DOCSLIB.ORG

A Simple Protocol for Remote Attestation of System Integrity

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Simple Protocol for Remote Attestation of System Integrity 26/10/2018 A Simple Protocol for Remote Attestation of System Integrity Roberto Sassu Cyber Security and Privacy Lab (CSPL) Linux Security Summit Europe 2018 Outline • Problem • Background • Our Proposal • Conclusions 2 Remote Attestation – Problem Remote attestation (RA) definition: integrity evaluation done by a remote verifier to check whether a system can accomplish its tasks as expected Evaluating the integrity of OS (kernel + applications + their state) is very complex • Reference measurements and verification services are not available • It is unclear what information must be supplied to verifiers and how to analyze them RA cannot be easily integrated into existing products because • A dedicated server must be added to the infrastructure • Two separate protocols must be implemented for secure communication and attestation 3 Background Integrity is the expectation that a system/application behaves as defined by the developer Measurement from Core Root of Trust for Measurement (CRTM) up to the application Measurement at OS-level (Linux) is done by Integrity Measurement Architecture (IMA) Evaluation done by comparing actual measurements with reference values 4 Background – Explicit RA PCR: Platform Configuration Register TPM current PCR value IMA measurement list tpm_pcr_extend() Hash 000… 012… PCR Digest Component measurement 10 012… systemd Hash … 345… 10 345… udev 10 678… sshd Hash … 678… … RA agent measurement remote attestation dedicated protocol 5 Verifier Background – Implicit RA PCR: Platform Configuration Register TPM current PCR value IMA measurement list tpm_pcr_extend() Hash 000… 012… PCR Digest Component measurement 10 012… systemd Hash … 345… 10 345… udev key generation 10 678… sshd Hash … 678… with desired PCR value TPM … … from repository or == key TLS extension X.509 extension (only once) [TCG Subject Key cryptolib Attestation Evidence (SKAE)] measurement remote attestation TLS 6 Management System (Verifier) certificate Simple RA Protocol with Implicit RA Implicit RA is more suitable for integration into existing products, as it only requires • Switching from software keys to TPM keys • An additional verification of an X.509 extension (SKAE) Problem: IMA PCR is not predictable • Depends on which and when files are executed • Depends on the content of mutable files Solution: make IMA PCR predictable • IMA Digest lists extension to address unpredictable file access • Enhanced Policy-Reduced Integrity Measurement Architecture (PRIMA) to handle mutable files 7 IMA Digest Lists (NEW) don’t store measurement if file digest is known by IMA measurement list measurement list PCR Digest Digest Flags PCR Digest IMA 10 … /bin/bash immutable IMA 11 digest lists 10 … … 11 … always store measurement (NEW) digest lists (whitelists) (NEW) store measurement preloaded at kernel init if file digest is unknown kernel space kernel space user space user space open open /bin/bash /bin/bash current behavior (PCR #10) current behavior (PCR #10) new behavior (PCR #11) 8 Mutable Files in the IMA Measurement List PCR Digest Component 11 known digest lists systemd sshd ? ? 11 unknown mutable file IMA measurement list mutable files ? ? insecure Verification fails udev app How to deal with mutable files? 9 Alternative Solution for Evaluation of Mutable Files Evaluate the processes writing mutable files, instead of measuring them systemd sshd ? ? If processes are not compromised, they mutable HMAC files must have updated mutable files correctly ? ? insecure udev app Protect mutable files against offline attacks with an HMAC (key not sealed to OS!) 10 Unknown Impact of Process Actions without MAC Without Mandatory Access Control all applications with enough privileges systemd sshd can update mutable files ? ? mutable HMAC files bug ? ? insecure udev app Some applications are more susceptible to attacks during execution and can be used as an entry point 11 True System State Differs from Reported State bug bug An attacker can exploit an insecure pipe/ app and make it produce malicious systemd socket sshd ? ? byte sequences mutable 010101… HMAC files These byte sequences can be bug bug used to exploit bugs in other ? ? insecure udev apps, without being detected app Offline protection (HMAC) does not help to detect such malicious file modifications 12 Protect Mutable Files with Mandatory Access Control MAC can protect the critical part of the system (TCB) by enforcing an integrity MAC policy, such as Biba or Clark-Wilson systemd sshd Mutable files inside the TCB can be written mutable HMAC only by the TCB files bug insecure udev TCB app MAC and integrity policy become part of the evidence to be sent to verifiers [1] [1] Policy-Reduced Integrity Measurement Architecture (PRIMA) Trent Jaeger, Reiner Sailer, and Umesh Shankar 13 Integrity Models – Biba vs Clark-Wilson High integrity Read from filtering interface allowed if Low integrity code can reliably handle malicious data subject subject subject subject object object object object filtering interface subject subject subject Biba model Clark-Wilson model 14 PRIMA Overview and Drawbacks PRIMA finds from the SELinux policy a minimal TCB that satisfies Clark-Wilson requirements Only code and immutable files that belong to the TCB must be measured Drawbacks that limit application in the industry • Unlikely to find a small TCB • A generic policy (e.g. in Fedora) considers all the possible application usage scenarios • ~100,000 allow rules, only ~2.5% of rules are requested by a running system • TCB must be adapted for each specific use case • Offline attacks are not taken into account 15 Our Proposal to Simplify and Complete PRIMA • Reduce TCB size by considering processes interactions discovered on the target system • With a new Linux Security Module (LSM), called Infoflow LSM • Detect malicious updates of mutable files throughout their entire lifetime • PRIMA does not guarantee that TCB protection was enabled before reboot 16 Reduce TCB size Example: information flow analysis for sshd (included in the TCB) sshd_key_t common perms etc_t sshd_t ftpd_t With PRIMA, Kerberos5 would be specific krb5_conf_t added to the TCB (high risk) or would perms read have to be manually excluded write realmd_t (too much effort) Permissions taken from SELinux policy of Fedora 27 17 Reduce TCB size Example: information flow analysis for sshd (included in the TCB) sshd_key_t common perms etc_t sshd_t ftpd_t specific With our proposal, Kerberos5 is krb5_conf_t perms automatically excluded realmd_t (Kerberos5 disabled) write Permissions taken from SELinux policy of Fedora 27 18 Detect Malicious Updates of Mutable Files State of the art • IMA Appraisal/EVM protect the integrity of data/metadata against offline attacks • EVM key is sealed with TPM, but not to OS (IMA PCR unpredictable) • EVM key can be used when TCB protection is disabled Our proposal • Seal EVM key to predictable IMA PCR, extended with digest lists and integrity policy • EVM key can be used only when TCB protection is enabled • If TCB protection is disabled, the unsealed EVM key is erased before integrity violations • A valid HMAC implies that the mutable file was updated by the TCB and code/data was known • With this guarantee, mutable files can be excluded from measurement 19 Exclude Mutable Files from Measurement (NEW) don’t store measurement if HMAC is valid and EVM key is sealed to OS measurement list measurement list PCR Digest PCR Digest IMA 10 … IMA 11 digest lists 10 … 11 integrity policy always store (NEW) store measurement if measurement access denied HMAC is missing or invalid if appraisal is kernel space enabled kernel space user space user space open open audit.log HMAC audit.log HMAC current behavior (PCR #10) current behavior (PCR #10) new behavior (PCR #11) 20 Chained Integrity Verification across Reboots Administrator Insecure: key not generated by TPM, or bound to different policy event log (untrusted) PCR Component Insecure good 11 Digest lists/policy EVM key system 12 Insecure EVM key PCR Component EVM key deleted bad 11 Digest lists/policy unsealing read system EVM key EVM key 12 EVM key write 11 Corrupted file Verifier mutable HMAC vN file vN PCR Component unknown good attack good 11 Digest lists/policy system system read system 12 EVM key write write mutable HMAC v1 mutable HMAC vN file v1 HMAC v1 file vN 1st boot Nth boot 21 Setup phase Deployment phase Implicit RA – Verification Options Certificate 2. verify attestation data Authority 1. send CSR 3. return certificate PCR Component Data 11 Digest Digest lists lists/policy Integrity policy 12 EVM key AIK certificate Option 1: trust CA system cryptolib TPM 4. secure communication Management protocol System (Verifier) TPM key Option 2: verify SKAE with event log and data (from a repository/protocol extension) only once 22 Infoflow LSM Implementation – Setup Phase (NEW) Infoflow LSM (discover) SELinux 1. check 2. record SELinux policy request interaction kernel space read user space sshd_t sshd_key_t discovered Information TCB subjects rules flow analyzer and objects target apps 3. perform information Target system flow analysis administrator 23 Infoflow LSM Implementation – Deployment Phase Digest IMA Lists 5. check if digest is in the digest list Integrity (NEW) Infoflow 4. check Clark-Wilson rules policy LSM (enforce) EVM EVM 3. check metadata key TCB subjects (NEW) Infoflow 2. check if subject and object are in the TCB and objects LSM (select) SELinux SELinux 1. check request policy kernel space read user space sshd_t sshd_key_t 24 Source Code Digest lists source code •
Load more

Recommended publications
  • Image Management Service
    Image Management Service Service Overview Issue 14 Date 2021-08-17 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Issue 14 (2021-08-17) Copyright © Huawei Technologies Co., Ltd. i Image Management Service Service Overview Contents Contents 1 What Is Image Management Service?................................................................................1 2 Product Advantages...............................................................................................................
    [Show full text]
  • Confine: Automated System Call Policy Generation for Container
    Confine: Automated System Call Policy Generation for Container Attack Surface Reduction Seyedhamed Ghavamnia Tapti Palit Azzedine Benameur Stony Brook University Stony Brook University Cloudhawk.io Michalis Polychronakis Stony Brook University Abstract The performance gains of containers, however, come to the Reducing the attack surface of the OS kernel is a promising expense of weaker isolation compared to VMs. Isolation be- defense-in-depth approach for mitigating the fragile isola- tween containers running on the same host is enforced purely in tion guarantees of container environments. In contrast to software by the underlying OS kernel. Therefore, adversaries hypervisor-based systems, malicious containers can exploit who have access to a container on a third-party host can exploit vulnerabilities in the underlying kernel to fully compromise kernel vulnerabilities to escalate their privileges and fully com- the host and all other containers running on it. Previous con- promise the host (and all the other containers running on it). tainer attack surface reduction efforts have relied on dynamic The trusted computing base in container environments analysis and training using realistic workloads to limit the essentially comprises the entire kernel, and thus all its set of system calls exposed to containers. These approaches, entry points become part of the attack surface exposed to however, do not capture exhaustively all the code that can potentially malicious containers. Despite the use of strict potentially be needed by future workloads or rare runtime software isolation mechanisms provided by the OS, such as conditions, and are thus not appropriate as a generic solution. capabilities [1] and namespaces [18], a malicious tenant can Aiming to provide a practical solution for the protection leverage kernel vulnerabilities to bypass them.
    [Show full text]
  • Euleros V2.0SP3 管理员指南
    EulerOS V2.0SP3 管理员指南 文档版本 01 发布日期 2019-08-12 华为技术有限公司 版权所有 © 华为技术有限公司 2019。 保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传 播。 商标声明 和其他华为商标均为华为技术有限公司的商标。 本文档提及的其他所有商标或注册商标,由各自的所有人拥有。 注意 您购买的产品、服务或特性等应受华为公司商业合同和条款的约束,本文档中描述的全部或部分产品、服务或 特性可能不在您的购买或使用范围之内。除非合同另有约定,华为公司对本文档内容不做任何明示或默示的声 明或保证。 由于产品版本升级或其他原因,本文档内容会不定期进行更新。除非另有约定,本文档仅作为使用指导,本文 档中的所有陈述、信息和建议不构成任何明示或暗示的担保。 华为技术有限公司 地址: 深圳市龙岗区坂田华为总部办公楼 邮编:518129 网址: http://www.huawei.com 客户服务邮箱: [email protected] 客户服务电话: 4008302118 文档版本 01 (2019-08-12) 版权所有 © 华为技术有限公司 i EulerOS V2.0SP3 管理员指南 目 录 目 录 1 前言................................................................................................................................................... 1 2 基础配置........................................................................................................................................... 3 2.1 通过命令设置................................................................................................................................................................ 3 2.1.1 设置语言环境............................................................................................................................................................. 3 2.1.2 设置键盘..................................................................................................................................................................... 4 2.1.3 设置日期和时间......................................................................................................................................................... 5 2.1.3.1 使用
    [Show full text]
  • Certification Report
    Reference: 2018-2-INF-2787-v1 Created by: CERT10 Target: Público Revised by: CALIDAD Date: 28.05.2019 Approved by: TECNICO CERTIFICATION REPORT Dossier # 2018-2 TOE Huawei EulerOS v2.0 Applicant 440301192203821 - Huawei Technologies Co., Ltd. References [EXT-3741] 2018-02 Solicitud de Certificación Certification report of the product Huawei EulerOS v2.0, as requested in [EXT-3741] dated 15/01/2018, and evaluated by Epoche & Espri S.L.U., as detailed in the Evaluation Technical Report [EXT-3741] received on 16/05/2019. https://oc.ccn.cni.es 1/13 [email protected] CONTENTS EXECUTIVE SUMMARY ........................................................................................................................... 3 TOE SUMMARY ................................................................................................................................... 4 SECURITY ASSURANCE REQUIREMENTS ............................................................................................ 5 SECURITY FUNCTIONAL REQUIREMENTS ........................................................................................... 5 IDENTIFICATION ..................................................................................................................................... 7 SECURITY POLICIES ................................................................................................................................. 7 ASSUMPTIONS AND OPERATIONAL ENVIRONMENT ......................................................................... 7 CLARIFICATIONS
    [Show full text]
  • Miria 2020 R1
    Compatibility Guide Miria 2020 R1 Atempo Paris Headquarters |23 Avenue Carnot, 91300 MASSY|Tél: +33 164 868 300 |[email protected] N°1 EUROPEAN SOFTWARE VENDOR FOR DATA PROTECTION ATEMPO.COM Details of this document Title Miria 2020 R1 Type Compatibility Guide Date 30/11/2020 Author Louis-Frederic Laszlo Classification Public Status Released Versions 01/08/2019 Release Miria 3.9 SP2 11/02/2020 Release Miria 3.10 30/06/2020 Release Miria 3.10 SP1 30/11/2020 Release Miria 2020 R1 Atempo Paris Headquarters |23 Avenue Carnot, 91300 MASSY|Tél: +33 164 868 300 |[email protected] N°1 EUROPEAN SOFTWARE VENDOR FOR DATA PROTECTION ATEMPO.COM Compatibility Guide Author : Louis-Frederic Laszlo Miria 2020 R1 Diffusion : Public Date : 30/11/2020 Table of contents 01. General Information ........................................................................................................................... 4 02. Important Notices ............................................................................................................................... 4 03. Atempo-Miria – Server ....................................................................................................................... 5 04. Atempo-Miria – Agent ........................................................................................................................ 5 05. Atempo-Miria – Administration Console ......................................................................................... 7 06. Atempo-Miria – Native User Interface .............................................................................................
    [Show full text]
  • Euleros V2.0SP5 安装指南
    EulerOS V2.0SP5 安装指南 文档版本 01 发布日期 2019-08-12 华为技术有限公司 版权所有 © 华为技术有限公司 2019。 保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传 播。 商标声明 和其他华为商标均为华为技术有限公司的商标。 本文档提及的其他所有商标或注册商标,由各自的所有人拥有。 注意 您购买的产品、服务或特性等应受华为公司商业合同和条款的约束,本文档中描述的全部或部分产品、服务或 特性可能不在您的购买或使用范围之内。除非合同另有约定,华为公司对本文档内容不做任何明示或默示的声 明或保证。 由于产品版本升级或其他原因,本文档内容会不定期进行更新。除非另有约定,本文档仅作为使用指导,本文 档中的所有陈述、信息和建议不构成任何明示或暗示的担保。 华为技术有限公司 地址: 深圳市龙岗区坂田华为总部办公楼 邮编:518129 网址: http://www.huawei.com 客户服务邮箱: [email protected] 客户服务电话: 4008302118 文档版本 01 (2019-08-12) 版权所有 © 华为技术有限公司 i EulerOS V2.0SP5 安装指南 目 录 目 录 1 前言................................................................................................................................................... 1 2 约束限制........................................................................................................................................... 3 3 获取发布包....................................................................................................................................... 4 4 安装指导........................................................................................................................................... 6 4.1 启动安装........................................................................................................................................................................ 6 4.2 设置安装程序语言........................................................................................................................................................ 7 4.3 进入安装界面...............................................................................................................................................................
    [Show full text]
  • Huawei Hilens
    Huawei HiLens FAQs Issue 01 Date 2020-03-27 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2021. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: https://www.huawei.com Email: [email protected] Issue 01 (2020-03-27) Copyright © Huawei Technologies Co., Ltd. i Huawei HiLens FAQs Contents Contents
    [Show full text]
  • Image Service
    Questions AWS Azure Google Cloud Platform IBM Cloud OTC Windows: Windows: - Windows Server 2008, 2012, 2016, 2019 - Windows Server 2008, 2012, 2016, 2019 Windows: - Windows Server 2016 Build 1709, 1803, 1809 Windows: - Windows Server 2008 R2 SP1, 2008 SP2, 2012 R2, 2016 , 2019 Windows: - Windows Server 2008, 2012, 2016 Build 1809, 2019 - Windows Server 2016 Build 1709, 1803, 1809 Linux: - Windows Server 2012 , 2016 Linux: - Windows 10 - CentOS 6.x , 7.x - openSUSE 15.x, 42.x Linux: - Container-optimised OS dev, beta, stable, 69-lts Linux: - CentOS 6.x, 7.x - Amazone Linux 2, 2018.03 Linux: - CoreOS alpha, beta, stable - CentOS- Minimal 6.X, 7.x - Debian 8.x, 9.x - CentOS 6.x , 7.x - CentOS-based 6.9 , 7.4 - Debian 9.x - CentOS-LAMP 6.X, 7.X - Fedora 26, 27, 28, 29 - Debian 8.x 9.x - ClearLinux - Ubuntu 14.04.x, 16.04.x, 17.04.x, 18.04.x - Debian Minimal Stable 8.X, 9.x - EulerOS 2.x - Fedora 26, 27, 28, 29 - Container Linux - SLES 12, 15 - Debian LAMP Stable 8.X - Ubuntu 14.04.x, 16.04.x, 18.04.x - Ubuntu 14.04.x , 16.04.x , 18.04.x - Debian 8, 9 - SLES for SAP 12-sp2-sap, 12-sp3-sap - Red Hat Minimal 6.x, 7.x - SUSE Enterprise Linux 11, 12, 15 - SUSE Enterprise Linux 12, 15 - Red Hat Enterprise Linux 7.x - Oracle Linux 6.8, 7.x , - Red Hat LAMP 6.x, 7.x - SUSE SAP 12 Which operating systems are offered by the - Oracle Linux 6.8, 7.x , - SLES 11SP4 , 12SP3 - RedHat Enterprise Linux 6, 7 - Ubuntu Minimal 14.04, 16.04, 18.04 - Oracle Linux 6.8 , 7.2 provider with which versions? - Red Enterprise Linux 6.8, 7.3 - Ubuntu 14.04, 16.04, 18.04
    [Show full text]
  • Common Operations
    Kunpeng Porting Advisor 2.3.T10 Common Operations Date 2021-06-30 Kunpeng Porting Advisor Common Operations Contents Contents 1 Configuring the Installation Environment........................................................................ 1 1.1 Configuring the OS Yum, APT, or Zypper Source......................................................................................................... 1 1.2 Upgrading Dependency Components of an Earlier OS..............................................................................................4 2 Importing the Root Certificate for Kunpeng Porting Advisor...................................... 8 3 Disabling SELinux.................................................................................................................. 14 4 Common Container Operations......................................................................................... 15 5 Changing the IP Address and Port Number of the Kunpeng Porting Advisor........17 6 Starting, Stopping, or Restarting Services...................................................................... 19 7 Exception Scenarios and Common Syntax Errors in Inline Assembly....................... 20 7.1 Exception Scenarios..............................................................................................................................................................20 7.2 Common Syntax Errors......................................................................................................................................................
    [Show full text]
  • Certification Report
    MINISTERIO DE LA PRESIDENCIA Y PARA LAS ADMINISTRACIONES TERRITORIALES REF: 2017-22-INF-2257v1 Created by: CERT10 Target: Público Revised by: CALIDAD Date: 08.03.2018 Approved by: TECNICO CERTIFICATION REPORT File: 2017-22 EulerOS v2.0 build 3.10.0-327.59.59.46.h34.x86_64 Applicant: Huawei Technologies Co., Ltd. References: [EXT-3407] Certification request of EulerOS v2.0 [EXT-3780] Evaluation Technical Report of EulerOS v2.0. The product documentation referenced in the above documents. Certification report of EulerOS v2.0 build 3.10.0-327.59.59.46.h34.x86_64, as requested in [EXT-3407] on 07/06/2017, and evaluated by Epoche & Espri S.L.U., as detailed in the Evaluation Technical Report [EXT-3780] received on 28/12/2017. Page 1 of 15 https://oc.ccn.cni.es Email: [email protected] MINISTERIO DE LA PRESIDENCIA Y PARA LAS ADMINISTRACIONES TERRITORIALES TABLE OF CONTENTS EXECUTIVE SUMMARY .................................................................................................................................. 3 TOE SUMMARY .............................................................................................................................................. 4 SECURITY ASSURANCE REQUIREMENTS ................................................................................................ 6 SECURITY FUNCTIONAL REQUIREMENTS .............................................................................................. 7 IDENTIFICATION .............................................................................................................................................
    [Show full text]
  • Security Target (Against BSI PP)
    Huawei EulerOS Version 2.0 Common Criteria Evaluation Security Target (Against BSI PP) Version 0.13 Status Released Last update 2019-04-13 Classification Public HUAWEI TECHNOLOGIES CO., LTD. 1 / 112 Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://e.huawei.com 2 / 112 About This Document Purpose This document provides description about ST (Security Target) against BSI PP. Change History Changes between document issues are cumulative.
    [Show full text]
  • Network Cloud Engine Security Target
    CC HUAWEI iMaster NCE V100R019C10 - Security Target Issue 1.9 Date 2020-9-04 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: https://www.huawei.com Email: [email protected] Issue 1.0 (2020-7-22) 版权所有 © 华为技术有限公司 i CC HUAWEI iMaster NCE
    [Show full text]