From ff5b32440c50bbd3ddcb50889e030d0dbd3af89e Mon Sep 17 00:00:00 2001 From: Brian Wood Date: Fri, 10 Jun 2022 10:45:03 -0400 Subject: [PATCH 1/4] No TSFIs output plaintext data This is to close #371 --- Supporting Documents/BS_SD.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Supporting Documents/BS_SD.adoc b/Supporting Documents/BS_SD.adoc index fc581ef..83ce431 100644 --- a/Supporting Documents/BS_SD.adoc +++ b/Supporting Documents/BS_SD.adoc @@ -570,7 +570,7 @@ In any case, the evaluator shall examine the TSS to confirm that; * If a biometric capture sensor returns plaintext biometric data, any entities outside the SEE can’t access the sensor and data captured by the sensor -. All plaintext biometric data is retained in volatile memory within the SEE and any entities outside the SEE including the main computer operating system can’t access these data. Any TSFIs do not reveal plaintext biometric data to any entities outside the SEE +. All plaintext biometric data is retained in volatile memory within the SEE and any entities outside the SEE including the main computer operating system can’t access these data. No TSFIs exist that reveal plaintext biometric data to any entities outside the SEE The evaluator shall keep in mind that the objective of this EA is not evaluating the SEE itself. This EA is derived from ASE_TSS.1.1 which requires that the TSS and BMD to provide potential consumers of the TOE with a high-level view of how the developer intends to satisfy each SFR. The evaluator shall check the TSS and BMD to seek for a logical explanation how the above criteria are satisfied considering this scope of the requirement. @@ -590,7 +590,7 @@ Plaintext biometric data must not be accessible from any entities outside the SE [loweralpha] . The TOE must not expose the plain biometric data to the memory that is accessible by the operating system during the processing of biometric data. -. Any TSFIs that can output plain biometric data must not exist or be accessible by the operating system. +. Any TSFIs identified in the TSS that can output plaintext biometric data must not be accessible by the operating system. The evaluator shall perform the following tests to verify that both a) and b) described above are true. From d0566f88daf5d20e14eb6e0bac6ff44d5be386d8 Mon Sep 17 00:00:00 2001 From: Brian Wood Date: Fri, 10 Jun 2022 11:02:05 -0400 Subject: [PATCH 2/4] Update BS_SD.adoc further edits --- Supporting Documents/BS_SD.adoc | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/Supporting Documents/BS_SD.adoc b/Supporting Documents/BS_SD.adoc index 83ce431..f03de87 100644 --- a/Supporting Documents/BS_SD.adoc +++ b/Supporting Documents/BS_SD.adoc @@ -570,7 +570,7 @@ In any case, the evaluator shall examine the TSS to confirm that; * If a biometric capture sensor returns plaintext biometric data, any entities outside the SEE can’t access the sensor and data captured by the sensor -. All plaintext biometric data is retained in volatile memory within the SEE and any entities outside the SEE including the main computer operating system can’t access these data. No TSFIs exist that reveal plaintext biometric data to any entities outside the SEE +. All plaintext biometric data is retained in volatile memory within the SEE and any entities outside the SEE including the main computer operating system can’t access these data. Any TSFIs do not reveal plaintext biometric data to any entities outside the SEE. The evaluator shall especially examine TSFIs of TSF modules provided by the biometric capture sensor (e.g. SDK) because they may include testing or debug codes and the developer who integrated the sensor into the TOE may apply minimal changes to those modules The evaluator shall keep in mind that the objective of this EA is not evaluating the SEE itself. This EA is derived from ASE_TSS.1.1 which requires that the TSS and BMD to provide potential consumers of the TOE with a high-level view of how the developer intends to satisfy each SFR. The evaluator shall check the TSS and BMD to seek for a logical explanation how the above criteria are satisfied considering this scope of the requirement. @@ -612,13 +612,10 @@ The test is repeated for biometric enrolment and biometric verification (called [loweralpha] . TSFI invocation test + -The following test steps require the developer to provide access to a test platform that provides the evaluator with tools that are typically not found on factory products. +If TSFIs exist the can be used to output plaintext biometric data to the operating system, the evaluator must perform this test. The following test steps require the developer to provide access to a test platform that provides the evaluator with tools that are typically not found on factory products. + [arabic] -.. The evaluator shall identify any TSFIs that output plaintext biometric data to the memory that is accessible by the operating system. The evaluator shall especially examine TSFIs of TSF modules provided by the biometric capture sensor (e.g. SDK) because they may include testing or debug codes and the developer who integrated the sensor into the TOE may apply minimal changes to those modules -+ -If the evaluator can’t find such TSFIs, then the evaluator does not need to perform testing to access this type of TSFI. - +.. The evaluator shall identify any TSFIs that output plaintext biometric data to the memory that is accessible by the operating system. ===== Pass/Fail criteria From d47d6b84eb66536c44594b47aee44f07d83ff054 Mon Sep 17 00:00:00 2001 From: Brian Wood Date: Mon, 13 Jun 2022 15:33:44 -0400 Subject: [PATCH 3/4] Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara --- Supporting Documents/BS_SD.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Supporting Documents/BS_SD.adoc b/Supporting Documents/BS_SD.adoc index f03de87..04234ee 100644 --- a/Supporting Documents/BS_SD.adoc +++ b/Supporting Documents/BS_SD.adoc @@ -612,7 +612,7 @@ The test is repeated for biometric enrolment and biometric verification (called [loweralpha] . TSFI invocation test + -If TSFIs exist the can be used to output plaintext biometric data to the operating system, the evaluator must perform this test. The following test steps require the developer to provide access to a test platform that provides the evaluator with tools that are typically not found on factory products. +If TSFIs exist, they could be used to output plaintext biometric data to the operating system, and so the evaluator shall perform this test. The following test steps require the developer to provide access to a test platform that provides the evaluator with tools that are typically not found on factory products. + [arabic] .. The evaluator shall identify any TSFIs that output plaintext biometric data to the memory that is accessible by the operating system. From cdf4763e936aff501abffa439267d508a11f975e Mon Sep 17 00:00:00 2001 From: Brian Wood Date: Mon, 13 Jun 2022 15:34:00 -0400 Subject: [PATCH 4/4] Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara --- Supporting Documents/BS_SD.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Supporting Documents/BS_SD.adoc b/Supporting Documents/BS_SD.adoc index 04234ee..d576fe8 100644 --- a/Supporting Documents/BS_SD.adoc +++ b/Supporting Documents/BS_SD.adoc @@ -570,7 +570,7 @@ In any case, the evaluator shall examine the TSS to confirm that; * If a biometric capture sensor returns plaintext biometric data, any entities outside the SEE can’t access the sensor and data captured by the sensor -. All plaintext biometric data is retained in volatile memory within the SEE and any entities outside the SEE including the main computer operating system can’t access these data. Any TSFIs do not reveal plaintext biometric data to any entities outside the SEE. The evaluator shall especially examine TSFIs of TSF modules provided by the biometric capture sensor (e.g. SDK) because they may include testing or debug codes and the developer who integrated the sensor into the TOE may apply minimal changes to those modules +. All plaintext biometric data is retained in volatile memory within the SEE and any entities outside the SEE including the main computer operating system can’t access these data. Any TSFIs do not reveal plaintext biometric data to any entities outside the SEE. The evaluator shall examine TSFIs of TSF modules provided by the biometric capture sensor (e.g. SDK) because they may include testing or debug codes and the developer who integrated the sensor into the TOE may apply changes to those modules The evaluator shall keep in mind that the objective of this EA is not evaluating the SEE itself. This EA is derived from ASE_TSS.1.1 which requires that the TSS and BMD to provide potential consumers of the TOE with a high-level view of how the developer intends to satisfy each SFR. The evaluator shall check the TSS and BMD to seek for a logical explanation how the above criteria are satisfied considering this scope of the requirement.