DOCSLIB.ORG

Network Cloud Engine Security Target

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Network Cloud Engine Security Target CC HUAWEI iMaster NCE V100R019C10 - Security Target Issue 1.9 Date 2020-9-04 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: https://www.huawei.com Email: [email protected] Issue 1.0 (2020-7-22) 版权所有 © 华为技术有限公司 i CC HUAWEI iMaster NCE V100R019C10 - Security Target Issue 1.0 (2020-7-22) 版权所有 © 华为技术有限公司 ii CC HUAWEI iMaster NCE V100R019C10 - Security Target About This Document About This Document Change History Version Date Change Description Author V1.0 2020-1-4 Initial Draft Li Ling, Wang Feng, Rao Lei, Guoxiaoqing V1.1 2020-2-20 Modified according to Rao Lei, Li Ling, Wang Feng review comments V1.2 2020-4-21 Modified according to Rao Lei, Li Ling, Wang Feng ASE Action item list v2.0 V1.3 2020-4-24 Updated physical Rao Lei, Li Ling, Wang Feng scope V1.4 2020-5-20 Modified according to Li Ling , Rao Lei review comments V1.5 2020-7-3 Modified according to Li Ling , Rao Lei review comments V1.6 2020-7-9 Modified according to Li Ling, Rao Lei review comments V1.7 2020-7-22 Modified according to Li Ling review comments V1.8 2020-7-30 Modified according to Rao Lei review comments V1.9 2020-9-04 Update the Description Li Ling of EulerOS version in ‘Table 1-8 Server configuration requirements’ Issue 1.0 (2020-7-22) 版权所有 © 华为技术有限公司 iii CC HUAWEI iMaster NCE V100R019C10 - Security Target About This Document Issue 1.0 (2020-7-22) 版权所有 © 华为技术有限公司 iv CC HUAWEI iMaster NCE V100R019C10 - Security Target Contents Contents About This Document .............................................................................................................. ii 1 Introduction .............................................................................................................................. 1 1.1 ST Reference ...................................................................................................................................................... 1 1.2 TOE Reference ................................................................................................................................................... 1 1.3 TOE Overview ..................................................................................................................................................... 1 1.3.1 TOE Usage and Major Security Features ...................................................................................................... 2 1.3.2 TOE Type.......................................................................................................................................................... 3 1.3.3 Non-TOE Hardware and Software .................................................................................................................. 4 1.4 TOE Description .................................................................................................................................................. 8 1.4.1 TOE Definition Scope ...................................................................................................................................... 8 1.4.1.1 Physical Scope .............................................................................................................................................. 8 1.4.1.2 Logical Scope ...............................................................................................................................................12 2 CC Conformance Claims ..................................................................................................... 14 3 Security Problem Definition ................................................................................................ 16 3.1 Assumptions .......................................................................................................................................................16 3.2 Threats ...............................................................................................................................................................16 3.2.1 Assets and Agents ..........................................................................................................................................16 3.2.2 Threats Addressed by the TOE......................................................................................................................17 3.2.2.1 T.UnauthenticatedAccess ............................................................................................................................17 3.2.2.2 T.UnauthorizedAccess .................................................................................................................................17 3.2.2.3 T.Eavesdrop..................................................................................................................................................17 4 Security Objectives ............................................................................................................... 19 4.1 Security Objectives for the TOE .......................................................................................................................19 4.2 Security Objectives for the Operational Environment .....................................................................................19 4.3 Security Objectives Rationale ...........................................................................................................................20 4.3.1 Coverage .........................................................................................................................................................20 4.3.2 Sufficiency .......................................................................................................................................................21 5 Security Requirements for the TOE................................................................................... 24 5.1 Conventions .......................................................................................................................................................24 5.2 Security Requirements ......................................................................................................................................24 5.2.1 Security Audit (FAU) .......................................................................................................................................24 Issue 1.0 (2020-7-22) 版权所有 © 华为技术有限公司 v CC HUAWEI iMaster NCE V100R019C10 - Security Target Contents 5.2.1.1 FAU_GEN.1 Audit Data Generation ...........................................................................................................24 5.2.1.2 FAU_GEN.2 User Identity Association .......................................................................................................25 5.2.1.3 FAU_SAR.1 Audit Review ...........................................................................................................................25 5.2.1.4 FAU_SAR.2 Restricted Audit Review .........................................................................................................25 5.2.1.5 FAU_SAR.3 Selectable Audit Review ........................................................................................................26 5.2.1.6 FAU_STG.1 Protected Audit Trail Storage .................................................................................................26 5.2.1.7 FAU_STG.3 Action in Case of Possible Audit Data Loss ..........................................................................26 5.2.2 User Data Protection (FDP) ...........................................................................................................................26 5.2.2.1 FDP_ACC.2 Completing Access Control ...................................................................................................26 5.2.2.2 FDP_ACF.1 Security Attribute-Based Access Control...............................................................................26 5.2.2.3 FDP_UIT.1 Data exchange integrity ...........................................................................................................27 5.2.3 Identification and Authentication (FIA) ..........................................................................................................27 5.2.3.1 FIA_UID.2 User Identification Before Any Action
Load more

Recommended publications
  • Image Management Service
    Image Management Service Service Overview Issue 14 Date 2021-08-17 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Issue 14 (2021-08-17) Copyright © Huawei Technologies Co., Ltd. i Image Management Service Service Overview Contents Contents 1 What Is Image Management Service?................................................................................1 2 Product Advantages...............................................................................................................
    [Show full text]
  • Confine: Automated System Call Policy Generation for Container
    Confine: Automated System Call Policy Generation for Container Attack Surface Reduction Seyedhamed Ghavamnia Tapti Palit Azzedine Benameur Stony Brook University Stony Brook University Cloudhawk.io Michalis Polychronakis Stony Brook University Abstract The performance gains of containers, however, come to the Reducing the attack surface of the OS kernel is a promising expense of weaker isolation compared to VMs. Isolation be- defense-in-depth approach for mitigating the fragile isola- tween containers running on the same host is enforced purely in tion guarantees of container environments. In contrast to software by the underlying OS kernel. Therefore, adversaries hypervisor-based systems, malicious containers can exploit who have access to a container on a third-party host can exploit vulnerabilities in the underlying kernel to fully compromise kernel vulnerabilities to escalate their privileges and fully com- the host and all other containers running on it. Previous con- promise the host (and all the other containers running on it). tainer attack surface reduction efforts have relied on dynamic The trusted computing base in container environments analysis and training using realistic workloads to limit the essentially comprises the entire kernel, and thus all its set of system calls exposed to containers. These approaches, entry points become part of the attack surface exposed to however, do not capture exhaustively all the code that can potentially malicious containers. Despite the use of strict potentially be needed by future workloads or rare runtime software isolation mechanisms provided by the OS, such as conditions, and are thus not appropriate as a generic solution. capabilities [1] and namespaces [18], a malicious tenant can Aiming to provide a practical solution for the protection leverage kernel vulnerabilities to bypass them.
    [Show full text]
  • Euleros V2.0SP3 管理员指南
    EulerOS V2.0SP3 管理员指南 文档版本 01 发布日期 2019-08-12 华为技术有限公司 版权所有 © 华为技术有限公司 2019。 保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传 播。 商标声明 和其他华为商标均为华为技术有限公司的商标。 本文档提及的其他所有商标或注册商标,由各自的所有人拥有。 注意 您购买的产品、服务或特性等应受华为公司商业合同和条款的约束,本文档中描述的全部或部分产品、服务或 特性可能不在您的购买或使用范围之内。除非合同另有约定,华为公司对本文档内容不做任何明示或默示的声 明或保证。 由于产品版本升级或其他原因,本文档内容会不定期进行更新。除非另有约定,本文档仅作为使用指导,本文 档中的所有陈述、信息和建议不构成任何明示或暗示的担保。 华为技术有限公司 地址: 深圳市龙岗区坂田华为总部办公楼 邮编:518129 网址: http://www.huawei.com 客户服务邮箱: [email protected] 客户服务电话: 4008302118 文档版本 01 (2019-08-12) 版权所有 © 华为技术有限公司 i EulerOS V2.0SP3 管理员指南 目 录 目 录 1 前言................................................................................................................................................... 1 2 基础配置........................................................................................................................................... 3 2.1 通过命令设置................................................................................................................................................................ 3 2.1.1 设置语言环境............................................................................................................................................................. 3 2.1.2 设置键盘..................................................................................................................................................................... 4 2.1.3 设置日期和时间......................................................................................................................................................... 5 2.1.3.1 使用
    [Show full text]
  • Certification Report
    Reference: 2018-2-INF-2787-v1 Created by: CERT10 Target: Público Revised by: CALIDAD Date: 28.05.2019 Approved by: TECNICO CERTIFICATION REPORT Dossier # 2018-2 TOE Huawei EulerOS v2.0 Applicant 440301192203821 - Huawei Technologies Co., Ltd. References [EXT-3741] 2018-02 Solicitud de Certificación Certification report of the product Huawei EulerOS v2.0, as requested in [EXT-3741] dated 15/01/2018, and evaluated by Epoche & Espri S.L.U., as detailed in the Evaluation Technical Report [EXT-3741] received on 16/05/2019. https://oc.ccn.cni.es 1/13 [email protected] CONTENTS EXECUTIVE SUMMARY ........................................................................................................................... 3 TOE SUMMARY ................................................................................................................................... 4 SECURITY ASSURANCE REQUIREMENTS ............................................................................................ 5 SECURITY FUNCTIONAL REQUIREMENTS ........................................................................................... 5 IDENTIFICATION ..................................................................................................................................... 7 SECURITY POLICIES ................................................................................................................................. 7 ASSUMPTIONS AND OPERATIONAL ENVIRONMENT ......................................................................... 7 CLARIFICATIONS
    [Show full text]
  • Miria 2020 R1
    Compatibility Guide Miria 2020 R1 Atempo Paris Headquarters |23 Avenue Carnot, 91300 MASSY|Tél: +33 164 868 300 |[email protected] N°1 EUROPEAN SOFTWARE VENDOR FOR DATA PROTECTION ATEMPO.COM Details of this document Title Miria 2020 R1 Type Compatibility Guide Date 30/11/2020 Author Louis-Frederic Laszlo Classification Public Status Released Versions 01/08/2019 Release Miria 3.9 SP2 11/02/2020 Release Miria 3.10 30/06/2020 Release Miria 3.10 SP1 30/11/2020 Release Miria 2020 R1 Atempo Paris Headquarters |23 Avenue Carnot, 91300 MASSY|Tél: +33 164 868 300 |[email protected] N°1 EUROPEAN SOFTWARE VENDOR FOR DATA PROTECTION ATEMPO.COM Compatibility Guide Author : Louis-Frederic Laszlo Miria 2020 R1 Diffusion : Public Date : 30/11/2020 Table of contents 01. General Information ........................................................................................................................... 4 02. Important Notices ............................................................................................................................... 4 03. Atempo-Miria – Server ....................................................................................................................... 5 04. Atempo-Miria – Agent ........................................................................................................................ 5 05. Atempo-Miria – Administration Console ......................................................................................... 7 06. Atempo-Miria – Native User Interface .............................................................................................
    [Show full text]
  • Euleros V2.0SP5 安装指南
    EulerOS V2.0SP5 安装指南 文档版本 01 发布日期 2019-08-12 华为技术有限公司 版权所有 © 华为技术有限公司 2019。 保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传 播。 商标声明 和其他华为商标均为华为技术有限公司的商标。 本文档提及的其他所有商标或注册商标,由各自的所有人拥有。 注意 您购买的产品、服务或特性等应受华为公司商业合同和条款的约束,本文档中描述的全部或部分产品、服务或 特性可能不在您的购买或使用范围之内。除非合同另有约定,华为公司对本文档内容不做任何明示或默示的声 明或保证。 由于产品版本升级或其他原因,本文档内容会不定期进行更新。除非另有约定,本文档仅作为使用指导,本文 档中的所有陈述、信息和建议不构成任何明示或暗示的担保。 华为技术有限公司 地址: 深圳市龙岗区坂田华为总部办公楼 邮编:518129 网址: http://www.huawei.com 客户服务邮箱: [email protected] 客户服务电话: 4008302118 文档版本 01 (2019-08-12) 版权所有 © 华为技术有限公司 i EulerOS V2.0SP5 安装指南 目 录 目 录 1 前言................................................................................................................................................... 1 2 约束限制........................................................................................................................................... 3 3 获取发布包....................................................................................................................................... 4 4 安装指导........................................................................................................................................... 6 4.1 启动安装........................................................................................................................................................................ 6 4.2 设置安装程序语言........................................................................................................................................................ 7 4.3 进入安装界面...............................................................................................................................................................
    [Show full text]
  • Huawei Hilens
    Huawei HiLens FAQs Issue 01 Date 2020-03-27 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: https://www.huawei.com Email: [email protected] Issue 01 (2020-03-27) Copyright © Huawei Technologies Co., Ltd. i Huawei HiLens FAQs Contents Contents
    [Show full text]
  • Image Service
    Questions AWS Azure Google Cloud Platform IBM Cloud OTC Windows: Windows: - Windows Server 2008, 2012, 2016, 2019 - Windows Server 2008, 2012, 2016, 2019 Windows: - Windows Server 2016 Build 1709, 1803, 1809 Windows: - Windows Server 2008 R2 SP1, 2008 SP2, 2012 R2, 2016 , 2019 Windows: - Windows Server 2008, 2012, 2016 Build 1809, 2019 - Windows Server 2016 Build 1709, 1803, 1809 Linux: - Windows Server 2012 , 2016 Linux: - Windows 10 - CentOS 6.x , 7.x - openSUSE 15.x, 42.x Linux: - Container-optimised OS dev, beta, stable, 69-lts Linux: - CentOS 6.x, 7.x - Amazone Linux 2, 2018.03 Linux: - CoreOS alpha, beta, stable - CentOS- Minimal 6.X, 7.x - Debian 8.x, 9.x - CentOS 6.x , 7.x - CentOS-based 6.9 , 7.4 - Debian 9.x - CentOS-LAMP 6.X, 7.X - Fedora 26, 27, 28, 29 - Debian 8.x 9.x - ClearLinux - Ubuntu 14.04.x, 16.04.x, 17.04.x, 18.04.x - Debian Minimal Stable 8.X, 9.x - EulerOS 2.x - Fedora 26, 27, 28, 29 - Container Linux - SLES 12, 15 - Debian LAMP Stable 8.X - Ubuntu 14.04.x, 16.04.x, 18.04.x - Ubuntu 14.04.x , 16.04.x , 18.04.x - Debian 8, 9 - SLES for SAP 12-sp2-sap, 12-sp3-sap - Red Hat Minimal 6.x, 7.x - SUSE Enterprise Linux 11, 12, 15 - SUSE Enterprise Linux 12, 15 - Red Hat Enterprise Linux 7.x - Oracle Linux 6.8, 7.x , - Red Hat LAMP 6.x, 7.x - SUSE SAP 12 Which operating systems are offered by the - Oracle Linux 6.8, 7.x , - SLES 11SP4 , 12SP3 - RedHat Enterprise Linux 6, 7 - Ubuntu Minimal 14.04, 16.04, 18.04 - Oracle Linux 6.8 , 7.2 provider with which versions? - Red Enterprise Linux 6.8, 7.3 - Ubuntu 14.04, 16.04, 18.04
    [Show full text]
  • Common Operations
    Kunpeng Porting Advisor 2.3.T10 Common Operations Date 2021-06-30 Kunpeng Porting Advisor Common Operations Contents Contents 1 Configuring the Installation Environment........................................................................ 1 1.1 Configuring the OS Yum, APT, or Zypper Source......................................................................................................... 1 1.2 Upgrading Dependency Components of an Earlier OS..............................................................................................4 2 Importing the Root Certificate for Kunpeng Porting Advisor...................................... 8 3 Disabling SELinux.................................................................................................................. 14 4 Common Container Operations......................................................................................... 15 5 Changing the IP Address and Port Number of the Kunpeng Porting Advisor........17 6 Starting, Stopping, or Restarting Services...................................................................... 19 7 Exception Scenarios and Common Syntax Errors in Inline Assembly....................... 20 7.1 Exception Scenarios..............................................................................................................................................................20 7.2 Common Syntax Errors......................................................................................................................................................
    [Show full text]
  • Certification Report
    MINISTERIO DE LA PRESIDENCIA Y PARA LAS ADMINISTRACIONES TERRITORIALES REF: 2017-22-INF-2257v1 Created by: CERT10 Target: Público Revised by: CALIDAD Date: 08.03.2018 Approved by: TECNICO CERTIFICATION REPORT File: 2017-22 EulerOS v2.0 build 3.10.0-327.59.59.46.h34.x86_64 Applicant: Huawei Technologies Co., Ltd. References: [EXT-3407] Certification request of EulerOS v2.0 [EXT-3780] Evaluation Technical Report of EulerOS v2.0. The product documentation referenced in the above documents. Certification report of EulerOS v2.0 build 3.10.0-327.59.59.46.h34.x86_64, as requested in [EXT-3407] on 07/06/2017, and evaluated by Epoche & Espri S.L.U., as detailed in the Evaluation Technical Report [EXT-3780] received on 28/12/2017. Page 1 of 15 https://oc.ccn.cni.es Email: [email protected] MINISTERIO DE LA PRESIDENCIA Y PARA LAS ADMINISTRACIONES TERRITORIALES TABLE OF CONTENTS EXECUTIVE SUMMARY .................................................................................................................................. 3 TOE SUMMARY .............................................................................................................................................. 4 SECURITY ASSURANCE REQUIREMENTS ................................................................................................ 6 SECURITY FUNCTIONAL REQUIREMENTS .............................................................................................. 7 IDENTIFICATION .............................................................................................................................................
    [Show full text]
  • Security Target (Against BSI PP)
    Huawei EulerOS Version 2.0 Common Criteria Evaluation Security Target (Against BSI PP) Version 0.13 Status Released Last update 2019-04-13 Classification Public HUAWEI TECHNOLOGIES CO., LTD. 1 / 112 Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://e.huawei.com 2 / 112 About This Document Purpose This document provides description about ST (Security Target) against BSI PP. Change History Changes between document issues are cumulative.
    [Show full text]
  • Elastic Cloud Server User Guide Contents
    Elastic Cloud Server User Guide Date 2021-08-09 Elastic Cloud Server User Guide Contents Contents 1 Service Overview..................................................................................................................... 1 1.1 What Is ECS?............................................................................................................................................................................. 1 1.2 Instances..................................................................................................................................................................................... 2 1.2.1 Overview................................................................................................................................................................................. 3 1.2.2 ECS Lifecycle.......................................................................................................................................................................... 3 1.2.3 ECS Types................................................................................................................................................................................ 4 1.3 ECS Specifications and Types...............................................................................................................................................6 1.3.1 ECS Specifications...............................................................................................................................................................
    [Show full text]