Validation Report for Ianywhere SQL Anywhere Studio

Total Page:16

File Type:pdf, Size:1020Kb

Validation Report for Ianywhere SQL Anywhere Studio National Information Assurance Partnership ® TM Common Criteria Evaluation and Validation Scheme Validation Report iAnywhere Solutions, Inc – A Sybase Company Dublin, CA Adaptive Server Anywhere 9.0.1/9.0.2 Component of SQL Anywhere Studio 9 Report Number: CCEVS-VR-06-0018 Dated: 24 April 2006 Version: 1.0 National Institute of Standards and Technology National Security Agency Information Technology Laboratory Information Assurance Directorate 100 Bureau Drive 9800 Savage Road STE 6740 Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6740 CCEVS-VR-06-0018: Adaptive Server Anywhere 9.0.1/9.0.2 Validation Report, Version 1.0 24 April 2006 ACKNOWLEDGEMENTS Validation Team Mr. Daniel P. Faigin The Aerospace Corporation El Segundo, California The Validation Team also thanks Ms. Nicole Carlson, The Aerospace Corporation, for the work she performed when she was Lead Validator, and Mr. Kenneth Elliott for his work as Senior Validator. Common Criteria Testing Laboratory Ms. Tammy Compton, Lead Evaluator Mr. Mike Boberski Science Applications International Corporation Columbia, Maryland Much of the material in this report was extracted from evaluation material prepared by the CCTL. The CCTL team deserves credit for their hard work in developing that material. Many of the product descriptions in this report were extracted from the Adaptive Server Anywhere Security Target. ii CCEVS-VR-06-0018: Adaptive Server Anywhere 9.0.1/9.0.2 Validation Report, Version 1.0 24 April 2006 Table of Contents 1 Executive Summary.................................................................................................... 1 2 Identification............................................................................................................... 3 3 Security Policy............................................................................................................ 5 3.1 User data protection ............................................................................................ 5 3.1.1 Access Control Policies .............................................................................. 5 3.1.2 Users and Groups........................................................................................ 6 3.1.3 Ownership and DAC Permissions .............................................................. 6 3.1.4 Residual Information Protection................................................................. 6 3.2 Security audit ...................................................................................................... 7 3.3 Identification and authentication......................................................................... 8 3.4 Security management.......................................................................................... 9 3.5 Protection of the TSF.......................................................................................... 9 4 Assumptions.............................................................................................................. 10 4.1 Usage Assumptions........................................................................................... 10 4.2 Environmental Assumptions............................................................................. 10 4.3 Clarification of Scope ....................................................................................... 10 4.3.1 Overarching Policies................................................................................. 10 4.3.2 Threats Countered and Not Countered ..................................................... 11 5 Architectural Information ......................................................................................... 11 5.1 TOE Components.............................................................................................. 12 5.2 TOE Boundaries................................................................................................ 12 5.3 Architecture....................................................................................................... 13 5.3.1 Communications Subsystem..................................................................... 13 5.3.2 Query Execution Engine Subsystem......................................................... 13 5.3.3 DB Tools Subsystem ................................................................................ 14 5.4 IT Security Environment................................................................................... 15 6 Documentation.......................................................................................................... 15 6.1 Design documentation ...................................................................................... 15 6.2 Guidance documentation .................................................................................. 15 6.3 Configuration Management and Lifecycle documentation............................... 16 6.4 Delivery and Operation documentation............................................................ 16 6.5 Test documentation........................................................................................... 16 6.6 Vulnerability Assessment documentation......................................................... 16 6.7 Security Target.................................................................................................. 16 7 IT Product Testing .................................................................................................... 17 7.1 Developer Testing............................................................................................. 17 7.2 Evaluation Team Independent Testing ............................................................. 17 7.3 Evaluation Team Penetration Testing............................................................... 18 8 Evaluated Configuration ........................................................................................... 18 9 Results of the Evaluation .......................................................................................... 19 9.1 Evaluation of the Security Target (ASE).......................................................... 19 9.2 Evaluation of the Configuration Management Capabilities (ACM)................. 20 iii CCEVS-VR-06-0018: Adaptive Server Anywhere 9.0.1/9.0.2 Validation Report, Version 1.0 24 April 2006 9.3 Evaluation of the Delivery and Operation Documents (ADO)......................... 20 9.4 Evaluation of the Development (ADV) ............................................................ 20 9.5 Evaluation of the Guidance Documents (AGD) ............................................... 20 9.6 Evaluation of the Life Cycle Support Activities (ALC) ................................... 21 9.7 Evaluation of the Test Documentation and the Test Activity (ATE) ............... 21 9.8 Vulnerability Assessment Activity (AVA)....................................................... 21 9.9 Summary of Evaluation Results........................................................................ 22 10 Validator Comments/Recommendations .............................................................. 22 11 Annexes................................................................................................................. 23 12 Security Target...................................................................................................... 23 13 Glossary ................................................................................................................ 23 14 Bibliography ......................................................................................................... 26 iv CCEVS-VR-06-0018: Adaptive Server Anywhere 9.0.1/9.0.2 Validation Report, Version 1.0 24 April 2006 1 Executive Summary This report documents the assessment of the National Information Assurance Partnership (NIAP) validation team of the evaluation of the Adaptive Server Anywhere 9.0.1/9.0.2 component of the Sybase SQL Anywhere Studio 9 product.1 It presents the evaluation results, their justifications, and the conformance results. This Validation Report is not an endorsement of the Target of Evaluation by any agency of the U.S. government, and no warranty is either expressed or implied. The evaluation was performed by the Science Applications International Corporation (SAIC) Common Criteria Testing Laboratory (CCTL) in Columbia, Maryland, United States of America, and was completed in April 2006. The information in this report is largely derived from the Evaluation Technical Report (ETR) and associated test reports, all written by SAIC. The evaluation determined that the product is both Common Criteria Part 2 Extended and Part 3 Conformant, and meets the assurance requirements of Evaluation Assurance Level (EAL) 3 augmented with ALC_FLR.2. Adaptive Server Anywhere (ASA) is a relational database management system (RDBMS). According to the vendor, it was designed to support multiple operating systems as well as operate efficiently with limited memory, CPU power, and disk space. Non-security relevant capabilities of the product include full transaction processing, referential integrity, SQL stored procedures,2 triggers, row-level locking, automatic event scheduling and automatic recovery. Core features such as the query optimizer and the data caching mechanism are designed specifically to operate with minimal resources. At the same time, ASA contains the features needed to take advantage of workgroup servers, including support for many users, scalability over multiple CPUs, and advanced concurrency
Recommended publications
  • SQL Anywhere® Server Programming
    SQL Anywhere® Server Programming June 2008 Version 11.0.0 Copyright and trademarks Copyright © 2008 iAnywhere Solutions, Inc. Portions copyright © 2008 Sybase, Inc. All rights reserved. This documentation is provided AS IS, without warranty or liability of any kind (unless provided by a separate written agreement between you and iAnywhere). You may use, print, reproduce, and distribute this documentation (in whole or in part) subject to the following conditions: 1) you must retain this and all other proprietary notices, on all copies of the documentation or portions thereof, 2) you may not modify the documentation, 3) you may not do anything to indicate that you or anyone other than iAnywhere is the author or source of the documentation. iAnywhere®, Sybase®, and the marks listed at http://www.sybase.com/detail?id=1011207 are trademarks of Sybase, Inc. or its subsidiaries. ® indicates registration in the United States of America. All other company and product names mentioned may be trademarks of the respective companies with which they are associated. Contents About this book ........................................................................................... ix About the SQL Anywhere documentation ................................................................ x I. Introduction to Programming with SQL Anywhere ................................ 1 1. SQL Anywhere data access programming interfaces ......................................... 3 SQL Anywhere .NET API ......................................................................................
    [Show full text]
  • SQL Anywhere Introduction Company
    PUBLIC SQL Anywhere Document Version: 17 – 2020-12-11 SQL Anywhere Introduction company. All rights reserved. All rights company. affiliate THE BEST RUN 2020 SAP SE or an SAP SE or an SAP SAP 2020 © Content 1 SQL Anywhere - Introduction...................................................3 1.1 SQL Anywhere 17 Outside the Data Center...........................................5 1.2 Database Scenarios...........................................................6 Desktop Applications and Embedded Databases.................................... 6 Client/Server Applications....................................................7 Web Applications...........................................................8 Remote Data Synchronization..................................................8 1.3 Editions and Licensing......................................................... 9 1.4 Separately Licensed Components.................................................9 1.5 Supported Platforms..........................................................10 1.6 Accessibility................................................................11 1.7 Data Management Technologies..................................................16 SQL Anywhere and UltraLite Target Platforms......................................17 Multi-Tier Computing Architecture..............................................18 ETL Features.............................................................18 1.8 Overview of Data Exchange Technologies............................................19 Challenges for Synchronization
    [Show full text]
  • SQL Anywhere: an Embeddable DBMS
    SQL Anywhere: An Embeddable DBMS Ivan T. Bowman Peter Bumbulis Dan Farrar Anil K. Goel Brendan Lucier Anisoara Nica G. N. Paulley John Smirnios Matthew Young-Lai Sybase iAnywhere Abstract We present an overview of the embeddability features of SQL Anywhere, a full-function relational data- base system designed for frontline business environments with minimal administration. SQL Anywhere supports features common to enterprise-class database management systems, such as intra-query par- allelism, materialized views, OLAP functionality, stored procedures, triggers, and hot failover. SQL Anywhere can serve as a high-performance workgroup server, an embedded database that is installed along with an application, or as a mobile database installed on a handheld device that provides full database services, including two-way synchronization, to applications when the device is disconnected from the corporate intranet. We illustrate how SQL Anywhere’s embeddability features work in concert to provide a robust data management solution in zero-administration environments. 1 Introduction Database systems have become ubiquitous across the computing landscape. This is partly because of the basic facilities offered by database management systems: physical data independence, ACID transaction properties, a high-level query language, stored procedures, and triggers. These facilities permits sophisticated applications to ‘push’ much of their complexity into the database itself. The proliferation of database systems in the mobile and embedded market segments is due, in addition to the features above, to the support for two-way database replication and synchronization offered by most commercial database management systems. Data synchroniza- tion technology makes it possible for remote users to both access and update corporate data at a remote, off-site location.
    [Show full text]
  • Mac Os X Database Application
    Mac Os X Database Application Splashy Moses always degum his Politburo if Barr is unprovident or unswathing but. Corny Ashton enervating hinderingly or evite ergo when Weylin is faceless. Butcherly Maurits sometimes cognizes his alodiums hard and rebelled so submissively! New platform for the next section names of your data source you to It tedious really disappointing the heir that amount has been zero progress with this issue, could this time. Also many question are using databases on their Macs such as. Expert users may configure the ODBC. This application that you. Check the app from zero progress with a tabbed format of applications that this, transforming raw data! DBeaver Community Free Universal Database Tool. Provide the administrator username and password. You exhibit even export your bay as an html-table and print labels. Understanding at precious glance. Best Database Management Software for Mac 2021 Reviews. What does Texas gain for not selling electricity across state lines and therefore avoiding Federal Power and oversight? Take this open snaptube will get into chartable form at first mac os x application functioning of your experience with live without using app. Transform all kinds of files into optimized for various displays PDFs with water motion. However, four of the defining features of this crime is it it comes with native TLS encryption to ensure that important business success never gets into these wrong hands. Get stomp to legal one million creative assets on Envato Elements. Fuzzee allows to mac os application has been easier for free file to the appropriate odbc data synchronization tool.
    [Show full text]
  • SAP IQ Cockpit Non-GUI Administration and Monitoring Company
    Administration Guide | PUBLIC SAP IQ 16.1 SP 04 Document Version: 1.0.0 – 2020-10-15 SAP IQ Cockpit Non-GUI Administration and Monitoring company. All rights reserved. All rights company. affiliate THE BEST RUN 2021 SAP SE or an SAP SE or an SAP SAP 2021 © Content 1 SAP IQ Cockpit Non-GUI Administration and Monitoring..............................9 2 Get Started with SAP IQ Cockpit............................................... 10 2.1 Start and Stop the SAP IQ Cockpit Server...........................................10 Starting and Stopping the SAP IQ Cockpit Server in Windows...........................11 Starting and Stopping the SAP IQ Cockpit Server in UNIX............................. 12 Configuring SAP IQ Cockpit Server as a Windows Service..............................13 Configuring SAP IQ Cockpit Server as a UNIX Service................................ 15 cockpit Command.........................................................16 3 Configure SAP IQ Cockpit.................................................... 20 3.1 Configure SQL-Based Monitoring.................................................20 3.2 Configure SQL-Based Exploring..................................................21 3.3 Configure SQL-Based Alerting................................................... 21 Download and Start an SAP SQL Anywhere Client...................................21 Create a Technical User for Alerting.............................................23 Configure the Email Server for Alerting.......................................... 24 3.4 Configure the
    [Show full text]
  • Veritas Netbackup™ Opscenter Administrator's Guide
    Veritas NetBackup™ OpsCenter Administrator's Guide Windows and Linux Release 9.0 Veritas NetBackup™ OpsCenter Administrator's Guide Last updated: 2020-12-10 Legal Notice Copyright © 2020 Veritas Technologies LLC. All rights reserved. Veritas, the Veritas Logo, and NetBackup are trademarks or registered trademarks of Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This product may contain third-party software for which Veritas is required to provide attribution to the third party (“Third-party Programs”). Some of the Third-party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Refer to the Third-party Legal Notices document accompanying this Veritas product or available at: https://www.veritas.com/about/legal/license-agreements The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Veritas Technologies LLC and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Veritas Technologies LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.
    [Show full text]
  • SQL Anywhere® 16 Introduction
    SQL Anywhere® 16 Introduction Version 16.0 February 2013 Copyright © 2013, SAP AG or an SAP affiliate company. - SAP Sybase SQL Anywhere 16.0 Version 16.0 February 2013 © 2013 SAP AG or an SAP affiliate company. All rights reserved. You may use, print, reproduce, and distribute this documentation (in whole or in part) subject to the following conditions: 1) you must retain this and all other proprietary notices, on all copies of the documentation or portions thereof, 2) you may not modify the documentation, 3) you may not do anything to indicate that you or anyone other than SAP is the author or source of the documentation. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark. Contents About this book ....................................................................................
    [Show full text]
  • ODBC Driver Users Guide for Microsoft Windows and UNIX Company
    PUBLIC SDK for SAP Adaptive Server Enterprise 16.0 SP03 PL06 Document Version: 1.0 – 2019-1-15 ODBC Driver Users Guide for Microsoft Windows and UNIX company. All rights reserved. All rights company. affiliate THE BEST RUN 2018 SAP SE or an SAP SE or an SAP SAP 2018 © Content 1 ODBC Programming..........................................................5 1.1 ODBC Requirements and Supported Platforms........................................5 1.2 ODBC Conformance...........................................................6 1.3 ODBC Driver Manager..........................................................7 Building Applications Using an ODBC Driver Manager.................................8 Building Applications Without Using an ODBC Driver Manager...........................9 1.4 ODBC Driver for SAP ASE Samples................................................11 1.5 ODBC Handles.............................................................. 11 Allocating an ODBC Handle...................................................13 1.6 Connections to a Datasource ....................................................13 ODBC Connection Functions..................................................14 Establishing an ODBC Connection..............................................15 Threads and Connections in ODBC Applications....................................16 1.7 SQL Statements Execution..................................................... 16 Executing a SQL Statement in an ODBC Application................................. 17 Executing SQL Statements With Bound Parameters................................
    [Show full text]
  • Installation Guide Sybase IQ Infoprimer 15.3 DOCUMENT ID: DC01642-01-1530-01 LAST REVISED: May 2011 Copyright © 2011 by Sybase, Inc
    Installation Guide Sybase IQ InfoPrimer 15.3 DOCUMENT ID: DC01642-01-1530-01 LAST REVISED: May 2011 Copyright © 2011 by Sybase, Inc. All rights reserved. This publication pertains to Sybase software and to any subsequent release until otherwise indicated in new editions or technical notes. Information in this document is subject to change without notice. The software described herein is furnished under a license agreement, and it may be used or copied only in accordance with the terms of that agreement. To order additional documents, U.S. and Canadian customers should call Customer Fulfillment at (800) 685-8225, fax (617) 229-9845. Customers in other countries with a U.S. license agreement may contact Customer Fulfillment via the above fax number. All other international customers should contact their Sybase subsidiary or local distributor. Upgrades are provided only at regularly scheduled software release dates. No part of this publication may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical, or otherwise, without the prior written permission of Sybase, Inc. Sybase trademarks can be viewed at the Sybase trademarks page at http://www.sybase.com/detail?id=1011207. Sybase and the marks listed are trademarks of Sybase, Inc. ® indicates registration in the United States of America. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc.
    [Show full text]
  • Installation Guide
    Installation Guide Adaptive Server Enterprise 12.5 Sun Solaris DOCUMENT ID: 35889-01-1250-02 LAST REVISED: February 2002 Copyright © 1989-2002 by Sybase, Inc. All rights reserved. This publication pertains to Sybase database management software and to any subsequent release until otherwise indicated in new editions or technical notes. Information in this document is subject to change without notice. The software described herein is furnished under a license agreement, and it may be used or copied only in accordance with the terms of that agreement. To order additional documents, U.S. and Canadian customers should call Customer Fulfillment at (800) 685-8225, fax (617) 229-9845. Customers in other countries with a U.S. license agreement may contact Customer Fulfillment via the above fax number. All other international customers should contact their Sybase subsidiary or local distributor. Upgrades are provided only at regularly scheduled software release dates. No part of this publication may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical, or otherwise, without the prior written permission of Sybase, Inc. Sybase, the Sybase logo, ADA Workbench, Adaptable Windowing Environment, Adaptive Component Architecture, Adaptive Server, Adaptive Server Anywhere, Adaptive Server Enterprise, Adaptive Server Enterprise Monitor, Adaptive Server Enterprise Replication, Adaptive Server Everywhere, Adaptive Server IQ, Adaptive Warehouse, AnswerBase, Anywhere Studio, Application Manager, AppModeler,
    [Show full text]
  • Installation Guide Table of Contents
    PUBLIC PowerBuilder 12.6 Document Version: 2.0 - 2014-10-27 Installation Guide Table of Contents 1 Installation Guide............................................................3 2 Installation Workflow.........................................................4 3 Planning Your Installation..................................................... 5 3.1 Installation Media Contents......................................................5 3.2 System Requirements......................................................... 5 3.3 Obtaining a License........................................................... 6 3.3.1 SySAM Troubleshooting.................................................7 3.4 Software Requirements........................................................ 9 4 Preinstallation Tasks........................................................ 12 5 Starting the Common Setup Program............................................13 6 Providing Basic Information...................................................15 7 Installing SQL Anywhere......................................................17 7.1 About SQL Anywhere......................................................... 18 8 Installing InfoMaker.........................................................19 8.1 InfoMaker Components....................................................... 20 9 Installing PowerBuilder ......................................................21 9.1 PowerBuilder Components.....................................................22 10 Completing the Setup Program................................................24
    [Show full text]
  • Genesys Interactive Insights Deployment Guide
    Genesys Interactive Insights Deployment Guide What BO/BI Components Must I Install? 9/29/2021 Contents • 1 What BO/BI Components Must I Install? • 1.1 Prerequisites to BI Software Installation • 1.2 Required BI Components • 1.3 Installing BI software • 1.4 Setting up the BI Environment Genesys Interactive Insights Deployment Guide 2 What BO/BI Components Must I Install? What BO/BI Components Must I Install? SAP BusinessObjects (BO) software is an optional component of Genesys Info Mart, but is required for the operation of Genesys Interactive Insights (GI2). Refer to SAP BusinessObjects Business Intelligence Platform 4 (BI 4.1) documentation for additional installation and upgrade instructions. Access BO/BI Documentation from the following sources: • From the SAP BusinessObjects Business Intelligence Platform Documentation CD. • If you are a direct SAP customer, from the SAP website. • If you obtained BI software through Genesys, from the SAP website. GI2 does not require all available BI components: this page describes only those components that are required for GI2 operation. Prerequisites to BI Software Installation Prior to beginning the installation of BI 4.x, ensure that you have met the following prerequisites: • Acquire the appropriate installation package, which is provided either directly from SAP or from Genesys. • Ensure that no prior BI software versions pre-exist on your host. If you have a prior version of BI 4.x installed, you should upgrade it, rather than install it anew. Refer to the relevant BI 4.x Update Guide for instructions. • Ensure that your operating system is a supported version. Supported platforms are described in BI documentation.
    [Show full text]