, you interact with another program to transform it into a format that is accessible to the CC ToolBox.  This is represented in Figure 5-1, by the action Transform Source.  The results of this action are a new file, CCToolboxSouce, which contains serialized objects for use by the CC ToolBox.
 

5.2.2 Performing the Conversion in Version 1.0j

If you have version 1.0j of the knowledge base, the following steps will dump the knowledge base tables into a properties file:

5.2.3 Performing the Conversion in Older Versions

If you do not have version 1.0j, go to the Modules tab of the main MS Access Database window, double click on the BuildPropertySheet module, and run the DumpTables procedure.  We recommend giving the resulting file a unique name.  You can do this before running the DumpTables procedure by changing the constant DumpFilePrefix$, which is defined near the top of the BuildPropertySheet module.  If the knowledge base contains CC-Extending Components, you may set the ShowCCExtensions constant to True, in order to have them dumped and treated in the same way as ordinary CC Components.  The ShowCCExtensions constant is also defined at the beginning of the BuildPropertySheet module.

Perform the Transform Source action as follows, where CCTInstallDir is the main CC ToolBox installation directory, where the CC ToolBox and its various subdirectories are located.  For example if you installed the CC ToolBox in the folder D:\Programs\CCToolbox-V5, then CCTInstallDir is the folder D:\Programs\CCToolbox-V5

  1. Move or copy the Knowledge Source .properties file to the directory CCTInstallDir\Data\Environment\Source.  The transform program will expect to find it in that location.  Warning:  It is best not to overwrite an existing source file.  It could lead to being unable to recover a valued report data set file.  Either give your Knowledge Source file a unique name or move the existing Knowledge Source to a different location. 
  2. If the CC ToolBox is running, exit the toolbox.  Though interaction with the CC Toolbox should not be a problem, it is best to err on the side of caution. 
  3. From the CCTInstallDir, start the transforming program.  This can be done either by typing StartPDE on the command line in a DOS window or by finding and running StartPDE from the Windows Start Menu.
  4. The program will start and will display the names of all the .properties files in the CCTInstallDir\Data\Environment\Source directory.
  5. Select the appropriate Knowledge Source file and click the OK button.  The program will perform the transformation and display the results in two windows using MS NotePad (unless the default text viewer has been changed).  One window represents the outputs sent to the program's standard output channel and the other the outputs to the standard error channels.  Unless some errors are displayed, the next time you run the CC ToolBox, you should have access to your new Knowledge Source.

The following section explains the set of possible errors that may occur.
 

5.2.4 Conversion Errors

Table 5-7 explains the transformation errors that may appear in the standard error output display after step 5 of the above Transform Source action.  The first column identifies the error label, the second column expands on the problem encountered in the Knowledge Source, and the third column states what action(s) to take to correct the error.

Table 5-7:  Conversion Errors

Example Errors

Source Problem

Action

Could Not Find [X000001.EffectList]

This key was not found in the file.

Add this key and its value.

Did Find [O.Crypto_Extern_Depend.Components]
But It Has No Data

The key was found but there was no value following it.

Add the data if required.

No Agent Created For [P.Accountability.Agent_Types]=
[Human]

No threat agent was created because some of the required attributes were missing.

Add the required attribute.

AnswerList too short [A000004.AnswerList]=[Yes]

There must be at least two values in AnswerList.

Typically Yes and No.

Could Not Find [A.Forgot_To_Define]
But It Is In [A000005.EffectList]

All values for EffectList must be defined in this *-dk.properties file.

Define the missing category or remove it from the EffectList.

List sizes don't match [A000005.AnswerList]=[Trusted,  Hostile,  Negligent] and [A000005.EffectList]=[A.Well_Behaved_Admin, A.Hostile_Sys_Admin, A.Negligent_Admin, A.Forgot_To_Define]

The number of comma-separated values in AnswerList must equal the number of comma-separated values in EffectList.

Adjust the lists to match sizes.

Could Not Find [X000001.EffectList]

This EffectList key was not found in the file.

Add this key and its value.

Could Not Find [O.Not_Defined] But It Is In [P.Authorities.Objectives]

All values for Objectives must be defined in this *-dk.properties file.

Define the missing objective or remove it from the Objectives.

Could Not Find [DP.Not_Defined] But It Is In [P.Authorities.Examples]

All values for Examples must be defined in this *-dk.properties file.

Define the missing example or remove it from the Examples.

Could Not Find [Not_Def.1] But It Is In [O.AC_Admin_Limit.Components]

All values for Components must be defined by the Common Criteria or in this *-dk.properties file.

Define the missing component or remove it from the Components.

Could Not Find [F_Not_Def] but it is [F_PhysEnv_Cnf.Parent]

All values for Parent must be defined by the Common Criteria or in this *-dk.properties file.

Define the missing Parent.

Never Used [A.Acc_Ovrwrit_SysData.Forces]

This property key and value was not used.

Could indicate a problem like a typographical error.