UNCLASSIFIED COMMERCIAL IN CONFIDENCE BAE Systems Integrated System Technologies Limited i XTS-400 UK EAL5 Security Target - XTS-400 Version 6.4(UKE) XTS-400 UK EAL5 Security Target - XTS-400 Version 6.4(UKE) November 2007 – Version 02 SAP Document No: A2N 45009531 EPF Reference: 2.1.4 © BAE SYSTEMS plc 2007. The information in this document is the property of BAES IT and may not be used for any purpose other than the evaluation of the XTS400 Product. Attribution of third-party information, trademarks and definitions is provided on the following page. Use, duplication or disclosure of data contained on this sheet is subject to the restrictions on the title page of this document. BAE Systems Integrated System Technologies Limited COMMERCIAL IN CONFIDENCE UNCLASSIFIED UNCLASSIFIED COMMERCIAL IN CONFIDENCE BAE Systems Integrated System Technologies Limited ii XTS-400 UK EAL5 Security Target - XTS-400 Version 6.4(UKE) © 2007 BAE Systems Information Technology, LLC. All rights reserved. “Linux” is a registered trademark of Linus Torvalds. “Red Hat” and “RPM” (Red Hat Package Manager) are registered trademarks of Red Hat Software, Inc. in the United States and other countries. “STOP”, “SAGE”, “XTS-300” and “XTS-400” are trademarks of BAE Systems Information Technology, LLC. “Intel” and “Pentium” are registered trademarks of the Intel corp. “Xeon” is a trademark of the Intel Corp. "Netscape” is a registered trademark of Netscape Communications Corporation in the U.S. and other countries. “UNIX” is a registered trademark of The Open Group. “Apache” is a trademark of the Apache Software Foundation. All other product names mentioned herein are trademarks of their respective owners. The TCP/IP software contained in this release is derived from material which is copyright Regents of the University of California. The following paragraph applies to that software in its original form as provided by U.C.: “1. Redistribution of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistribution in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: ‘This product includes software developed by the University of California, Berkeley and its contributors.’ 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.” Various STOP application programs may use or link to one or more libraries, including uClibc, which are licensed under Version 2.1 of the GNU Lesser General Public License Use, duplication or disclosure of data contained on this sheet is subject to the restrictions on the title page of this document. BAE Systems Integrated System Technologies Limited COMMERCIAL IN CONFIDENCE UNCLASSIFIED UNCLASSIFIED COMMERCIAL IN CONFIDENCE BAE Systems Integrated System Technologies Limited iii XTS-400 UK EAL5 Security Target - XTS-400 Version 6.4(UKE) ("LGPL") available at http://www.gnu.org/copyleft/lesser.html. In accordance with the LGPL, the source code for all linked libraries is provided free of charge on the Applications CD. BAE Systems Information Technology, LLC claims no interest or ownership, including copyrights, in any of the linked libraries licensed under the LGPL. Use, duplication or disclosure of data contained on this sheet is subject to the restrictions on the title page of this document. BAE Systems Integrated System Technologies Limited COMMERCIAL IN CONFIDENCE UNCLASSIFIED UNCLASSIFIED COMMERCIAL IN CONFIDENCE BAE Systems Integrated System Technologies Limited iv XTS-400 UK EAL5 Security Target - XTS-400 Version 6.4(UKE) List of Contents List of Contents ...................................................................................................................... iv List of Tables.......................................................................................................................... vi Document Distribution...........................................................................................................vii Document History................................................................................................................... ix List of Abbreviations............................................................................................................... xi Section 1 Introduction ..................................................................... 1 1.1 Security Target Identification ............................................................1 1.2 Security Target Overview..................................................................1 1.2.1 XTS-400 Background and History..........................................................2 1.3 CC Conformance Claim....................................................................3 1.4 Conventions......................................................................................3 1.5 Terminology ......................................................................................4 Section 2 TOE Description .............................................................. 9 2.1 Product Description ..........................................................................9 2.1.1 Software Overview .................................................................................9 2.1.2 Hardware Overview..............................................................................10 2.1.3 Minimal Evaluated Configuration .........................................................10 2.1.4 TOE Definition......................................................................................13 2.2 General TOE Functionality..............................................................14 2.2.1 Security Features .................................................................................14 2.2.2 Other Characteristics of the TOE.........................................................14 Section 3 TOE Security Environment........................................... 17 3.1 Secure Usage Assumptions............................................................17 3.2 Security Threats..............................................................................18 3.3 Organisational Security Policies .....................................................23 Section 4 Security Objectives....................................................... 25 4.1 Security Objectives for the TOE......................................................25 4.2 Security Objectives for the Environment.........................................26 Section 5 IT Security Requirements............................................. 29 5.1 TOE Security Functional Requirements..........................................31 5.1.1 5.1.1 Security audit (FAU)....................................................................31 5.1.2 User data protection (FDP) ..................................................................34 5.1.3 Identification and authentication (FIA) .................................................44 5.1.4 Security management (FMT) ...............................................................48 5.1.5 Protection of the TOE Security Functions (FPT)..................................56 5.1.6 TOE Access (FTA) ...............................................................................57 5.1.7 Trusted path/channels (FTP) ...............................................................59 5.2 End Notes.......................................................................................59 Use, duplication or disclosure of data contained on this sheet is subject to the restrictions on the title page of this document. BAE Systems Integrated System Technologies Limited COMMERCIAL IN CONFIDENCE UNCLASSIFIED UNCLASSIFIED COMMERCIAL IN CONFIDENCE BAE Systems Integrated System Technologies Limited v XTS-400 UK EAL5 Security Target - XTS-400 Version 6.4(UKE) 5.3 TOE Security Assurance Requirements..........................................66 5.4 Strength of TOE Security Functional Requirements........................67 5.5 Security Requirements for the IT Environment ...............................67 Section 6 TOE Summary Specification.........................................69 6.1 Measures Used to Meet IT Security Functions ...............................69 6.1.1 Audit Generation – AUDGEN...............................................................76 6.1.2 Audit Review – AUDREV .....................................................................77 6.1.3 Discretionary Access Control – DACENF ............................................77 6.1.4 Mandatory Access Control – MACENF................................................78 6.1.5 Mandatory Integrity Control – MICENF................................................78 6.1.6 Residual Information Protection – RIPENF..........................................79 6.1.7 Identification and Authentication – IDNAUT.........................................79 6.1.8 Security Management – SECMGT.......................................................80 6.1.9 Security Function Protection – SECFPR .............................................81 6.1.10 Trusted Path – TRUPTH ......................................................................86 6.2 Assurance Measures ......................................................................86