Validated Product - Sybase iAnywhere Adaptive Server Anywhere (versions 9.0.1 and 9.0.2) component of SQL Anywhere Studio 9Certificate Date: 24 April 2006 Validation Report Number: CCEVS-VR-06-0018 Product Type: DBMS Conformance Claim: EAL3 Augmented with ALC_FLR.2 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory
PRODUCT DESCRIPTIONAdaptive Server Anywhere (ASA) is a relational database management system (RDBMS). According to the vendor, it was designed to support multiple operating systems as well as operate efficiently with limited memory, CPU power, and disk space. Non-security relevant capabilities of the product include full transaction processing, referential integrity, SQL stored procedures, triggers, row-level locking, automatic event scheduling and automatic recovery. Core features such as the query optimizer and the data caching mechanism are designed specifically to operate with minimal resources. At the same time, ASA contains the features needed to take advantage of workgroup servers, including support for many users, scalability over multiple CPUs, and advanced concurrency features. ASA is designed to be self-tuning and yet maintain a small footprint. ASA symmetric multi-processor (SMP) support ensures top performance for greater numbers of users. A high-performance, self-tuning query optimizer determines the most effective way to access information and utilize additional processors, thereby improving performance and eliminating the need for expert tuning. ASA is one or more operating system processes that service client requests. Multiple processes can be configured to enhance performance on multiprocessor systems. An ASA process has two distinct engine subcomponents, a DBMS component and a kernel component. The DBMS component manages the processing of SQL statements (data manipulation language - DML, data definition language - DDL, stored procedures and administrative commands), accesses data in a database, and manages different types of Server resources. The kernel component performs low-level functions for the DBMS component, such as task and engine management; network and disk I/O; and low-level memory management. Note that the communications component, that part of ASA that processes a CmdSeq or TDS request, also uses the kernel component for low-level services. The specific builds included in the evaluation are:
The set of operating systems included in the evaluation are Microsoft Windows 2000, XP and Server 2003, Sun Solaris 8, and Redhat Linux Advanced Server 2.1. The TOE was tested on all platforms by the vendor as part of the evaluation. The evaluation team ran its tests on the Windows 2000 and Solaris 8 platforms since the security relevant code is unchanged on all the Windows-based and Unix-based platforms. SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Adaptive Server Anywhere TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and International Interpretations effective on April 1, 2004. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 3 augmented with ALC_FLR.2. The product, when configured as specified in the Supplement for Installing Adaptive Server for Common Criteria Configuration, Document ID: DC00080-01-1252-01, Last revised: April 2006 (http://www.ianywhere.com/developer/product_manuals/sqlanywhere/sqlanywhere_cc_configuration.pdf), satisfies all of the security functional requirements stated in the Sybase Adaptive Server Anywhere Security Target (Version 1.0). One validator monitored the evaluation carried out by SAIC. The evaluation was completed in April 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0016, 24 April 2006) prepared by CCEVS. ENVIRONMENTAL STRENGTHSSybase ASA is a DBMS designed to execute as a set of applications in the context of commercially available operating systems. ASA supports six security functions. Security audit: ASA has an audit mechanism that is invoked for access checks, authentication attempts, administrator functions, and at other times during its operation. When invoked, the date, time, responsible individual and other details describing the event are recorded to the audit trail. The Audit log is stored in the transaction log which is protected from unauthorized access or modification. The dbtran utility can be used by authorized administrators to extract the audit records from the transaction log file, including searching by user identities. The resulting text file can then be used by the administrator in any manner to effectively review the audit trail. User data protection: ASA implements a Discretionary Access Control Policy over applicable database objects - tables, views, stored procedures and user-defined functions. Note that there are other database objects that are either always private, always public, or are part of one of the afore-mentioned objects. In each case, the objects each have an owner which is the creator of the object. Object owners have special permissions, while other users can subsequently be granted specific access permissions allowing corresponding operations on the object. Identification and authentication: ASA provides its own identification and authentication mechanism in addition to the underlying operating system. Users must provide a valid username and password before they can access any security-related functions. Once identified and authenticated, all subsequent actions are associated with that user and policy decisions are based on the user’s identity, group memberships and corresponding authorities. Login events in combination with user-defined stored procedures can be used to disable a user account after an administrator defined number of authentication failures. Security management: ASA provides SQL statements and built-in procedures necessary to manage users and associated attributes, access privileges, and other security functions such as audit. The functions are restricted based on user authorities, originally restricted to administrators only. While all of the administrative functions are available through and restricted at the ASA Server interfaces, utility programs are provided to facilitate ASA administrators. ASA associated authorities with users, including a Database Administrator (DBA) authority that can manage the behavior of the applicable security functions. The DBA(s) is considered an authorized administrator (or trusted user) and all other users are simply referred to as users (or untrusted users). Protection of the TSF: ASA protects itself and ensures that its policies are enforced in a number of ways. While there is dependence on the underlying operating system to separate its process constructs, enforce file and memory access restrictions, and to provide communication services, ASA protects itself by keeping its context separate from that of its users and also by making effective use of the operating system mechanisms to ensure that memory and files used by ASA have the appropriate access settings. Furthermore, ASA interacts with users through well-defined interfaces designed to ensure that the ASA security policies are always enforced. TOE access: ASA allows authorized administrators to configure stored procedures that will be activated by events when users connect. When activated the stored procedures can restrict the number of concurrent sessions, specific user identities, and whether the session is allowed at the current time. |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}
