Security Target
Total Page:16
File Type:pdf, Size:1020Kb
Solaris 10 03/05 Security Target Document Number: S10_101 Date: 28 November, 2006 Author: Version: 2.3 DEFINITIVE Abstract This document is the Security Target for the EAL4+ Common Criteria v2.2 evaluation of Solaris10 developed by Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, California, 94054 ©2006 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, California 95054 U.S.A. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Portions of this product may be derived from the UNIX® system, licensed from UNIX Systems Laboratories, Inc., a wholly owned subsidiary of Novell, Inc., and from the Berkeley 4.3 BSD system, licensed from the University of California. Third-party software, including font technology in this product, is protected by copyright and licensed from Sun’s Suppliers. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. The product described in this manual may be protected by one or more U.S. patents, foreign patents, or pending applications. TRADEMARKS Sun, Sun Microsystems, the Sun logo, SunSoft, the SunSoft logo, Solaris, Trusted Solaris, SunOS, OpenWindows, DeskSet, ONC, ONC+, NFS, NeWSprint, and Trusted NeWSprint are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and may be protected as trademarks in other countries. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. OPEN LOOK is a registered trademark of Novell, Inc. PostScript and Display PostScript are trademarks of Adobe Systems, Inc. All other product, service, or company names mentioned herein are claimed as trademarks and trade names by their respective companies. All SPARC trademarks are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. SPARCcenter, SPARCcluster, SPARCompiler, SPARCdesign, SPARC811, SPARCengine, SPARCprinter, SPARCserver, SPARCstation, SPARCstorage, SPARCworks, microSPARC, microSPARC-II, and UltraSPARC are licensed exclusively to Sun Microsystems, Inc. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. The OPEN LOOK® and Sun™ Graphical User Interfaces were developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun’s licensees who implement OPEN LOOK GUI’s and otherwise comply with Sun’s written license agreements. X Window System is a trademark of X Consortium, Inc. THIS PUBLICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS PUBLICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN, THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THE PUBLICATION. SUN MICROSYSTEMS, INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAMS(S) DESCRIBED IN THIS PUBLICATION AT ANY TIME. Please Recycle SUN MICROSYSTEMS, INC. References Standards & Criteria [CC] Common Criteria for Information Technology Security Evaluation, Version 2.2, CCIMB-2004-01-002, January 2004 [CCP2] Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Requirements, Version 2.2, CCIMB-2004-01-002, January 2004 [CAPP] Controlled Access Protection Profile, Issue 1.d, 8 October 1999 [RBAC] Role Based Access Control Protection Profile, Version 1.0, 30 July 1998 [ALC_FLR] Part 2: Evaluation Methodology Supplement: Flaw Remediation, Version 1.1, February 2002 [Sol9_ST_FCS] Solaris 9 08/03 Security Target Version 1.0, 24 January, 2005 [NIST1] Letter from R. Chandramouli, re: FIA_UAU.2 in RBAC PP, Computer Security Division, NIST, dated 16 July 2001 [NIST2] Letter from R. Chandramouli, re: FPT_TST.1 in RBAC PP, Computer Security Division, NIST, dated 16 July 2001 iii Public Revision History Version Date Author Comments 2.3 November 2006 Jane Medefesser Public Release Contents 1 Introduction . 1 1.1 ST Identification . 1 1.2 ST Overview . 1 1.3 CC Conformance . 1 1.4 Structure . 2 1.5 Terminology . 2 1.6 Document Layout . 5 2 TOE Description . 7 2.1 Introduction . 7 2.2 Intended Use . 7 2.3 Evaluated Configurations . 8 2.3.1 Target of Evaluation . 8 2.3.2 File systems . 9 2.3.3 Configurations . 10 2.4 Summary of Security Features. 12 2.4.1 DAC . 12 2.4.2 Object Reuse. 12 2.4.3 Identification and Authentication . 12 2.4.4 Roles and Profiles. 13 2.4.5 Security Management . 14 2.4.6 Auditing . 15 2.4.7 Enforcement . 16 2.4.8 Secure Communication. 16 2.4.9 TSF Protection . 16 2.4.10 Privileges and Authorizations. 17 3 TOE Security Environment . 19 Solaris 10 Security Target 2.3 DEFINITIVE v SUN MICROSYSTEMS, INC. 3.1 Introduction . 19 3.2 Threats. 19 3.2.1 Threats countered by the TOE . 20 3.2.2 Threats to be countered by measures within the TOE environment . 20 3.3 Organizational Security Policies . 21 3.4 Assumptions . 21 3.4.1 Physical Aspects. 21 3.4.2 Personnel Aspects. 22 3.4.3 Procedural Aspects . 22 3.4.4 Connectivity Aspects . 22 4 Security Objectives . 25 4.1 Security Objectives for the TOE . 25 4.2 Security Objectives for the TOE Environment . 26 5 Security Requirements . 29 5.1 TOE Security Functional Requirements . 29 5.1.1 Protection Profile SFRs Tailored for This Security Target32 5.2 Additional SFRs for This Security Target . 38 5.2.1 Security Management (FMT) . 38 5.2.2 User Data Protection (FDP) . 39 5.2.3 Trusted Path/Channels (FTP) . 39 5.3 Strength of Function . 40 5.4 TOE Security Assurance Requirements. 40 5.5 Security Requirements for the IT Environment . 40 5.5.1 Ultrasparc Workstations, SunFire V880, SunBlade 2000 40 5.5.2 SunFire MidFrames, E15K . 40 6 TOE Summary Specification . 41 6.1 IT Security Functions . 41 6.1.1 Discretionary Access Control (DAC) . 41 6.1.2 Object Reuse. 43 6.1.3 Identification and Authentication . 43 vi Solaris 10 Security Target 2.3 DEFINITIVE SUN MICROSYSTEMS, INC. 6.1.4 Audit . 44 6.1.5 Administration. 47 6.1.6 Enforcement Functions . 48 6.1.7 Failure . 48 6.1.8 Session Locking . 48 6.1.9 Secure Communication . 49 6.2 Required Security Mechanisms . 50 6.2.1 Identification and Authentication . 50 6.3 Assurance Measures . 50 7 Rationale . 53 7.1 Correlation of Threats, Policies, Assumptions and Objectives. 53 7.2 Security Objectives Rationale . 56 7.2.1 Complete Coverage - Threats . 56 7.2.2 Complete Coverage - Policy . 62 7.2.3 Complete Coverage - Environmental Assumptions . 64 7.2.4 Complete Coverage - Personnel Assumptions. 64 7.2.5 Complete Coverage - Procedural Assumptions . 65 7.3 Security Requirements Rationale . 66 7.3.1 Complete Coverage - Objectives . 66 7.3.2 Requirements are Mutually Supportive and Internally Consistent . 75 7.3.3 Justification for Choice of Assurance Requirements . 75 7.3.4 Strength of Function Claim is Consistent with Security Objectives . 75 7.4 TOE Summary Specification Rationale . 76 7.4.1 IT Security Functions Satisfy Functional Requirements 76 7.4.2 Justification for Compliance of Assurance Measures 81 7.5 PP Claims and Rationale . 81 7.5.1 PP Reference . 81 7.5.2 PP Tailoring. 82 7.5.3 PP Additions . 82 7.5.4 PP Rationale . 82 Solaris 10 Security Target 2.3 DEFINITIVE vii SUN MICROSYSTEMS, INC. 8 Appendix A . 83 A 1.1 Platform 1 Configurations . 83 A 1.2 Platform 2 Configurations . 85 A 1.3 Platform 3 Configurations . 86 viii Solaris 10 Security Target 2.3 DEFINITIVE SUN MICROSYSTEMS, INC. Introduction 1 1.1 ST Identification Title: Solaris 10 03/05 Security Target Keywords: Solaris 10, general-purpose operating system, POSIX, UNIX. This document is the security target for the CC evaluation of the Solaris 10 03/05 operating system product, and is conformant to the Common Criteria for Information Technology Security Evaluation [CC]. 1.2 ST Overview This Security Target documents the security characteristics of the Solaris 10 operating system. The Solaris Operating Environment is a computer operating system, based on the open- source UNIX SunOS developed by Sun Microsystems, Inc. Solaris is a highly-configurable UNIX-based operating system. Originally developed to meet the requirements of the C2 class of the U.S. Department of Defence (DoD) Trusted Computer System Evaluation Criteria (TCSEC), it now meets specific equivalent Protection Profiles developed within the Common Criteria Project. These broad requirements are described for the Common Criteria scheme in [CAPP],.