US Government Protection Profile for Separation Kernels In

US Government Protection Profile for Separation Kernels In

U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness Version 1.03 Information Assurance Directorate 29 June 2007 U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness Version 1.03 – 29 June 2007 This page intentionally left blank. 1 U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness Version 1.03 – 29 June 2007 Foreword 1 This publication, “U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness”, is issued by the Information Assurance Directorate as part of its program to promulgate security standards for information systems. This protection profile is based on the “Common Criteria for Information Technology Security Evaluations, Version 2.3.” [1] 2 Comments on this document should be directed to: [email protected]. The comments should include the title of the document, the page, the section number, and paragraph number, detailed comment and recommendations. 2 U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness Version 1.03 – 29 June 2007 Table of Contents 1. Introduction.......................................................................................................................... 10 1.1 Identification............................................................................................................................10 1.2 Overview...................................................................................................................................10 1.3 Mutual Recognition of Common Criteria Certificates.........................................................11 1.4 Conventions..............................................................................................................................11 1.5 Glossary of Terms....................................................................................................................15 1.6 Document Organization..........................................................................................................23 2. Target of Evaluation (TOE) Description ............................................................................ 25 2.1 Product Type............................................................................................................................25 2.2 General TOE Functionality ....................................................................................................27 2.3 TOE Concepts..........................................................................................................................28 2.3.1 Principle of Least Privilege..................................................................................................................30 2.3.2 Partitions and the Partitioned Information Flow Policy (PIFP) ...........................................................30 2.3.3 Partitions and Subject Address Spaces ................................................................................................37 2.3.4 TOE Configuration Changes................................................................................................................38 2.4 Modes, States, and Trusted Recovery....................................................................................40 2.5 Trusted Delivery ......................................................................................................................42 2.6 Platform Considerations .........................................................................................................43 2.6.1 Platform Components ..........................................................................................................................43 2.6.2 Platform Interfaces...............................................................................................................................44 2.7 Evaluation Considerations......................................................................................................45 2.7.1 Security Management ..........................................................................................................................45 2.7.2 TOE Component Development Diversity............................................................................................46 2.8 Use of High Robustness...........................................................................................................47 3. TOE Security Environment ................................................................................................. 48 3.1 Threats......................................................................................................................................48 3.2 Security Policy .........................................................................................................................49 3 U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness Version 1.03 – 29 June 2007 3.3 Security Usage Assumptions...................................................................................................50 4. Security Objectives ............................................................................................................... 52 4.1 TOE Security Objectives.........................................................................................................52 4.2 Environment Security Objectives ..........................................................................................55 5. TOE Security Functional Requirements............................................................................. 57 5.1 Security Audit (FAU) ..............................................................................................................57 5.1.1 Security Audit Automatic Response (FAU_ARP)...............................................................................57 5.1.2 Security Audit Data Generation (FAU_GEN) .....................................................................................58 5.1.3 Security Audit Review (FAU_SAR) ...................................................................................................61 5.1.4 Security Audit Event Selection (FAU_SEL) .......................................................................................62 5.2 User Data Protection (FDP)....................................................................................................62 5.2.1 Information Flow Control Policy (FDP_IFC)......................................................................................62 5.2.2 Information Flow Control Functions (FDP_IFF).................................................................................63 5.2.3 Residual Information Protection (FDP_RIP).......................................................................................64 5.3 Identification and Authentication (FIA)................................................................................65 5.3.1 User Attribute Definition (FIA_ATD).................................................................................................65 5.3.2 User-Subject Binding (FIA_USB).......................................................................................................66 5.4 Security Management (FMT).................................................................................................67 5.4.1 Explicit: Management of Configuration Data (FMT_MCD_EXP) .....................................................68 5.4.2 Management of Functions in TSF (FMT_MOF) .................................................................................68 5.4.3 Management of Security Attributes (FMT_MSA)...............................................................................69 5.4.4 Management of TSF Data (FMT_MTD) .............................................................................................70 5.4.5 Specification of Management Functions (FMT_SMF)........................................................................70 5.5 Protection of the TSF (FPT) ...................................................................................................71 5.5.1 Underlying Abstract Machine Test (FPT_AMT).................................................................................71 5.5.2 Explicit: Configuration Change (FPT_CFG_EXP) ............................................................................71 5.5.3 Explicit: Establishment of Secure State (FPT_ESS_EXP) .................................................................73 5.5.4 Fail Secure (FPT_FLS)........................................................................................................................73 5.5.5 Explicit: TOE Halt (FPT_HLT_EXP) .................................................................................................74 5.5.6 Explicit: TOE Maintenance (FPT_MTN_EXP)..................................................................................74 5.5.7 Explicit: Principle of Least Privilege (FPT_PLP_EXP) ......................................................................74 5.5.8 Explicit: Trusted Recovery (FPT_RCV_EXP) ....................................................................................75 4 U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness Version 1.03 – 29 June 2007 5.5.9 Explicit: TOE Restart (FPT_RST_EXP) ............................................................................................76

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    182 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us