|
O.VM_ISOLATION
|
FDP_HBI_EXT.1
|
This SFR supports the objective by requiring the TSF to enforce VM isolation through limiting access to hardware resources.
|
|
FDP_PPR_EXT.1
|
This SFR supports the objective by requiring the TSF to enforce VM isolation through limiting access to hardware resources.
|
|
FDP_VMS_EXT.1
|
This SFR supports the objective by limiting the methods that can be used to transfer data between Guest VMs.
|
|
FDP_VNC_EXT.1
|
This SFR supports the objective by isolating virtual networks from one another.
|
|
FMT_MSA_EXT.1
|
This SFR supports the objective by defining the default security posture of data isolation between Guest VMs.
|
|
FPT_HCL_EXT.1
|
This SFR supports the objective by controlling the extent to which Guest VMs can interact indirectly with each other via hypercalls.
|
|
FPT_RDM_EXT.1
|
This SFR supports the objective by ensuring that removable media cannot be accessed simultaneously by multiple Guest VMs without authorization.
|
|
FPT_VIV_EXT.1
|
This SFR supports the objective by ensuring that a Guest VM cannot disrupt the functionality of another Guest VM.
|
|
O.VMM_INTEGRITY
|
FPT_DDI_EXT.1 (objective)
|
This SFR supports the objective by isolating physical device drivers from the VMM so that they cannot be used to attempt to modify the VMM.
|
|
FPT_INT_EXT.1 (objective)
|
This SFR supports the objective by providing a mechanism by which the VMM or a privileged VM can be used to introspect a Guest VM for the purpose of detecting potential threats to the VMM that originate within the Guest VM.
|
|
FMT_ML_EXT.1
|
This SFR supports the objective by implementing a mechanism that asserts the integrity of the VMM on startup.
|
|
FMT_SMO_EXT.1
|
This SFR supports the objective by isolating management traffic bound for the VMM from operational traffic transmitted to and from Guest VMs.
|
|
FPT_EEM_EXT.1
|
This SFR supports the objective by ensuring that platform-based security functions can be used to protect the integrity of the VMM.
|
|
FPT_HAS_EXT.1
|
This SFR supports the objective by allowing the VMM to support hardware-based assistance mechanisms to reduce its own attack surface.
|
|
FPT_HCL_EXT.1
|
This SFR supports the objective by controlling the extent to which Guest VMs can interact with the VMM via hypercalls.
|
|
FPT_VDP_EXT.1
|
This SFR supports the objective by ensuring that malformed data from a Guest VM cannot be used to compromise the VMM.
|
|
FPT_VIV_EXT.1
|
This SFR supports the objective by ensuring that a Guest VM cannot disrupt the functionality of the VMM.
|
|
O.PLATFORM_INTEGRITY
|
FDP_PPR_EXT.1
|
This SFR supports the objective by limiting the extent to which Guest VMs can interface with the physical platform.
|
|
FPT_DVD_EXT.1
|
This SFR supports the objective by limiting the extent to which a Guest VM can interface with the underlying platform.
|
|
FPT_VIV_EXT.1
|
This SFR supports the objective by ensuring that a Guest VM cannot disrupt the functionality of the underlying platform
|
|
O.DOMAIN_INTEGRITY
|
FPT_GVI_EXT.1 (optional)
|
This SFR supports the objective by defining a mechanism the TSF can use to ensure that the integrity of its Guest VMs has not been compromised.
|
|
FPT_HCL_EXT.1
|
This SFR supports the objective by controlling the extent to which Guest VMs can interact with the VMM via hypercalls.
|
|
FPT_INT_EXT.1 (objective)
|
This SFR supports the objective by providing a mechanism by which the VMM or a privileged VM can be used to introspect a Guest VM for the purpose of protecting it from compromise.
|
|
FPT_VIV_EXT.1
|
This SFR supports the objective by ensuring that a Guest VM cannot disrupt the functionality of another Guest VM.
|
|
FTP_ITC_EXT.1
|
This SFR supports the objective by reducing the likelihood that user actions are inadvertently performed against the wrong Guest VM.
|
|
FTP_ITC_EXT.2
|
This SFR supports the objective by reducing the likelihood that user actions are inadvertently performed against the wrong Guest VM.
|
|
O.MANAGEMENT_ACCESS
|
FAU_SAR.1
|
This SFR supports the objective by ensuring that audit data cannot be read by unauthorized subjects.
|
|
FCS_CKM.1
|
This SFR supports the objective by implementing cryptographic functions that are used to secure administrative interactions with the TSF.
|
|
FCS_CKM.2
|
This SFR supports the objective by implementing cryptographic functions that are used to secure administrative interactions with the TSF.
|
|
FCS_CKM_EXT.4
|
This SFR supports the objective by implementing cryptographic functions that are used to secure administrative interactions with the TSF.
|
|
FCS_COP.1(1)
|
This SFR supports the objective by implementing cryptographic functions that are used to secure administrative interactions with the TSF.
|
|
FCS_COP.1(2)
|
This SFR supports the objective by implementing cryptographic functions that are used to secure administrative interactions with the TSF.
|
|
FCS_COP.1(3)
|
This SFR supports the objective by implementing cryptographic functions that are used to secure administrative interactions with the TSF.
|
|
FCS_COP.1(4)
|
This SFR supports the objective by implementing cryptographic functions that are used to secure administrative interactions with the TSF.
|
|
FCS_HTTPS_EXT.1 (selection-based)
|
This SFR supports the objective by defining a specific cryptographic protocol that can be used to secure management data in transit.
|
|
FCS_IPSEC_EXT.1 (selection-based)
|
This SFR supports the objective by defining a specific cryptographic protocol that can be used to secure management data in transit.
|
|
FCS_RBG_EXT.1
|
This SFR supports the objective by giving the TOE access to a strong entropy source that can be used to generate strong keys for administrative sessions.
|
|
FCS_TLSS_EXT.1 (selection-based)
|
This SFR supports the objective by defining a specific cryptographic protocol that can be used to secure management data in transit.
|
|
FCS_TLSS_EXT.2 (selection-based)
|
This SFR supports the objective by defining a specific cryptographic protocol that can be used to secure management data in transit.
|
|
FIA_AFL_EXT.1
|
This SFR supports the objective by protecting against unauthorized access to administrative accounts.
|
|
FIA_PMG_EXT.1 (selection-based)
|
This SFR supports the objective by defining a password policy that reduces the likelihood of brute force password guessing.
|
|
FIA_UAU.5
|
This SFR supports the objective by defining the mechanisms the TSF uses to authenticate administrators.
|
|
FIA_UIA_EXT.1
|
This SFR supports the objective by ensuring that administrators must be identified and authenticated before access to the TSF is granted.
|
|
FIA_X509_EXT.1 (selection-based)
|
This SFR supports the objective by defining how the TSF validates X.509 certificates that may be presented to it as part of establishing a trusted channel.
|
|
FIA_X509_EXT.2 (selection-based)
|
This SFR supports the objective by defining how the TSF validates X.509 certificates that may be presented to it as part of establishing a trusted channel.
|
|
FTA_TAB.1
|
This SFR supports the objective by ensuring that administrators are presented with a warning banner that imputes actionable consequences for misuse of the TOE.
|
|
FTP_ITC_EXT.1
|
This SFR supports the objective by defining any trusted protocols used for remote administration.
|
|
FTP_TRP.1 (selection-based)
|
This SFR supports the objective by defining the use of a remote interface for management.
|
|
O.PATCHED_SOFTWARE
|
FPT_IDV_EXT.1 (objective)
|
This SFR supports the objective by defining a standardized method of externally identifying the TOE software version for inventory purposes.
|
|
FPT_TUD_EXT.1
|
This SFR supports the objective by defining a mechanism used to securely update the VMM.
|
|
FIA_X509_EXT.1 (selection-based)
|
This SFR supports the objective by defining how the TSF validates X.509 certificates that may be presented to it as an attestation of the authenticity and integrity of a software update.
|
|
FIA_X509_EXT.2 (selection-based)
|
This SFR supports the objective by defining how the TSF validates X.509 certificates that may be presented to it as an attestation of the authenticity and integrity of a software update.
|
|
FPT_TUD_EXT.2 (selection-based)
|
This SFR supports the objective by optionally using X.509 certificates as the method of validating software updates.
|
|
O.VM_ENTROPY
|
FCS_ENT_EXT.1
|
This SFR supports the objective by providing a mechanism for Guest VMs to have entropy data available for use.
|
|
FCS_RBG_EXT.1
|
This SFR supports the objective by giving the TOE access to a strong entropy source that can be used by Guest VMs.
|
|
O.AUDIT
|
FAU_GEN.1
|
This SFR supports the objective by ensuring that audit records are generated for security-relevant events.
|
|
|
FAU_STG.1
|
This SFR supports the objective by ensuring that audit data cannot be deleted without authorization or modified by any subject.
|
|
|
FAU_STG_EXT.1
|
This SFR supports the objective by requiring redundant storage of audit data.
|
|
FCS_HTTPS_EXT.1 (selection-based)
|
This SFR supports the objective by defining a specific cryptographic protocol that can be used to secure audit data in transit.
|
|
FCS_IPSEC_EXT.1 (selection-based)
|
This SFR supports the objective by defining a specific cryptographic protocol that can be used to secure audit data in transit.
|
|
FCS_TLSC_EXT.1 (selection-based)
|
This SFR supports the objective by defining a specific cryptographic protocol that can be used to secure audit data in transit.
|
|
FCS_TLSC_EXT.2 (selection-based)
|
This SFR supports the objective by defining a specific cryptographic protocol that can be used to secure audit data in transit.
|
|
FIA_X509_EXT.1 (selection-based)
|
This SFR supports the objective by defining how the TSF validates X.509 certificates that may be presented to it as part of establishing a trusted channel.
|
|
FIA_X509_EXT.2 (selection-based)
|
This SFR supports the objective by defining how the TSF validates X.509 certificates that may be presented to it as part of establishing a trusted channel.
|
|
FTP_ITC_EXT.1
|
This SFR supports the objective by defining the trusted protocols used for remote audit data transfer.
|
|
O.CORRECTLY_APPLIED_
CONFIGURATION
|
FAU_ARP.1 (optional)
|
This SFR supports the objective by requiring the TOE to take some action when a violation of a security policy is detected.
|
|
FAU_SAA.1 (optional)
|
This SFR supports the objective by defining the conditions that indicate a violation of a security policy.
|
|
FDP_PPR_EXT.1
|
This SFR supports the objective by defining the security policy used to govern Guest VM access to physical resources.
|
|
FDP_VNC_EXT.1
|
This SFR supports the objective by defining the security policy used to govern Guest VM access to network resources.
|
|
FMT_MSA_EXT.1
|
This SFR supports the objective by defining the default security policy for data sharing between VMs.
|
|
FPT_HCL_EXT.1
|
This SFR supports the objective by defining the security policy used to govern Guest VM access to Hypercall functions.
|
|
O.RESOURCE_ALLOCATION
|
FDP_RIP_EXT.1
|
This SFR supports the objective by ensuring that physical memory cannot be allocated to multiple Guest VMs.
|
|
FDP_RIP_EXT.2
|
This SFR supports the objective by ensuring that disk storage cannot be allocated to multiple Guest VMs.
|
