iManager M2000 Security Target - Common Criteria iManager M2000 Security Target v1.20.pdf  (MML)

  • View
    222

  • Download
    4

Embed Size (px)

Text of iManager M2000 Security Target - Common Criteria iManager M2000 Security Target v1.20.pdf ...

  • iManager M2000 Security Target

    Version: 1.20 Last Update: 2011-09-08

    Author: Huawei Technologies Co., Ltd.

  • Table of contents

    Table of Contents

    IMANAGER M2000.................................................................................................. 1

    SECURITY TARGET ...................................ERROR! MARCADOR NO DEFINIDO.

    Author................................................................................................................................................................. 6

    1 INTRODUCTION................................................................................................... 7

    1.1 ST reference ................................................................................................................................................. 7

    1.2 TOE reference.............................................................................................................................................. 7

    1.3 TOE overview .............................................................................................................................................. 71.3.1 TOE usage.............................................................................................................................................. 81.3.2 TOE type.............................................................................................................................................. 101.3.3 Non TOE Hardware and Software ....................................................................................................... 11

    1.4 TOE description......................................................................................................................................... 131.4.1 TOE Definition Scope.......................................................................................................................... 131.4.2 Environment......................................................................................................................................... 141.4.3 Configuration ....................................................................................................................................... 15

    2 CC CONFORMANCE CLAIMS........................................................................... 16

    3 SECURITY PROBLEM DEFINITION.................................................................. 17

    3.1 Assumptions ............................................................................................................................................... 17

    3.2 Threats........................................................................................................................................................ 173.2.1 Assets and Agents ................................................................................................................................ 173.2.2 Threats addressed by the TOE ............................................................................................................. 18

    3.3 Organizational Security Policy ................................................................................................................. 19

    4 SECURITY OBJECTIVES .................................................................................. 20

    4.1 Security Objectives for the TOE .............................................................................................................. 20

    4.2 Objectives for the Operational Environment.......................................................................................... 20

    4.3 Security Objectives Rationale................................................................................................................... 214.3.1 Coverage .............................................................................................................................................. 214.3.2 Sufficiency ........................................................................................................................................... 22

    5 SECURITY REQUIREMENTS FOR THE TOE ................................................... 24

    5.1 Security Requirements .............................................................................................................................. 245.1.1 Security Audit (FAU) .......................................................................................................................... 245.1.2 User Data Protection (FDP) ................................................................................................................. 255.1.3 Identification and Authentication (FIA)............................................................................................... 27

    Page 2 of 42 CC Version 3.1

  • Table of contents

    5.1.4 Security Management (FMT)............................................................................................................... 285.1.5 Protection of the TSF (FPT)................................................................................................................. 295.1.6 TOE access (FTA) ............................................................................................................................... 295.1.7 Trusted Path/Channels ......................................................................................................................... 305.1.8 Cryptographic operation (FCS)............................................................................................................ 30

    5.2 Security Functional Requirements Rationale.......................................................................................... 315.2.1 Coverage .............................................................................................................................................. 315.2.2 Sufficiency ........................................................................................................................................... 325.2.3 Security Requirements Dependency Rationale .................................................................................... 33

    5.3 Security Assurance Requirements............................................................................................................ 35

    5.4 Security Assurance Requirements Rationale .......................................................................................... 36

    6 TOE SUMMARY SPECIFICATION..................................................................... 37

    6.1 TOE Security Functionality ...................................................................................................................... 376.1.1 User Role management ........................................................................................................................ 376.1.2 Authentication...................................................................................................................................... 376.1.3 Access control ...................................................................................................................................... 386.1.4 IP-base ACL......................................................................................................................................... 386.1.5 Encrypted communication ................................................................................................................... 386.1.6 User session management .................................................................................................................... 396.1.7 Auditing ............................................................................................................................................... 406.1.8 Security management function............................................................................................................. 40

    7 ABBREVIATIONS, TERMINOLOGY AND REFERENCES................................ 42

    7.1 Abbreviations ............................................................................................................................................. 42

    7.2 Terminology ............................................................................................................................................... 42

    7.3 References................................................................................................................................................... 42

    CC Version 3.1 Page 3 of 42

  • List of figures

    List of figures

    Figure1:TOEnetworkstructure................................................................................................................11Figure2:TOEPhysicalEnvironment ..........................................................................................................12Figure3:TOEScope ..................................................................................................................................13

    Page 4 of 42 CC Version 3.1

  • List of tables

    List of tables Table2:Hardwareandsoftware............................................................................................................... 13Table4:Assets ......................................................................................................................................... 18Table5:Agents ........................................................................................................................................ 18Table6:MappingObjectivestoThreats......................