Compliant Product - IBM WebSphere Application Server Network Deployment (32-bit) V7
Certificate Date: 25 May 2012
Validation Report Number: CCEVS-VR-10444-2012
Product Type: Web Server
Conformance Claim: EAL4 Augmented with ALC_FLR.2
PP Identifiers: None
CC Testing Lab: SAIC Common Criteria Testing Laboratory
The TOE is IBM’s implementation of an application server:
- WebSphere Application Server Network Deployment (32-bit) V220.127.116.11 with APAR PM53930
The TOE’s primary purpose is to provide an environment for running and managing user-supplied enterprise applications and their components. In particular, the product provides the capabilities to identify users and to control what resources a user can access through enterprise applications. In addition to its primary purpose, the product provides tools for doing useful functions such as assembling and troubleshooting enterprise applications.
The WebSphere Application Server TOE Components are the Product Application Server, Product HTTP Server, Product HTTP Server Plug-Ins, wsadmin tool, Product Deployment Manager Server, and Product Node Agent Server.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the WebSphere Application Server TOE meets the security requirements contained in the Security Target. The criteria against which the WebSphere Application Server TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the WebSphere Application Server TOE is EAL 4 augmented with ALC_FLR.2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Several validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2012. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for WebSphere Application Server Network Deployment (32-bit) V18.104.22.168 with APAR PM53930 prepared by CCEVS.
The WebSphere Application Server TOE is a commercial product that provides identification, access control, audit, and the management of access control to protective resources. Additionally, the TOE provides a mechanism for requiring requests from remote callers to be encrypted using SSL (note that SSL is outside the scope of the TOE). The WebSphere Application Server TOE provides a level of protection that is appropriate for operating environments where the WebSphere Application Server TOE and the platform upon which it is installed can be appropriately protected from physical attacks.
The WebSphere Application Server TOE supports the following security functions: Identification, Access Control, Security Management, Audit, and Invocation of SSL.
Identification and Re-identification
The TOE identifies a client before performing any other TSF mediated action for the client with the exception of access to a method or static web content that is not configured with a security constraint or specifically allows access to “Everyone”. The environment is depended upon to authenticate and maintain security attributes associated with users.
The TOE provides access control functions that allow only authorized remote callers to access to the sensitive resources. The TOE permits a client to access a protected resource only if a user or group ID of the user is mapped to a role that has permission to access the resource. The resources protected by the TOE are:
- Methods in deployed enterprise beans
- Methods and HTML pages in deployed web server applications
- The Administration Service
- Naming Directory
- TOE files
- Configuration data
- TOE runtime state
- Transactions and activities
- Messaging resources (e.g. local bus, queue destinations)
- UDDI resources
- TOE location service entries
- Methods and attributes in user MBeans
The TOE maintains the following Administration roles:
These roles may use the security management functions that provide a mechanism for dynamically configuring some security attributes used by TOE access control functions.
The TOE maintains other roles as follows:
- Naming roles: COSNamingCreate, COSNamingDelete, COSNamingRead, COSNamingWrite (these roles can manage the TOE naming directory).
- UDDI Roles: SOAP_Publish_User, V3SOAP_CustodyTransfer_User_Role, V3SOAP_Publish_User_Role, V3SOAP_Security_User_Role, EJB_Publish_Role (these roles can manage the Protected UDDI registry resources)
- Messaging Roles: Browser, Bus Connector, Creator, Receiver, Sender (these roles can manage various messaging objects such as Queue and Temporary Destinations, Topics, and TopicSpace)
The TOE provides audit functions that provide authorized administrators to associate users with security relevant actions for identification, access control and for enabling and disabling the audit function. The TOE relies on the operational environment for audit record storage.
Invocation of SSL
The TOE provides an invocation of SSL function that requires a remote caller to invoke TLS 1.0 using the configured algorithms to allow for the session to be encrypted when the remote caller issues a request to the TOE over the remote interface of the IBM HTTP Server component. Note: This function does not perform the actual SSL encryption, yet provides a mechanism for requiring requests from remote callers to be encrypted.