Konica Minolta BIZHUB 920 User Manual

The following shows the rationale for Table 8.1.

T.HDDACCESS Unauthorized access to the HDD

TSF changes and manages the HDD lock password of HDD1 and HDD2 in the management

function of O.MANAGE by the valid administrator identified in O.IA. Moreover TSF makes it

possible to detect the trial of unauthorized use to the applicable management function by anyone

except the administrator, because it records the failed identification and authentication of

administrator as audit information in O.AUDIT. In OE.HDD, the HDD1 and HDD2 execute the

identification and authentication, then the access is limited to only the TOE that is valid user,

therefore, the unauthorized access to HDD1 and HDD2 is prevented. As above mentioned, the

threat - T.HDDACCESS can be resisted by O.IA, O.MANAGE, O.AUDIT, and OE.HDD of the

security objectives policies.

T.ACCESS Unauthorized access to the BOX

TSF permits only the valid general user, who owns the User BOX identified and authenticated in

O.IA, to read out the document data in the User BOX in O.DATAACCESS. Moreover TOE makes it

possible to detect the unauthorized operation to the document data in the User BOX that the

general user owns, because it records the operation regarding the access function to the document

data that is “asset to be protected” as audit information in O.AUDIT. As above mentioned, the threat

- T.ACCESS can be resisted by O.IA, O.DATAACCESS, and O.AUDIT of the security objectives

policies.

T.IMPADMIN Impersonation of the CE and administrator

TSF identifies and authorizes the CE in O.IA. TSF provides the valid CE identified and

Authenticated with the function to decide the administrator in O.CE. TSF identifies and authorizes

the decided administrator in O.IA. TSF provides the valid administrator identified and authenticated

with the function to manage the User BOX in O.MANAGE. The administrator decides the owner of

User BOX using this funtion. TSF permits only the valid general user who owns the User BOX

identified and authenticated in O.IA, to read out the document data in the User BOX in

O.DATAACCESS. Moreover TSF makes it possible to detect the conduct operated to impersonate

the administrator, because it records the failed identification and authentication of CE and

administrator as audit information in O.AUDIT.

As above mentioned, the threat - T.IMPADMIN can be resisted by O.IA, O.CE, O.MANAGE,

O.DATAACCESS, and O.AUDIT of security objectives policies.

Copyright© 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., All Rights Reserved