DOCSLIB.ORG

Security Target (Against BSI PP)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Target (Against BSI PP) Huawei EulerOS Version 2.0 Common Criteria Evaluation Security Target (Against BSI PP) Version 0.13 Status Released Last update 2019-04-13 Classification Public HUAWEI TECHNOLOGIES CO., LTD. 1 / 112 Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://e.huawei.com 2 / 112 About This Document Purpose This document provides description about ST (Security Target) against BSI PP. Change History Changes between document issues are cumulative. The latest document issue contains all the changes made in earlier issues. Revisio n Section Date Change Description Author Versio Number n 2017.06. 0.1 All Initial Draft 06 2017.08. 0.2 All Add extended package 02 (AM), FCS_COP.1(DP,IV), RNG(SSL-DFLT, DM-INIT, DM-RUN, NSS, IV); Supported algorithms sorted; Change ‘trusted boot’ to ‘secure boot’; 2017.09. 0.3 All Changed based on 29 internal review results; SSSD removed; Assignment/selection added; 2018.01. 0.4 All ‘A.PROTECT.INTEGRITY’ 10 replaced with ‘A.PROTECT.NMENV’ according to [OSPP-TB]; security features in logical boundaries re- ordered; section “Runtime Protection Mechanisms” removed from TSS and logical boundaries ; Format of Table 18 changed; 3 / 112 ‘O.CRYPTO.USERDATA’ renamed to ‘O.CP.USERDATA’, and ‘FCS_COP.1(DP)’ renamed to ‘FCS_COP.1(CP)’; 2018.03. 0.5 FMT_MTD.1(IV- No user can query or 23 ACT) change the action on integrity violation, and an application note is added; “Non-TOE More supported server Hardware, models are added. Software, Firmware supported” All Review info removed. 2018.04. 0.6 FCS_CKM.1(DS DSA usage in OpenSSH is 20 A) moved outside of the scope of this ST; All Typographical convention is added in section “Security requirements”; Changes according to EE’s feedback. 2018.05. 0.7 FMT_MTD.1(AE) Format some text as AMR 21 suggested; FMT_MTD.1(AM “selection: delete, -MR) clear” is changed to “selection: delete” as AMR suggested. FMT_MSA.1(TS CAP_FOWNER is changed O) to CAP_SYS_ADMIN FIA_ATD.1(HU) The example about soft token is removed from application note. MT_MTD.1(NI) CAP_NET_RAW is added for iptables. FMT_MTD.1(IAU ‘general information’ is ) used instead of ‘authentication data’, and an explanation is also added in the application note. 2018.07. 0.8 FMT_MTD.1(AE) The ability to 23 query/modify audit rules is given to only ROOT user. (uid is checked in source code) “Security Policy ‘named objects’ are Model” in classified into two types: chapter user mode objects, kernel 4 / 112 ‘Security Target mode objects; Introduction’ FDP_ACC.1(PSO An application note is ) Subset access added, stating WRITE not control supported for some file systems (e.g. ISO9660). 2018.08. 0.9 Section ‘Non- “(with TPM chip 21 TOE Hardware, embedded)” removed. Software, Firmware supported’ FCS_CKM.1(DS ‘L=2048, N=224’ A) removed. FAU_STG.4 Option ‘notify the root user’ removed. FMT_MSA.3(TS Add NOTE in the O) ‘application note’: umask does not impact System V IPCs. FDP_IFF.1.3 ‘Statistical analysis matching’ removed; FDP_ACC.1(PSO Application note added )and for vfat, as it is persistent FDP_ACF.1(PSO file system but not POSIX ) compliant. 2018.09. 0.10 FAU_STG.4.1 Option ‘a)Stop all 12 processes that attempt to generate an audit record;’ is removed. 7.1.3 Description of ‘Audit log overflow protection’ is changed accordingly. 2018.12. 0.11 FCS_COP.1(NET TLS algorithms recovered 03 ) based on the test result 2019.01. 0.12 Non-TOE New Taishan models are 02 Hardware, added. Software, Firmware supported 2019.04. 0.13 Section 1.3.2.1; Modified according to 13 Section 2; feedback from CB: Section 1.3.2.1 (for general hardware platform) removed; PP/ExtPackage URL added at the end of Section 2; 5 / 112 Contents About This Document......................................................................................................................3 Index of Tables............................................................................................................................. 9 1 Security Target Introduction............................................................................................ 10 1.1 Security Target Reference......................................................................................... 10 1.2 TOE Reference.............................................................................................................. 10 1.3 TOE Overview................................................................................................................10 1.4 TOE Description............................................................................................................ 12 2 Conformance Claims...........................................................................................................19 3 Security Problem Definition..............................................................................................20 3.1 Threats........................................................................................................................... 20 3.1.1 Assets............................................................................................................................. 20 3.1.2 Threat Agents............................................................................................................... 20 3.1.3 Threats countered by the TOE...................................................................................20 3.1.4 Threats to be countered by the TOE environment................................................22 3.2 Organizational Security Policies............................................................................... 22 3.3 Assumptions..................................................................................................................22 3.3.1 Physical aspects........................................................................................................... 22 3.3.2 Personnel aspects........................................................................................................22 3.3.3 Procedural aspects...................................................................................................... 23 3.3.4 Connectivity aspects................................................................................................... 23 4 Security Objectives.............................................................................................................25 4.1 Security Objectives for the TOE................................................................................ 25 4.2 Security Objectives for the Operational Environment..........................................26 4.3 Rationale for Security Objectives............................................................................. 28 4.3.1 Security Objectives coverage.................................................................................... 28 4.3.2 Security Objectives sufficiency................................................................................. 29 5 Extended Components Definition....................................................................................37 5.1 FCS_RNG Generation of random numbers...............................................................37 5.2 FDP_RIP.3 Full residual information protection of resources............................. 38 5.3 FIA_USB.2 Enhanced user-subject binding............................................................. 39 5.4 FPT_TIM TSF integrity monitoring............................................................................ 40 6 Security Requirements...................................................................................................... 42 6.1 Security Functional Requirements........................................................................... 42 6.1.1 FAU_GEN.1 Audit data generation............................................................................ 42 6.1.2 FAU_GEN.2 User identity association.......................................................................43 6.1.3 FAU_SAR.1 Audit review............................................................................................. 43 6.1.4 FAU_SAR.2 Restricted audit review.........................................................................43 6.1.5 FAU_SEL.1 Selective audit.........................................................................................43
Load more

Recommended publications
  • Image Management Service
    Image Management Service Service Overview Issue 14 Date 2021-08-17 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Issue 14 (2021-08-17) Copyright © Huawei Technologies Co., Ltd. i Image Management Service Service Overview Contents Contents 1 What Is Image Management Service?................................................................................1 2 Product Advantages...............................................................................................................
    [Show full text]
  • Confine: Automated System Call Policy Generation for Container
    Confine: Automated System Call Policy Generation for Container Attack Surface Reduction Seyedhamed Ghavamnia Tapti Palit Azzedine Benameur Stony Brook University Stony Brook University Cloudhawk.io Michalis Polychronakis Stony Brook University Abstract The performance gains of containers, however, come to the Reducing the attack surface of the OS kernel is a promising expense of weaker isolation compared to VMs. Isolation be- defense-in-depth approach for mitigating the fragile isola- tween containers running on the same host is enforced purely in tion guarantees of container environments. In contrast to software by the underlying OS kernel. Therefore, adversaries hypervisor-based systems, malicious containers can exploit who have access to a container on a third-party host can exploit vulnerabilities in the underlying kernel to fully compromise kernel vulnerabilities to escalate their privileges and fully com- the host and all other containers running on it. Previous con- promise the host (and all the other containers running on it). tainer attack surface reduction efforts have relied on dynamic The trusted computing base in container environments analysis and training using realistic workloads to limit the essentially comprises the entire kernel, and thus all its set of system calls exposed to containers. These approaches, entry points become part of the attack surface exposed to however, do not capture exhaustively all the code that can potentially malicious containers. Despite the use of strict potentially be needed by future workloads or rare runtime software isolation mechanisms provided by the OS, such as conditions, and are thus not appropriate as a generic solution. capabilities [1] and namespaces [18], a malicious tenant can Aiming to provide a practical solution for the protection leverage kernel vulnerabilities to bypass them.
    [Show full text]
  • Euleros V2.0SP3 管理员指南
    EulerOS V2.0SP3 管理员指南 文档版本 01 发布日期 2019-08-12 华为技术有限公司 版权所有 © 华为技术有限公司 2019。 保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传 播。 商标声明 和其他华为商标均为华为技术有限公司的商标。 本文档提及的其他所有商标或注册商标,由各自的所有人拥有。 注意 您购买的产品、服务或特性等应受华为公司商业合同和条款的约束,本文档中描述的全部或部分产品、服务或 特性可能不在您的购买或使用范围之内。除非合同另有约定,华为公司对本文档内容不做任何明示或默示的声 明或保证。 由于产品版本升级或其他原因,本文档内容会不定期进行更新。除非另有约定,本文档仅作为使用指导,本文 档中的所有陈述、信息和建议不构成任何明示或暗示的担保。 华为技术有限公司 地址: 深圳市龙岗区坂田华为总部办公楼 邮编:518129 网址: http://www.huawei.com 客户服务邮箱: [email protected] 客户服务电话: 4008302118 文档版本 01 (2019-08-12) 版权所有 © 华为技术有限公司 i EulerOS V2.0SP3 管理员指南 目 录 目 录 1 前言................................................................................................................................................... 1 2 基础配置........................................................................................................................................... 3 2.1 通过命令设置................................................................................................................................................................ 3 2.1.1 设置语言环境............................................................................................................................................................. 3 2.1.2 设置键盘..................................................................................................................................................................... 4 2.1.3 设置日期和时间......................................................................................................................................................... 5 2.1.3.1 使用
    [Show full text]
  • Certification Report
    Reference: 2018-2-INF-2787-v1 Created by: CERT10 Target: Público Revised by: CALIDAD Date: 28.05.2019 Approved by: TECNICO CERTIFICATION REPORT Dossier # 2018-2 TOE Huawei EulerOS v2.0 Applicant 440301192203821 - Huawei Technologies Co., Ltd. References [EXT-3741] 2018-02 Solicitud de Certificación Certification report of the product Huawei EulerOS v2.0, as requested in [EXT-3741] dated 15/01/2018, and evaluated by Epoche & Espri S.L.U., as detailed in the Evaluation Technical Report [EXT-3741] received on 16/05/2019. https://oc.ccn.cni.es 1/13 [email protected] CONTENTS EXECUTIVE SUMMARY ........................................................................................................................... 3 TOE SUMMARY ................................................................................................................................... 4 SECURITY ASSURANCE REQUIREMENTS ............................................................................................ 5 SECURITY FUNCTIONAL REQUIREMENTS ........................................................................................... 5 IDENTIFICATION ..................................................................................................................................... 7 SECURITY POLICIES ................................................................................................................................. 7 ASSUMPTIONS AND OPERATIONAL ENVIRONMENT ......................................................................... 7 CLARIFICATIONS
    [Show full text]
  • Miria 2020 R1
    Compatibility Guide Miria 2020 R1 Atempo Paris Headquarters |23 Avenue Carnot, 91300 MASSY|Tél: +33 164 868 300 |[email protected] N°1 EUROPEAN SOFTWARE VENDOR FOR DATA PROTECTION ATEMPO.COM Details of this document Title Miria 2020 R1 Type Compatibility Guide Date 30/11/2020 Author Louis-Frederic Laszlo Classification Public Status Released Versions 01/08/2019 Release Miria 3.9 SP2 11/02/2020 Release Miria 3.10 30/06/2020 Release Miria 3.10 SP1 30/11/2020 Release Miria 2020 R1 Atempo Paris Headquarters |23 Avenue Carnot, 91300 MASSY|Tél: +33 164 868 300 |[email protected] N°1 EUROPEAN SOFTWARE VENDOR FOR DATA PROTECTION ATEMPO.COM Compatibility Guide Author : Louis-Frederic Laszlo Miria 2020 R1 Diffusion : Public Date : 30/11/2020 Table of contents 01. General Information ........................................................................................................................... 4 02. Important Notices ............................................................................................................................... 4 03. Atempo-Miria – Server ....................................................................................................................... 5 04. Atempo-Miria – Agent ........................................................................................................................ 5 05. Atempo-Miria – Administration Console ......................................................................................... 7 06. Atempo-Miria – Native User Interface .............................................................................................
    [Show full text]
  • Euleros V2.0SP5 安装指南
    EulerOS V2.0SP5 安装指南 文档版本 01 发布日期 2019-08-12 华为技术有限公司 版权所有 © 华为技术有限公司 2019。 保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传 播。 商标声明 和其他华为商标均为华为技术有限公司的商标。 本文档提及的其他所有商标或注册商标,由各自的所有人拥有。 注意 您购买的产品、服务或特性等应受华为公司商业合同和条款的约束,本文档中描述的全部或部分产品、服务或 特性可能不在您的购买或使用范围之内。除非合同另有约定,华为公司对本文档内容不做任何明示或默示的声 明或保证。 由于产品版本升级或其他原因,本文档内容会不定期进行更新。除非另有约定,本文档仅作为使用指导,本文 档中的所有陈述、信息和建议不构成任何明示或暗示的担保。 华为技术有限公司 地址: 深圳市龙岗区坂田华为总部办公楼 邮编:518129 网址: http://www.huawei.com 客户服务邮箱: [email protected] 客户服务电话: 4008302118 文档版本 01 (2019-08-12) 版权所有 © 华为技术有限公司 i EulerOS V2.0SP5 安装指南 目 录 目 录 1 前言................................................................................................................................................... 1 2 约束限制........................................................................................................................................... 3 3 获取发布包....................................................................................................................................... 4 4 安装指导........................................................................................................................................... 6 4.1 启动安装........................................................................................................................................................................ 6 4.2 设置安装程序语言........................................................................................................................................................ 7 4.3 进入安装界面...............................................................................................................................................................
    [Show full text]
  • Huawei Hilens
    Huawei HiLens FAQs Issue 01 Date 2020-03-27 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: https://www.huawei.com Email: [email protected] Issue 01 (2020-03-27) Copyright © Huawei Technologies Co., Ltd. i Huawei HiLens FAQs Contents Contents
    [Show full text]
  • Image Service
    Questions AWS Azure Google Cloud Platform IBM Cloud OTC Windows: Windows: - Windows Server 2008, 2012, 2016, 2019 - Windows Server 2008, 2012, 2016, 2019 Windows: - Windows Server 2016 Build 1709, 1803, 1809 Windows: - Windows Server 2008 R2 SP1, 2008 SP2, 2012 R2, 2016 , 2019 Windows: - Windows Server 2008, 2012, 2016 Build 1809, 2019 - Windows Server 2016 Build 1709, 1803, 1809 Linux: - Windows Server 2012 , 2016 Linux: - Windows 10 - CentOS 6.x , 7.x - openSUSE 15.x, 42.x Linux: - Container-optimised OS dev, beta, stable, 69-lts Linux: - CentOS 6.x, 7.x - Amazone Linux 2, 2018.03 Linux: - CoreOS alpha, beta, stable - CentOS- Minimal 6.X, 7.x - Debian 8.x, 9.x - CentOS 6.x , 7.x - CentOS-based 6.9 , 7.4 - Debian 9.x - CentOS-LAMP 6.X, 7.X - Fedora 26, 27, 28, 29 - Debian 8.x 9.x - ClearLinux - Ubuntu 14.04.x, 16.04.x, 17.04.x, 18.04.x - Debian Minimal Stable 8.X, 9.x - EulerOS 2.x - Fedora 26, 27, 28, 29 - Container Linux - SLES 12, 15 - Debian LAMP Stable 8.X - Ubuntu 14.04.x, 16.04.x, 18.04.x - Ubuntu 14.04.x , 16.04.x , 18.04.x - Debian 8, 9 - SLES for SAP 12-sp2-sap, 12-sp3-sap - Red Hat Minimal 6.x, 7.x - SUSE Enterprise Linux 11, 12, 15 - SUSE Enterprise Linux 12, 15 - Red Hat Enterprise Linux 7.x - Oracle Linux 6.8, 7.x , - Red Hat LAMP 6.x, 7.x - SUSE SAP 12 Which operating systems are offered by the - Oracle Linux 6.8, 7.x , - SLES 11SP4 , 12SP3 - RedHat Enterprise Linux 6, 7 - Ubuntu Minimal 14.04, 16.04, 18.04 - Oracle Linux 6.8 , 7.2 provider with which versions? - Red Enterprise Linux 6.8, 7.3 - Ubuntu 14.04, 16.04, 18.04
    [Show full text]
  • Common Operations
    Kunpeng Porting Advisor 2.3.T10 Common Operations Date 2021-06-30 Kunpeng Porting Advisor Common Operations Contents Contents 1 Configuring the Installation Environment........................................................................ 1 1.1 Configuring the OS Yum, APT, or Zypper Source......................................................................................................... 1 1.2 Upgrading Dependency Components of an Earlier OS..............................................................................................4 2 Importing the Root Certificate for Kunpeng Porting Advisor...................................... 8 3 Disabling SELinux.................................................................................................................. 14 4 Common Container Operations......................................................................................... 15 5 Changing the IP Address and Port Number of the Kunpeng Porting Advisor........17 6 Starting, Stopping, or Restarting Services...................................................................... 19 7 Exception Scenarios and Common Syntax Errors in Inline Assembly....................... 20 7.1 Exception Scenarios..............................................................................................................................................................20 7.2 Common Syntax Errors......................................................................................................................................................
    [Show full text]
  • Certification Report
    MINISTERIO DE LA PRESIDENCIA Y PARA LAS ADMINISTRACIONES TERRITORIALES REF: 2017-22-INF-2257v1 Created by: CERT10 Target: Público Revised by: CALIDAD Date: 08.03.2018 Approved by: TECNICO CERTIFICATION REPORT File: 2017-22 EulerOS v2.0 build 3.10.0-327.59.59.46.h34.x86_64 Applicant: Huawei Technologies Co., Ltd. References: [EXT-3407] Certification request of EulerOS v2.0 [EXT-3780] Evaluation Technical Report of EulerOS v2.0. The product documentation referenced in the above documents. Certification report of EulerOS v2.0 build 3.10.0-327.59.59.46.h34.x86_64, as requested in [EXT-3407] on 07/06/2017, and evaluated by Epoche & Espri S.L.U., as detailed in the Evaluation Technical Report [EXT-3780] received on 28/12/2017. Page 1 of 15 https://oc.ccn.cni.es Email: [email protected] MINISTERIO DE LA PRESIDENCIA Y PARA LAS ADMINISTRACIONES TERRITORIALES TABLE OF CONTENTS EXECUTIVE SUMMARY .................................................................................................................................. 3 TOE SUMMARY .............................................................................................................................................. 4 SECURITY ASSURANCE REQUIREMENTS ................................................................................................ 6 SECURITY FUNCTIONAL REQUIREMENTS .............................................................................................. 7 IDENTIFICATION .............................................................................................................................................
    [Show full text]
  • Network Cloud Engine Security Target
    CC HUAWEI iMaster NCE V100R019C10 - Security Target Issue 1.9 Date 2020-9-04 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: https://www.huawei.com Email: [email protected] Issue 1.0 (2020-7-22) 版权所有 © 华为技术有限公司 i CC HUAWEI iMaster NCE
    [Show full text]
  • Elastic Cloud Server User Guide Contents
    Elastic Cloud Server User Guide Date 2021-08-09 Elastic Cloud Server User Guide Contents Contents 1 Service Overview..................................................................................................................... 1 1.1 What Is ECS?............................................................................................................................................................................. 1 1.2 Instances..................................................................................................................................................................................... 2 1.2.1 Overview................................................................................................................................................................................. 3 1.2.2 ECS Lifecycle.......................................................................................................................................................................... 3 1.2.3 ECS Types................................................................................................................................................................................ 4 1.3 ECS Specifications and Types...............................................................................................................................................6 1.3.1 ECS Specifications...............................................................................................................................................................
    [Show full text]