iManager U2000 Security Target - Common Criteria iManager U2000 Version 1 Release 6... iManager U2000

  • View
    52

  • Download
    3

Embed Size (px)

Text of iManager U2000 Security Target - Common Criteria iManager U2000 Version 1 Release 6... iManager...

  • iManager U2000 Security Target

    Version: 1.6

    Last Update: 2014-12-04

    Author: Huawei Technologies Co., Ltd.

  • Table of contents

    Page 2 of 39 CC Version 3.1

    Table of Contents

    IMANAGER U2000 SECURITY TARGET ............................................................... 1

    Author ................................................................................................................................................................. 5

    1 INTRODUCTION ................................................................................................... 6

    1.1 ST Reference ................................................................................................................................................ 6

    1.2 TOE Reference ............................................................................................................................................. 6

    1.3 TOE Overview ............................................................................................................................................. 6 1.3.1 TOE usage and major security features ................................................................................................. 7 1.3.2 TOE Type .............................................................................................................................................. 7 1.3.3 Non TOE Hardware and Software ......................................................................................................... 8

    1.4 TOE Description .......................................................................................................................................... 9 1.4.1 TOE Definition Scope ............................................................................................................................ 9 1.4.2 Environment......................................................................................................................................... 11

    2 CC CONFORMANCE CLAIMS ........................................................................... 13

    3 SECURITY PROBLEM DEFINITION .................................................................. 14

    3.1 Assumptions ............................................................................................................................................... 14

    3.2 Threats ........................................................................................................................................................ 14 3.2.1 Assets and Agents ................................................................................................................................ 14 3.2.2 Threats addressed by the TOE ............................................................................................................. 15

    4 SECURITY OBJECTIVES .................................................................................. 17

    4.1 Security Objectives for the TOE .............................................................................................................. 17

    4.2 Objectives for the Operational Environment .......................................................................................... 17

    4.3 Security Objectives Rationale ................................................................................................................... 18 4.3.1 Coverage .............................................................................................................................................. 18 4.3.2 Sufficiency ........................................................................................................................................... 18

    5 SECURITY REQUIREMENTS FOR THE TOE ................................................... 21

    5.1 Conventions ................................................................................................................................................ 21

    5.2 Security Requirements .............................................................................................................................. 21 5.2.1 Security Audit (FAU) .......................................................................................................................... 21 5.2.2 User Data Protection (FDP) ................................................................................................................. 23 5.2.3 Identification and Authentication (FIA) ............................................................................................... 23 5.2.4 Security Management (FMT)............................................................................................................... 24 5.2.5 Protection of the TSF (FPT)................................................................................................................. 26 5.2.6 TOE access (FTA) ............................................................................................................................... 26

  • Table of contents

    CC Version 3.1 Page 3 of 39

    5.2.7 Trusted Path/Channels (FTP) ............................................................................................................... 27

    5.3 Security Functional Requirements Rationale .......................................................................................... 28 5.3.1 Coverage .............................................................................................................................................. 28 5.3.2 Sufficiency ........................................................................................................................................... 28 5.3.3 Security Requirements Dependency Rationale .................................................................................... 31

    5.4 Security Assurance Requirements ............................................................................................................ 32

    5.5 Security Assurance Requirements Rationale .......................................................................................... 33

    6 TOE SUMMARY SPECIFICATION ..................................................................... 34

    6.1 TOE Security Functionality ...................................................................................................................... 34 6.1.1 User Role management ........................................................................................................................ 34 6.1.2 Authentication ...................................................................................................................................... 34 6.1.3 Access control ...................................................................................................................................... 35 6.1.4 IP-base ACL ......................................................................................................................................... 35 6.1.5 Encrypted communication ................................................................................................................... 35 6.1.6 User session management .................................................................................................................... 36 6.1.7 Auditing ............................................................................................................................................... 37 6.1.8 Security management function ............................................................................................................. 38

    7 ABBREVIATIONS, TERMINOLOGY AND REFERENCES ................................ 39

    7.1 Abbreviations ............................................................................................................................................. 39

    7.2 Terminology ............................................................................................................................................... 39

    7.3 References ................................................................................................................................................... 39

  • List of figures

    Page 4 of 39 CC Version 3.1

    List of figures

    Figure 1:TOE Fixed Network .......................................................................................................................... 8

  • CC Version 3.1 Page 5 of 39

    Author

    Version Date Author Changes to previous version

    0.1 2012-04-29 Wen WenJing First release

    0.2 2014-04-30 Wen WenJing Review and update

    0.3 2014-05-04 Lin Jing Review and update

    0.4 2014-05-04 Wen WenJing Review and update

    0.5 2014-05-05 Wen WenJing Review and update

    0.6 2014-05-06 Wen WenJing Review and update

    0.7 2014-05-07 Wen WenJing Review and update

    0.8 2014-05-08 Wen WenJing Review and update

    0.9 2014-05-09 Wen WenJing Review and update

    1.0 2014-07-24 Wen WenJing Review and update

    1.1 2014-08-04 Wen WenJing Review and update

    1.2 2014-08-13 Wen WenJing Review and update

    1.3 2014-09-28 Wen WenJing Update according to EORs

    1.4 2014-09-29 Wen WenJing Final

    1.5 2014-10-10 Wen WenJing Update Guidance

    1.6 2014-12-04 Wen WenJing Update according to EORs

  • Page 6