PRODUCT DESCRIPTION

IBM WebSphere® MQ is message queuing middleware. It connects all business software together to form one enterprise by providing an open, scalable, industrial-strength messaging backbone.

WebSphere MQ (WMQ) is divided into the operating system specific editions and the specific version for this evaluation is WebSphere MQ for AIX 5.2. Each of the operating system specific Editions can support the following components, WMQ server (which includes the queue manager); WMQ C Client; and JMS/Java clients. The AIX v5.2 operating system (OS) is supported within this evaluation.

The WebSphere MQ Server product and the WebSphere MQ C Client use the IBM® Global Security Kit‘s TLS/SSL API to request TLS/SSL connections. The JMS/Java Clients use the IBM® Java JSSE FIPS (IBMJSSEFIPS) or the IBMJSSE2 providers to request TLS/SSL connections. Only FIPS 140-2 certified TLS/SSL cipher specs are permitted within the TOE.

The WebSphere MQ Server and WMQ C Client use the GSKit software to enable support for TLS/SSL. GSKit is a set of tools and C/C++ programming interfaces that can be used to add secure channels using the SSLv3 and TLSv1 protocols to TCP/IP applications (products). It provides the cryptographic functions, the protocol implementation and key generation and management functionality for this purpose.

The GSKit software must be configured such that

• only SSLv3 and TLSv1 are allowed, other versions of SSL are disabled,
• only SSL/TLS CipherSuites whose CipherSpec parts consist of cryptographic algorithms that are FIPS 140-2 [FIPS140-2] approved and
• the FIPS 140-2 [FIPS140-2] approved random number generator

are used. This configuration is called FIPS mode. GSKit version 7.0.3.18 is within the TOE boundary and was evaluated as a component TOE evaluation.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the IBM WebSphere MQ TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL4 augmented with ALC_FLR.2 family of assurance requirements. The product, when configured as specified in the WebSphere MQ for (platform specific) Quick Beginnings Guide, satisfies all of the security functional requirements stated in the WebSphere MQ EAL4 Security Target, Issue 1.0, 25 July 2006. The supported platform in this evaluation is AIX 5.2. One Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in July 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0031, dated 2 October 2006) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

IBM WebSphere MQ was developed to connect all business software together to form one enterprise by providing an open, scalable, industrial-strength messaging backbone. WebSphere MQ supports the following four security functions:

Security Audit: In the TOE, an instrumentation event is a logical combination of conditions that is detected by a queue manager. Such an event causes the queue manager to put a special message, called an event message, on an event queue. One type of instrumentation event is the Authority event. This event reports authorization failures, such as an application trying to open a queue for which it does not have the required authority, or a command being issued from a user ID that does not have the required authority. If an attempt to access an object has not been authorized then an audit event is generated. The type of event, the user identity and application ID data are gained from the process that attempted to access the object and recorded in the event message (audit record). The Event messages are stored in an event queue, which is protected in the same way as all other queues. Only the administrator (member of MQM group) is able to access the event queue.

User Data Protection: The TOE ensures that access to an object is only given to a process acting on behalf of a user, if the associated user and group IDs associated with the user, has been granted permission to access to that object. The user and group IDs are gained from the operating system and cached in memory for any subsequent access requests. Each process contains the user ID within the message descriptor part of the process, which is used to confirm the group permissions. Permission is confirmed by checking that either the UID or GID is contained within the object‘s Access Control List (ACL)

Security Management: The TOE is managed through a Command Line Interface (CLI). The command line interface is used to enable administrators to provide management of the queue manager. The CLI is used to administer and issue commands. The CLI provides the ability for the administrator to delete event messages, update the ACLs to grant or revoke access to users/groups, viewing of the event queue contents for authorization failures and viewing of the default attributes assigned to an object upon creation. The administrator command line prevents unauthorized deletion and modifications of event messages by ensuring that only administrators (i.e. members of the mqm group) have access to the event queue.

Protection of the TSF: The TSF shall ensure that WMQ channels from WMQ clients to a WMQ server, or between two WMQ servers, are established using a TLS/SSL CipherSpec (or CipherSuite for Java/JMS). The TLS/SSL support provided by WMQ provides authentication, message integrity checking, and data encryption for transmitted data.

Vendor Information

IBM United Kingdom Limited
Sally Whittingham
+44 (0) 1962 817622
+44 (0) 1962 816898 (Fax)
whittis@uk.ibm.com

http://www.ibm.com