Cisco Cisco IOS Software Release 12.4(23)
4. Security Objectives
Document Organization
17
Security Target For Cisco IOS IPSec
4. Security Objectives
The security objectives are a high-level statement of the intended response to the security problem.
These objectives indicate how the security problem, as characterized in the “Security Environment”
section of the ST (see the section “
These objectives indicate how the security problem, as characterized in the “Security Environment”
section of the ST (see the section “
”), is to be addressed.
describes security objectives for the TOE, while
describes objectives for the
environment.
4.1 Security Objective for the TOE
Table 9
Security Objectives for the TOE
Name
Description
O.Authenticity
The TOE must provide the means for ensuring
that a packet flow has been received from a trusted
source.
that a packet flow has been received from a trusted
source.
O.Confidentiality
The TOE must protect the confidentiality of
packet flows transmitted to/from the TOE over an
untrusted network.
packet flows transmitted to/from the TOE over an
untrusted network.
O.Integrity
The TOE must ensure that any attempt to corrupt
or modify a packet flow transmitted to/from the
TOE is detected.
or modify a packet flow transmitted to/from the
TOE is detected.
O.Key-Confidentiality
The TOE must provide the means of protecting
the confidentiality of cryptographic keys when
they are used to encrypt/decrypt packet flows
between instances of the TOE and when kept in
short and long-term storage.
the confidentiality of cryptographic keys when
they are used to encrypt/decrypt packet flows
between instances of the TOE and when kept in
short and long-term storage.
O.NoReplay
The TOE must provide a means to detect that a
packet flow transmitted to the TOE has not been
copied by an eavesdropper and retransmitted to
the TOE.
packet flow transmitted to the TOE has not been
copied by an eavesdropper and retransmitted to
the TOE.
O.Secure-Operation
The TOE must prevent unauthorized changes to
its configuration.
its configuration.