DOCSLIB.ORG

Apple Mac OS X 10.6 Security Target

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Apple Mac OS X 10.6 Security Target Apple Mac OS X 10.6 Security Target Version: 1.0 Last Update: December 16, 2009 Apple Mac OS X 10.6 Security Target atsec is a trademark of atsec information security GmbH Apple and the Apple logo are trademarks or registered trademarks of Apple Corporation in the United States, other countries, or both. Intel, Xeon, and Pentium are trademarks of Intel Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. This document is provided AS IS with no express or implied warranties. Use the information in this document at your own risk. This document may be reproduced or distributed in any form without prior permission provided the copyright notice is retained on all copies. Modified versions of this document may be freely distributed provided that they are clearly identified as such, and this copyright is included intact. Copyright © 2008 by atsec information security corporation, and Apple or its wholly owned subsidiaries. Page 2 of 47 - atsec public - © Apple, atsec 2009 2009-12-16 Apple Mac OS X 10.6 Security Target Table of Content 1 ST Introduction ..................................................................................................................................................... 9 1.1 ST Structure .................................................................................................................................................. 9 1.2 Terminology.................................................................................................................................................. 9 1.3 ST Reference and TOE Reference ................................................................................................................ 9 1.4 TOE Overview ............................................................................................................................................ 10 1.4.1 TOE Type............................................................................................................................................ 10 1.4.2 Intended Method of Use...................................................................................................................... 10 1.4.3 Major Security Features ...................................................................................................................... 10 1.5 TOE Description ......................................................................................................................................... 10 1.5.1 Mac OS X TOE Definition ................................................................................................................. 10 1.5.2 Mac OS X Structure............................................................................................................................ 11 1.5.3 Darwin................................................................................................................................................. 12 1.5.4 Definition of the TOE Boundaries ...................................................................................................... 12 1.5.4.1 Logical boundary ........................................................................................................................ 12 1.5.4.1.1 Functional Description..........................................................................................................12 1.5.4.1.2 TOE Software ....................................................................................................................... 13 1.5.4.2 Physical boundary ....................................................................................................................... 13 1.5.4.3 Configurations............................................................................................................................. 13 1.5.4.4 TOE Environment ....................................................................................................................... 14 2 Conformance Claims........................................................................................................................................... 15 2.1 Common Criteria......................................................................................................................................... 15 2.2 Packages...................................................................................................................................................... 15 2.3 Protection Profiles....................................................................................................................................... 15 2.4 CAPP: Demonstration of Conformance...................................................................................................... 15 2.4.1 Changes to the SPD............................................................................................................................. 15 2.4.2 Changes to the Objectives................................................................................................................... 15 2.4.3 Changes to the SFRs ........................................................................................................................... 15 2.4.4 Changes to the SARs........................................................................................................................... 16 3 Security Problem Definition ............................................................................................................................... 17 3.1 Introduction................................................................................................................................................. 17 3.2 Threats......................................................................................................................................................... 17 3.2.1 Threats countered by the TOE ............................................................................................................ 17 3.3 Organizational Security Policies ................................................................................................................. 17 3.4 Assumptions................................................................................................................................................ 18 3.4.1 Physical Aspects.................................................................................................................................. 18 3.4.2 Personnel Aspects ............................................................................................................................... 18 3.4.3 Connectivity Aspects .......................................................................................................................... 18 4 Security Objectives ............................................................................................................................................. 19 4.1 Security Objectives for the TOE................................................................................................................. 19 - atsec public - Page 3 of 47 2009-12-16 © Apple, atsec 2009 Apple Mac OS X 10.6 Security Target 4.2 Security Objectives for the TOE Environment........................................................................................... 19 4.3 Security Objective Rationale ...................................................................................................................... 20 4.3.1 Security Objectives Coverage............................................................................................................. 20 4.3.2 Security Objectives Sufficiency.......................................................................................................... 20 5 Extended Components Definition....................................................................................................................... 22 6 Security Requirements........................................................................................................................................ 23 6.1 TOE Security Functional Requirements ..................................................................................................... 23 6.1.1 Security Audit (FAU) ......................................................................................................................... 23 6.1.1.1 Audit Data Generation (FAU_GEN.1) ....................................................................................... 23 6.1.1.2 User Identity Association (FAU_GEN.2)................................................................................... 25 6.1.1.3 Audit Review (FAU_SAR.1)...................................................................................................... 25 6.1.1.4 Restricted Audit Review (FAU_SAR.2)..................................................................................... 25 6.1.1.5 Selectable Audit Review (FAU_SAR.3) .................................................................................... 25 6.1.1.6 Selective Audit (FAU_SEL.1).................................................................................................... 25 6.1.1.7 Guarantees of Audit Data Availability (FAU_STG.1) ............................................................... 26 6.1.1.8 Action in Case of Possible Audit Data Loss (FAU_STG.3)....................................................... 26 6.1.1.9 Prevention of Audit Data Loss
Load more

Recommended publications
  • Draft SP 800-125A Rev. 1, Security Recommendations for Server
    The attached DRAFT document (provided here for historical purposes), released on April 11, 2018, has been superseded by the following publication: Publication Number: NIST Special Publication (SP) 800-125A Rev. 1 Title: Security Recommendations for Server-based Hypervisor Platforms Publication Date: June 2018 • Final Publication: https://doi.org/10.6028/NIST.SP.800-125Ar1 (which links to https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-125Ar1.pdf). • Related Information on CSRC: Final: https://csrc.nist.gov/publications/detail/sp/800-125a/rev-1/final 1 Draft NIST Special Publication 800-125A 2 Revision 1 3 4 Security Recommendations for 5 Hypervisor Deployment on 6 ServersServer-based Hypervisor 7 Platforms 8 9 10 11 12 Ramaswamy Chandramouli 13 14 15 16 17 18 19 20 21 22 23 C O M P U T E R S E C U R I T Y 24 25 Draft NIST Special Publication 800-125A 26 Revision 1 27 28 29 30 Security Recommendations for 31 Server-based Hypervisor Platforms 32 33 Hypervisor Deployment on Servers 34 35 36 37 Ramaswamy Chandramouli 38 Computer Security Division 39 Information Technology Laboratory 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 April 2018 56 57 58 59 60 61 U.S. Department of Commerce 62 Wilbur L. Ross, Jr., Secretary 63 64 National Institute of Standards and Technology 65 Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology 66 67 Authority 68 69 This publication has been developed by NIST in accordance with its statutory responsibilities under the 70 Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C.
    [Show full text]
  • Version 7.8-Systemd
    Linux From Scratch Version 7.8-systemd Created by Gerard Beekmans Edited by Douglas R. Reno Linux From Scratch: Version 7.8-systemd by Created by Gerard Beekmans and Edited by Douglas R. Reno Copyright © 1999-2015 Gerard Beekmans Copyright © 1999-2015, Gerard Beekmans All rights reserved. This book is licensed under a Creative Commons License. Computer instructions may be extracted from the book under the MIT License. Linux® is a registered trademark of Linus Torvalds. Linux From Scratch - Version 7.8-systemd Table of Contents Preface .......................................................................................................................................................................... vii i. Foreword ............................................................................................................................................................. vii ii. Audience ............................................................................................................................................................ vii iii. LFS Target Architectures ................................................................................................................................ viii iv. LFS and Standards ............................................................................................................................................ ix v. Rationale for Packages in the Book .................................................................................................................... x vi. Prerequisites
    [Show full text]
  • Chapter 1. Origins of Mac OS X
    1 Chapter 1. Origins of Mac OS X "Most ideas come from previous ideas." Alan Curtis Kay The Mac OS X operating system represents a rather successful coming together of paradigms, ideologies, and technologies that have often resisted each other in the past. A good example is the cordial relationship that exists between the command-line and graphical interfaces in Mac OS X. The system is a result of the trials and tribulations of Apple and NeXT, as well as their user and developer communities. Mac OS X exemplifies how a capable system can result from the direct or indirect efforts of corporations, academic and research communities, the Open Source and Free Software movements, and, of course, individuals. Apple has been around since 1976, and many accounts of its history have been told. If the story of Apple as a company is fascinating, so is the technical history of Apple's operating systems. In this chapter,[1] we will trace the history of Mac OS X, discussing several technologies whose confluence eventually led to the modern-day Apple operating system. [1] This book's accompanying web site (www.osxbook.com) provides a more detailed technical history of all of Apple's operating systems. 1 2 2 1 1.1. Apple's Quest for the[2] Operating System [2] Whereas the word "the" is used here to designate prominence and desirability, it is an interesting coincidence that "THE" was the name of a multiprogramming system described by Edsger W. Dijkstra in a 1968 paper. It was March 1988. The Macintosh had been around for four years.
    [Show full text]
  • Oracle Solaris Security for Developers Guide • September 2010 Contents
    Oracle® Solaris Security for Developers Guide Part No: 816–4863–16 September 2010 Copyright © 2004, 2010, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related software documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are “commercial computer software” or “commercial technical data” pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms setforth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
    [Show full text]
  • Designing and Implementing the OP and OP2 Web Browsers
    Designing and Implementing the OP and OP2 Web Browsers CHRIS GRIER, SHUO TANG and SAMUEL T. KING, University of Illinois at Urbana-Champaign Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks. Browser security efforts that retrofit existing browsers have had lim- ited success because the design of modern browsers is fundamentally flawed. To enable more secure web browsing, we design and implement a new browser, called the OP web browser, that attempts to improve the state-of-the-art in browser security. We combine operating system design principles with formal methods to design a more secure web browser by drawing on the expertise of both communities. Our design philosophy is to partition the browser into smaller subsystems and make all communication between subsystems sim- ple and explicit. At the core of our design is a small browser kernel that manages the browser subsystems and interposes on all communications between them to enforce our new browser security features. To show the utility of our browser architecture, we design and implement three novel security features. First, we develop flexible security policies that allow us to include browser plugins within our security framework. Second, we use formal methods to prove useful security properties including user interface invariants and browser security policy. Third, we design and implement a browser-level information-flow tracking system to enable post-mortem analysis of browser-based attacks. In addition to presenting the OP browser architecture, we discuss the design and implementation of a second version of OP, OP2, that includes features from other secure web browser designs to improve on the overall security and performance of OP.
    [Show full text]
  • Isolation, Resource Management, and Sharing in Java
    Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java Godmar Back, Wilson C. Hsieh, Jay Lepreau School of Computing University of Utah Abstract many environments for executing untrusted code: for example, applets, servlets, active packets [41], database Single-language runtime systems, in the form of Java queries [15], and kernel extensions [6]. Current systems virtual machines, are widely deployed platforms for ex- (such as Java) provide memory protection through the ecuting untrusted mobile code. These runtimes pro- enforcement of type safety and secure system services vide some of the features that operating systems pro- through a number of mechanisms, including namespace vide: inter-application memory protection and basic sys- and access control. Unfortunately, malicious or buggy tem services. They do not, however, provide the ability applications can deny service to other applications. For to isolate applications from each other, or limit their re- example, a Java applet can generate excessive amounts source consumption. This paper describes KaffeOS, a of garbage and cause a Web browser to spend all of its Java runtime system that provides these features. The time collecting it. KaffeOS architecture takes many lessons from operating To support the execution of untrusted code, type-safe system design, such as the use of a user/kernel bound- language runtimes need to provide a mechanism to iso- ary, and employs garbage collection techniques, such as late and manage the resources of applications, analogous write barriers. to that provided by operating systems. Although other re- The KaffeOS architecture supports the OS abstraction source management abstractions exist [4], the classic OS of a process in a Java virtual machine.
    [Show full text]
  • Troubleshooting Rosetta Stone Log-In Issues on Mobile
    Portal > Knowledgebase > Teaching Learning and Research > Rosetta Stone > Troubleshooting Rosetta Stone Log-in Issues on Mobile Troubleshooting Rosetta Stone Log-in Issues on Mobile Kyle A. Oliveira - 2019-05-31 - 0 Comments - in Rosetta Stone A recent update to the Rosetta Stone apps on both iOS and Android may cause authentication issues. Please refer to the information below for resolving these issues. iOS To prevent any further issues regarding logging into the app on iOS, you must avoid opening the app unless you've authenticated through Brown's log in portal. Opening the app outside of logging in through Brown, will most likely result in the inability to log in and use the app. If you are having issues logging into it: Solution 1 1. Open your device's web browser, visit rosettastone.brown.edu, and log in 2. Click the “Launch Rosetta Stone Language Lessons” link to launch the app 3. You will experience the same problem as in the past - you will just see a "splash" screen instead of being logged in. On this screen, click Enterprise And Education Learners. 4. On the login screen that appears, type three random values (just a single letter will work) into the Username, Password, and Namespace fields. 5. You will see an error message. Click Try again and proceed with the next step. 6. Return to your web browser and again, visit rosettastone.brown.edu. 7. Click the “Launch Rosetta Stone Language Lessons” link to launch the app again. 8. Wait for the login to proceed - it should work. If you still see the error message, click the Try Again option.
    [Show full text]
  • Pooch Manual In
    What’s New As of August 21, 2011, Pooch is updated to version 1.8.3 for use with OS X 10.7 “Lion”: Pooch users can renew their subscriptions today! Please see http://daugerresearch.com/pooch for more! On November 17, 2009, Pooch was updated to version 1.8: • Linux: Pooch can now cluster nodes running 64-bit Linux, combined with Mac • 64-bit: Major internal revisions for 64-bit, particularly updated data types and structures, for Mac OS X 10.6 "Snow Leopard" and 64-bit Linux • Sockets: Major revisions to internal networking to adapt to BSD Sockets, as recommended by Apple moving forward and required for Linux • POSIX Paths: Major revisions to internal file specification format in favor of POSIX paths, recommended by Apple moving forward and required for Linux • mDNS: Adapted usage of Bonjour service discovery to use Apple's Open Source mDNS library • Pooch Binary directory: Added Pooch binary directory support, making possible launching jobs using a remotely-compiled executable • Minor updates and fixes needed for Mac OS X 10.6 "Snow Leopard" Current Pooch users can renew their subscriptions today! Please see http://daugerresearch.com/pooch for more! On April 16, 2008, Pooch was updated to version 1.7.6: • Mac OS X 10.5 “Leopard” spurs updates in a variety of Pooch technologies: • Network Scan window • Preferences window • Keychain access • Launching via, detection of, and commands to the Terminal • Behind the Login window behavior • Other user interface and infrastructure adjustments • Open MPI support: • Complete MPI support using libraries
    [Show full text]
  • Rosetta Stone Software Use Opportunity User Expectations and Guidelines
    Rosetta Stone Software Use Opportunity User Expectations and Guidelines Introduction CYFD-BHS and the Southwest Regional Training Center at NMSU are providing the opportunity to current approved CYFD staff to access Spanish language lessons. We have selected Rosetta Stone for this online language learning opportunity. Rosetta Stone’s interactive and award-winning software creates an intuitive and engaging environment for thinking and communicating in a new language. Through Rosetta Stone’s software, users will have access to: Language Training: Reading, writing, speaking and listening skills are introduced in core lessons, then key skills, such as grammar and vocabulary, are refined in focused activities. Speech recognition technology evaluates the pronunciation of each word and sentence, providing immediate feedback. Games & Activities: Interactive games sharpen language skills and stories provide students opportunities to read long passages aloud. Games & Activities reinforces language learned in Language Training and builds students' confidence. Rosetta Stone Language Training for Apple and Android: Students will be able to continue their language training via our mobile app. Progress made in this application syncs with progress in the program, and vice versa. Note: The Rosetta Stone Language Training mobile app is available for select languages. Additional information can be found at www.rosettastone.com. User Guidelines 1. Rosetta Stone software licenses are available to current Children, Youth and Family Department Community Behavioral Health Clinicians (CBHCs) and others approved by a CYFD-Behavioral Health Services Deputy Director. 2. Rosetta Stone software is not intended to train clinicians to provide services in a second language. 3. Individuals who are interested in utilizing the Rosetta Stone software must complete the User Access Request Form at https://bhs.nmsu.edu/rosetta-stone .
    [Show full text]
  • Cali: Compiler-Assisted Library Isolation
    Cali: Compiler-Assisted Library Isolation Markus Bauer Christian Rossow CISPA Helmholtz Center for Information Security CISPA Helmholtz Center for Information Security Saarbrücken, Saarland, Germany Saarbrücken, Saarland, Germany [email protected] [email protected] ABSTRACT the full program’s privileges and address space. This lack of privi- Software libraries can freely access the program’s entire address lege separation and memory isolation has led to numerous critical space, and also inherit its system-level privileges. This lack of sepa- security incidents. ration regularly leads to security-critical incidents once libraries We can significantly reduce this threat surface by isolating the contain vulnerabilities or turn rogue. We present Cali, a compiler- library from the main program. In most cases, a library (i) neither assisted library isolation system that fully automatically shields a requires access to the entire program’s address space, (ii) nor needs program from a given library. Cali is fully compatible with main- the full program’s privileges to function properly. In fact, even line Linux and does not require supervisor privileges to execute. We complex libraries such as parsers require only limited interaction compartmentalize libraries into their own process with well-defined with the program and/or system. Conceptually, there is thus little security policies. To preserve the functionality of the interactions need to grant an untrusted library access to the program or to between program and library, Cali uses a Program Dependence critical system privileges. Basic compartmentalization principles Graph to track data flow between the program and the library dur- thus help to secure a program from misuse by untrusted code.
    [Show full text]
  • 1 First and Foremost, Make Sure Your Computer Meets the Minimum
    Congratulations! You’ve taken the first to start learning your new language. Here are some instructions on downloading your Rosetta Stone Software. First and foremost, make sure your computer meets the minimum system requirements. If it does, then you're off to a good start. MINIMUM SYSTEM REQUIREMENTS- CD-ROM Operating System (one of the following): • Windows 7, 8 or higher • Mac (Intel based only): Lion, Mountain Lion, Yosemite (OS X 10.7 or higher) Computer Hardware (all of the following): • On Windows: 2.33GHz or faster x86-compatible processor or Intel® Atom™ 1.6GHz or faster processor for netbooks • On Mac: Intel Core™ Duo 1.33GHz or faster processor • 1 GB of RAM or higher • 3 GB free hard-drive space (per level) • 1024 x 768 display resolution • Broadband Internet connection • Available port for headset with microphone (not included) To access online services: • Must have standard Broadband Internet connection (slow internet connections will not suffice) Next, follow these steps to install your software using the CD-ROM drive on your computer. If you do not have a CD-ROM drive, skip to page 4 for instructions on how to download your software from the Rosetta Stone website! Plug in the provided Rosetta Stone headset. Insert the disc labeled “Application” and wait for the installation window to appear. Follow the instructions in the window and wait for the installation to complete. 1 Click “Finish”, and the Rosetta Stone Program will open on Windows computers. On Mac, double click the Rosetta Stone icon to open it. The program will check for updates each time it is opened.
    [Show full text]
  • Open Directory Administration for Version 10.5 Leopard Second Edition
    Mac OS X Server Open Directory Administration For Version 10.5 Leopard Second Edition Apple Inc. © 2008 Apple Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Every effort has been made to make sure that the information in this manual is correct. Apple Inc., is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino CA 95014-2084 www.apple.com The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, iCal, iChat, Leopard, Mac, Macintosh, QuickTime, Xgrid, and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries. Finder is a trademark of Apple Inc. Adobe and PostScript are trademarks of Adobe Systems Incorporated. UNIX is a registered trademark of The Open Group. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products.
    [Show full text]