Samsung Multifunction MultiXpress X4220, X4250, X4300, X401, K4250, K4300, K4350, K401 Series
32
Copyright
2014 SAMSUNG ELECTRONICS Co., Ltd., All rights reserved
3
Security Problem Definition
This chapter defines assumptions, organizational security policies, and threats intended for the TOE
and TOE operational environments to manage.
3.1
Threats agents
The threats agents are users that can adversely access the internal asset or harm the internal asset in an
abnormal way. The threats have an attacker possessing a basic attack potential, standard equipment,
and motive. The threats that are described in this chapter will be resolved by security objectives in
chapter 4.
The following are the threat agents defined in this ST:
-
Persons who are not permitted to use the TOE who may attempt to use the TOE.
-
Persons who are authorized to use the TOE who may attempt to use TOE functions for
which they are not authorized.
-
Persons who are authorized to use the TOE who may attempt to access data in ways for
which they are not authorized.
-
Persons who unintentionally cause a software malfunction that may expose the TOE to
unanticipated threats.
3.1.1
Threats to TOE Assets
The threats taken from the PP to which this Security Target conforms are as shown in Table 14 and
Table 15 (Refer to chapter 6 about affected asset):
Table 14: Threats to User Data for the TOE
Threats
Affected Asset
Description
T.DOC.DIS
D.DOC
User Document Data may be disclosed to unauthorized persons
T.DOC.ALT
D.DOC
User Document Data may be altered by unauthorized persons
T.FUNC.ALT
D.FUNC
User Function Data may be altered by unauthorized persons
Table 15: Threats to TSF Data for the TOE
Threats
Affected Asset
Description
T.PROT.ALT
D.PROT
TSF Protected Data may be altered by unauthorized persons
T.CONF.DIS
D.CONF
TSF Confidential Data may be disclosed to unauthorized persons
T.CONF.ALT
D.CONF
TSF Confidential Data may be altered by unauthorized persons
