Validated Product - TeraText DBS 4.3.13
Certificate Date: 20 June 2008
Validation Report Number: CCEVS-VR-VID10164-2008
Product Type:
DBMS
Conformance Claim:
EAL2
PP Identifiers:
None
CC Testing Lab:
CygnaCom Solutions, Inc
PRODUCT DESCRIPTION
The TOE is a database server application that is for managing records containing text. The TOE is not a relational database system.
The TOE manages text documents in a variety of formats and encodings including HTML, SGML, XML, RTF, MARC, spreadsheets, word processor documents, plain text, Unicode, and images. It also supports storing images and other non-text formats. For textual data, the TOE provides full text indexing and searching capabilities such as word, field and phrase based querying, fuzzy matching, word stemming, Boolean operators, word distance (proximity) operators, ranking, results sorting, and term highlighting.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. SAIC TeraText DBS 4.3.13 software was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2. A Validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in June 2008.
ENVIRONMENTAL STRENGTHS
The TOE provides the following evaluated security services:
• Security audit
The TOE generates audit records which contain date and time of the event, type of event, subject identity, and the outcome (success or failure) of the event. Note that auditable events are associated with the identity of the user based on user identifier.
The auditable events include:
• Start-up and shutdown of the audit function (more specifically, of the TOE);
• Successful requests to perform an operation on an object covered by the SFP;
• Unsuccessful use of the authentication mechanism;
• Unsuccessful use of the user identification mechanism, including the user identity provided;
The TOE writes audit records to text files stored in the IT environment that comprise the audit trail. The operating system in the IT environment is relied on to protect audit trail files and for the time. The TOE does not provide any interfaces to read from the audit trail.
• User data protection
The TOE can restrict access to Z39.50 databases, records, and schema elements to users and groups based on permissions.
• Identification and authentication
The TOE ensures users are identified and authenticated prior to allowing them the ability to access the TOE’s security functions. Users are identified with a user name and authenticated with a password. Users attributes include: user name, authentication data (password), and group membership. Note that while the product supports additional authentication mechanisms, only username/password is supported in the evaluated configuration
• Security management
The TOE provides administrator console interfaces that can be used by authorized administrators to perform all management functions, including: managing database subjects (including authentication data), database objects, and TOE session establishment IP addresses.
• Protection of the TSF
The TOE can ensure that implicit and explicit policies that it enforces are not bypassed by controlling access to its interfaces, including separating client connections between users and the TOE, and between TOE components. The TOE relies on its platform to operate correctly and to prevent unauthorized access to TOE data and stored executables.
• TOE access
The TeraText Content Server component of the TOE can restrict user sessions based on the IP address of the originating client connection (where client in this context is defined as TOE components and subcomponents that initiate Z39.50 connections with the TeraText Content Server).
|
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}