Validated Product - Apple Mac OS X V10.3.6 and Apple Mac OS X Server V10.3.6, both with CC Tools Package

PRODUCT DESCRIPTION

The TOE, Apple Mac OS X v10.3.6 and Apple Mac OS X Server v10.3.6, is a networked, general-purpose, fully-functioning Unix operating system, based on the Mach kernel and FreeBSD, which abstracts the complexity of Unix and provides a graphical user interface. Mac OS X and Mac OS X Server enforce the same security functions - the only differences lie in the area of performance.

The following hardware platforms are included in the evaluated configuration:

• Mac OS X version 10.3.6 - eMac G4; iMac G3; iMac G4; iMac G5; iBook G3; iBook G4; PowerBook G3; PowerBook G4; Power Mac G3; Power Mac G4 Cube; Power Mac G4 (single processor); Power Mac G4 Dual Processor; Power Mac G5 (single processor); Power Mac G5 Dual Processor
• Mac OS X Server version 10.3.6 - Power Mac G4 (single processor); Power Mac G4 Dual Processor; Power Mac G5 (single processor); Power Mac G5 Dual Processor; Xserve G4 (single processor); Xserve G4 Dual Processor; Xserve G5 (single processor); Xserve G5 Dual Processor

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Apple Computer Mac OS X v10.3.6 and Mac OS X Server v10.3.6 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and International Interpretations effective on 27 June 2002. The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL3 family of assurance requirements. The product, when configured as specified in "Common Criteria Configuration and Administration Guide - Setting up and administering the Common Criteria configuration using Mac OS X or Mac OS X ServeR", dated 17 December 2004, satisfies all of the security functional requirements stated in the Apple Computer Mac OS X v10.3.6 and Mac OS X Server v10.3.6 Security Target. One validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in December 2004. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-05-0086) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

Apple Mac OS X v10.3.6 and Mac OS X Server v10.3.6, includes the Mac OS X operating system, supporting hardware and those applications necessary to manage, support and configure the operating system. Apple Mac OS X v10.3.6 and Mac OS X Server v10.3.6 provides a moderate level of independently assured security in a conventional TOE and is suitable for a cooperative non-hostile environment.

Mac OS X provides an advanced memory protection and management system. Mac OS X ensures reliability by protecting applications with a robust architecture that allocates a unique address space for each application or process. The Mach kernel augments standard virtual memory semantics with the abstraction of memory objects. This enables Mac OS X to manage separate application environments simultaneously.

While Mac OS X offers support for multiple file systems, only the HFS+ filesystem is supported in the evaluated configuration. Mac OS X also supplies the following advanced functionality:

• Preemptive and cooperative multitasking via the Mach kernel
• Symmetric multiprocessing (SMP) augmented by support for multi-threading
• Real-time support guaranteeing low-latency access to processor resources for time-sensitive media applications

While Mac OS X supports a wide range of protocols and network services, only TCP/IP and the NFS (Network Filesystem), DNS (Domain Name Service), and SSH (Secure Shell) services are supported in the evaluated configuration.

Apple Mac OS X v10.3.6 and Mac OS X Server v10.3.6 supports the following five security functions:

• Audit Function: Mac OS X has the ability to audit user actions and store the records in an audit trail that is protected from unauthorized access. The administrator has the ability to select what events get audited and to sort and search the audit log after the records have been collected. The audit facility is flexible in permitting the administrator the ability to decide if the system should overwrite old records or halt if the audit trail becomes full.
• Identification and Authentication: All users on Mac OS X are identified and authenticated before they can access any system service. Mac OS X maintains a user database with user name, group associations, and authentication information. Mac OS X supports password authentication in the evaluated configuration.
• User Data Protection: Mac OS X provides a Discretionary Access Control (DAC) mechanism to protect user objects such as files, directories, and message queues. Access to these objects is mediated by the operating system and granted only if a set of rules is passed. In addition to controlling access, Mac OS X ensures that whenever a user is allocated a resource, that resource is clear of any previous information that it may have contained.
• Security Management: Mac OS X provides a rich set of administrative functions. Graphical tools are provided to manage user accounts, object access rights, and the audit trail.
• Protection of the TSF: Mac OS X has several features to protect the security functions. Mac OS X utilizes the security features of the hardware including running the kernel in the most privileged state of the hardware. Memory protection and process isolation are provided to keep processes from interfering with each other and, more importantly, from interfering with the operating system. There is also a set of diagnostic tools provided to the administrator that can be run to ensure the correct operation of the hardware.