PRODUCT DESCRIPTION

The CA Directory is a directory software application that provides a system to store and manage electronic information. The CA Directory can operate in a standalone mode or, as typical for directories, provide directory services to other applications, operating as part of larger systems. CA Directory can also operate in a large distributed directory system and itself be deployed as a large distributed directory, supporting distributed directory functionality such as replication and chaining, involving distributed authentication mechanisms.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. CA Directory r8.1 0608 (build 942) for Sun Solaris platform was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL3. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in April 2007.

ENVIRONMENTAL STRENGTHS

The TOE provides the following evaluated security services:

• Audit Generation and Selection – The TOE generates audit records for selected security events. The records are stored in the log text files on the DXserver platform. An application in the TOE environment is required to read the audit records.
• Access Control over Repository Data (the information the directory stores and manages for users) – the TOE uses the X.501 access control scheme to control access to its repository data for users accessing the directory using DAP and LDAP. These users are the relying parties and administrative users using a directory-enabled interface. DAP and LDAP are the only interfaces for these users.
• Identification and Authentication – The DAP and LDAP interface requires its users to identify and authenticate themselves to establish a DAP or LDAP session, or if there is no identification or authentication provided be considered 'anonymous' users. The above access control function controls the information anonymous users have access to. The TOE provides DAP and LDAP users several authentication mechanisms: password-based, certificate-based, and distributed authentication for users in a distributed directory environment. The remote trusted peer DSAs that access the TOE using DSP and DISP, are required to authenticate using the certificate-based mechanism to establish the DSP and DISP sessions. The DXserver uses the SSLD process to validate the certificate provided by the client for the SSL* connection. This processed certificate is then used by the DXserver to authenticate the user. The DXconsole users are authenticated by the TOE using a password mechanism. A TOE configuration file specifies which users are allowed access to the local console and then those users are authenticated using the same password mechanism as the DAP users.
• Administration and Trusted Data Management – the TOE, through the DXconsole, provides the TOE's superusers access to control the security functions and manage the trusted data. While all the security functions and data can be accessed from the DXconsole, some of the trusted data resides in configuration text files on the DXserver and some in the repository. The data in the configuration files requires a Unix superuser to modify the files using a text editor on the operating system for the modifications to be persistent when the DXserver restarts. The data in the repository can be managed through the DUA interface. In addition, administratively specified remote trusted peer DSAs are able to update defined portions of the repository data through replication.

Note: It's important to note role terminology for this TOE. The TOE has a 'superuser' role which is NOT the same Unix superuser (but could be the same individual). The TOE's 'superuser' role can delegate management responsibilities for a portion of the Directory Information Tree (DIT) to an 'administrator' role. Different environments may use different terminology. It's common for the terms 'administrator' and 'data manager' to be substituted for the TOE's 'superuser' and 'administrator' roles, respectively.

• Password Management – supporting the password-based authentication mechanism a TOE superuser can specify a policy for passwords that includes authentication failure mechanisms and rules that define acceptable passwords.
• Partial Protected Data Transmission – the DXserver enforces when the data transmitted to and from remoted trusted peer DSAs over the network must be through a trusted channel, with assured identification of the end points and the data protected from unauthorized disclosure and modification. The TOE must also provide a trusted channel when users initiate communication with the TOE via a trusted channel. The DXserver relies on the SSLD process in its IT environment to perform the SSL* protocol with its associated cryptography to process certificates for authenticating the end points of the communication channel and to encrypt the data.
• Partial TOE Self Protection - working in concert with its platform, the TOE provides protection of its security functions through non-bypassability and domain separation. All user operations are conducted in the context of an associated session. The TOE manages these sessions to prevent one session from compromising another session. The TOE provides only well-defined interfaces to these sessions, and the sessions allocated only after successful authentication, or when a session is requested from the physically protected local console which is under procedural control. The TOE relies on its platform to operate correctly and to prevent unauthorized access to TOE data and stored executables.

*Note: There has been no independent verification by the evaluators that the implementation of the cryptographic algorithm SSL actually meets claimed standards. What testing verified was the services provided by SSL correctly worked with the TOE.

Vendor Information

CA, Inc.
William F. Clark
703.708.3501
william.clark@ca.com

http://www.ca.com/