ITT INDUSTRIES DRAGONFLY COMPANION SECURITY TARGET ITT INDUSTRIES DRAGONFLY COMPANION SECURITY TARGET

  • View
    1

  • Download
    0

Embed Size (px)

Text of ITT INDUSTRIES DRAGONFLY COMPANION SECURITY TARGET ITT INDUSTRIES DRAGONFLY COMPANION SECURITY...

  • ITT INDUSTRIES

    DRAGONFLY COMPANION

    SECURITY TARGET

    VERSION 1.5

    Kristina Rogers

    Savith Kandala

    29 October 1999

    CYGNACOM SOLUTIONS

    Suite 100 West♦♦7927 Jones Branch Drive♦♦McLean, VA 22102-3305♦♦703 848-0883♦♦Fax 703 848-0960

  • TABLE OF CONTENTS

    SECTION PAGE

    1.0 SECURITY TARGET INTRODUCTION .......................................................................................................... 1

    1.1 SECURITY TARGET IDENTIFICATION ...................................................................................................................... 1 1.2 SECURITY TARGET OVERVIEW ............................................................................................................................. 1 1.3 COMMON CRITERIA CONFORMANCE..................................................................................................................... 1

    2.0 TOE DESCRIPTION........................................................................................................................................... 2

    2.1 EVALUATION SCOPE ............................................................................................................................................. 2 2.2 PRODUCT DESCRIPTION ....................................................................................................................................... 2 2.3 SECURITY SERVICES ............................................................................................................................................ 4 2.4 OPERATIONAL ENVIRONMENT.............................................................................................................................. 5

    3.0 SECURITY ENVIRONMENT ............................................................................................................................ 7

    3.1 SECURE USAGE ASSUMPTIONS.............................................................................................................................. 7 3.2 ORGANIZATIONAL SECURITY POLICIES .................................................................................................................. 8 3.3 THREATS TO SECURITY ........................................................................................................................................ 9

    4.0 SECURITY OBJECTIVES ............................................................................................................................... 10

    4.1 SECURITY OBJECTIVES FOR THE TOE .................................................................................................................. 10 4.2 SECURITY OBJECTIVES FOR THE ENVIRONMENT............................................................................................... 12

    5.0 IT SECURITY REQUIREMENTS ................................................................................................................... 14

    5.1 TOE SECURITY FUNCTIONAL REQUIREMENTS .................................................................................................... 14 5.1.1 Class FAU: Security audit ......................................................................................................................... 15 5.1.2 Class FDP: User data protection............................................................................................................... 16 5.1.3 Class FIA: Identification and authentication ............................................................................................. 21 5.1.4 Class FMT: Security management ............................................................................................................. 22 5.1.5 Class FPT: Protection of the TOE Security Functions ............................................................................... 23 5.1.6 Class FTP: Trusted path/channels ............................................................................................................. 24 5.1.7 Strength of Function Requirement ............................................................................................................. 24

    5.2 TOE SECURITY ASSURANCE REQUIREMENTS...................................................................................................... 26 5.2.1 Class ACM: Configuration Management ................................................................................................... 26 5.2.2 Class ADO: Delivery and Operation.......................................................................................................... 27 5.2.3 Class ADV: Development .......................................................................................................................... 29 5.2.4 Class AGD: Guidance Documents ............................................................................................................. 31 5.2.5 Class ATE: Tests ....................................................................................................................................... 33 5.2.6 Class AVA: Vulnerability Assessment ........................................................................................................ 36

    5.3 SECURITY REQUIREMENTS FOR THE IT ENVIRONMENT .......................................................................................... 38

    6.0 TOE SUMMARY SPECIFICATION................................................................................................................ 40

    6.1 IT SECURITY FUNCTIONS................................................................................................................................... 40 6.1.1 Identification and Authentication............................................................................................................... 40 6.1.2 Associations .............................................................................................................................................. 40 6.1.3 Discretionary Access Control (DAC) ......................................................................................................... 40 6.1.5 Mandatory Access Control (MAC) ............................................................................................................. 42 6.1 6 Data Export and Import............................................................................................................................. 43 6.1.7 Dragonfly IP Datagrams and Messages..................................................................................................... 43 6.1.8 Confidentiality........................................................................................................................................... 44

  • iii

    6.1.9 Integrity..................................................................................................................................................... 45 6.1.10 Audit........................................................................................................................................................ 45 6.1.11 Certificate Revocation .............................................................................................................................. 53 6.1.12 Time Stamps ............................................................................................................................................ 54 6.1.13 Security Attributes ................................................................................................................................... 54 6.1.14 Security Management .............................................................................................................................. 59 6.1.15 Inter-TSF Basic Data Consistency ........................................................................................................... 62 6.1.16 System Architecture ................................................................................................................................. 62

    6.2 ASSURANCE MEASURES ..................................................................................................................................... 63

    7.0 PP CLAIMS........................................................................................................................................................ 64

    8.0 RATIONALE ..................................................................................................................................................... 65

    8.1 SECURITY OBJECTIVES RATIONALE..................................................................................................................... 65 8.1.1 All Assumptions, Policies and Threats Addressed ...................................................................................... 65 8.1.2 All Objectives Necessary ........................................................................................................................... 68

    8.2 SECURITY REQUIREMENTS RATIONALE................................................................................................................ 72 8.2.1 All Objectives Met by Security Requirements.............................................................................................. 72 8.2.2 All Functional Components Necessary....................................................................................................... 75 8.2.3 Satisfaction of Dependencies ..................................................................................................................... 76 8.2.4 Use of the Dragonfly Administration System..................................