NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0435:  Alternative to SELinux for FPT_AEX_EXT.1.3

Publication Date
2019.07.26

Protection Profiles
PP_APP_v1.2, PP_APP_v1.3

Other References
FPT_AEX_EXT.1.3

Issue Description

FPT_AEX_EXT.1.3 requires a TOE to be compatible with the security features provided for a platform vendor. The Assurance Activity for Linux-based TOEs requires an evaluator to verify that the TOE is compatible with SELinux. Some common Linux distributions do not use SELinux by default. Ubuntu Linux for example comes with the AppArmor security module pre-installed instead. Since AppArmor cannot be run alongside SELinux, an Ubuntu-based TOE would have to disable one of the the security features provided by the platform vendor and then install SELinux in order to satisfy the Assurance Activity. 

Resolution

For PP_APP_v1.3, the Linux Assurance Activity under FPT_AEX_EXT.1.3 is modified as follows:

For Linux: The evaluator shall ensure that the application can successfully run on a system with either SELinux or AppArmor enabled and enforcing in enforce mode.

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home