Apple Mac OS X 10.6 Security Target Version: 1.0 Last Update: December 16, 2009 Apple Mac OS X 10.6 Security Target atsec is a trademark of atsec information security GmbH Apple and the Apple logo are trademarks or registered trademarks of Apple Corporation in the United States, other countries, or both. Intel, Xeon, and Pentium are trademarks of Intel Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. This document is provided AS IS with no express or implied warranties. Use the information in this document at your own risk. This document may be reproduced or distributed in any form without prior permission provided the copyright notice is retained on all copies. Modified versions of this document may be freely distributed provided that they are clearly identified as such, and this copyright is included intact. Copyright © 2008 by atsec information security corporation, and Apple or its wholly owned subsidiaries. Page 2 of 47 - atsec public - © Apple, atsec 2009 2009-12-16 Apple Mac OS X 10.6 Security Target Table of Content 1 ST Introduction ..................................................................................................................................................... 9 1.1 ST Structure .................................................................................................................................................. 9 1.2 Terminology.................................................................................................................................................. 9 1.3 ST Reference and TOE Reference ................................................................................................................ 9 1.4 TOE Overview ............................................................................................................................................ 10 1.4.1 TOE Type............................................................................................................................................ 10 1.4.2 Intended Method of Use...................................................................................................................... 10 1.4.3 Major Security Features ...................................................................................................................... 10 1.5 TOE Description ......................................................................................................................................... 10 1.5.1 Mac OS X TOE Definition ................................................................................................................. 10 1.5.2 Mac OS X Structure............................................................................................................................ 11 1.5.3 Darwin................................................................................................................................................. 12 1.5.4 Definition of the TOE Boundaries ...................................................................................................... 12 1.5.4.1 Logical boundary ........................................................................................................................ 12 1.5.4.1.1 Functional Description..........................................................................................................12 1.5.4.1.2 TOE Software ....................................................................................................................... 13 1.5.4.2 Physical boundary ....................................................................................................................... 13 1.5.4.3 Configurations............................................................................................................................. 13 1.5.4.4 TOE Environment ....................................................................................................................... 14 2 Conformance Claims........................................................................................................................................... 15 2.1 Common Criteria......................................................................................................................................... 15 2.2 Packages...................................................................................................................................................... 15 2.3 Protection Profiles....................................................................................................................................... 15 2.4 CAPP: Demonstration of Conformance...................................................................................................... 15 2.4.1 Changes to the SPD............................................................................................................................. 15 2.4.2 Changes to the Objectives................................................................................................................... 15 2.4.3 Changes to the SFRs ........................................................................................................................... 15 2.4.4 Changes to the SARs........................................................................................................................... 16 3 Security Problem Definition ............................................................................................................................... 17 3.1 Introduction................................................................................................................................................. 17 3.2 Threats......................................................................................................................................................... 17 3.2.1 Threats countered by the TOE ............................................................................................................ 17 3.3 Organizational Security Policies ................................................................................................................. 17 3.4 Assumptions................................................................................................................................................ 18 3.4.1 Physical Aspects.................................................................................................................................. 18 3.4.2 Personnel Aspects ............................................................................................................................... 18 3.4.3 Connectivity Aspects .......................................................................................................................... 18 4 Security Objectives ............................................................................................................................................. 19 4.1 Security Objectives for the TOE................................................................................................................. 19 - atsec public - Page 3 of 47 2009-12-16 © Apple, atsec 2009 Apple Mac OS X 10.6 Security Target 4.2 Security Objectives for the TOE Environment........................................................................................... 19 4.3 Security Objective Rationale ...................................................................................................................... 20 4.3.1 Security Objectives Coverage............................................................................................................. 20 4.3.2 Security Objectives Sufficiency.......................................................................................................... 20 5 Extended Components Definition....................................................................................................................... 22 6 Security Requirements........................................................................................................................................ 23 6.1 TOE Security Functional Requirements ..................................................................................................... 23 6.1.1 Security Audit (FAU) ......................................................................................................................... 23 6.1.1.1 Audit Data Generation (FAU_GEN.1) ....................................................................................... 23 6.1.1.2 User Identity Association (FAU_GEN.2)................................................................................... 25 6.1.1.3 Audit Review (FAU_SAR.1)...................................................................................................... 25 6.1.1.4 Restricted Audit Review (FAU_SAR.2)..................................................................................... 25 6.1.1.5 Selectable Audit Review (FAU_SAR.3) .................................................................................... 25 6.1.1.6 Selective Audit (FAU_SEL.1).................................................................................................... 25 6.1.1.7 Guarantees of Audit Data Availability (FAU_STG.1) ............................................................... 26 6.1.1.8 Action in Case of Possible Audit Data Loss (FAU_STG.3)....................................................... 26 6.1.1.9 Prevention of Audit Data Loss