NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Hyper-V for Windows Server 2016, Windows Server 2012 R2, and Windows 10

Certificate Date:  2017.11.20

Validation Report Number:  CCEVS-VR-VID10823-2017

Product Type:    Virtualization

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Server Virtualization Version 1.1

CC Testing Lab:  Leidos Common Criteria Testing Laboratory


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The TOE includes hypervisor and virtualization subsystem, known as “Hyper-V” in the Microsoft Windows Server 2016 operating system, the Microsoft Windows Server 2012 R2 operating system, the Microsoft 10 operating system, supporting operating system services, and those applications necessary to manage, support and configure the operating system and virtualization subsystem.

Hyper-V enables the computer administrator to specify “partitions” that have separate address spaces where they can load an operating system and applications operating in parallel of the (host) operating system that executes in the root partition of the computer. An operating system executing in a partition has access to virtualized peripheral devices that is controlled by Hyper-V. An operating system may either access devices using the same I/O related instructions as on a real system or it may use a specific interface offered by Hyper-V, called the VMBus, to communicate with Hyper-V for access to peripheral devices. In the first case the operating system can only access the devices virtualized by Hyper-V. When using the VMBus interface, an operating system in a guest partition must have “enlightenments” that establish the VMBus communication and then use those “synthetic” devices accessible via VMBus. Note that the “enlightenments” within a guest operating system is part of the TOE, but not part of the TSF.


Evaluated Configuration

The evaluated version of the TOE includes the following:

·         Microsoft Windows Server 2016

·         Microsoft Windows Server 2016 Datacenter edition

·         Microsoft Windows Server 2012 R2

·         Microsoft Windows Server 2012 R2 Datacenter edition

·         Microsoft Windows 10 Enterprise Edition (64-bit version)


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the Protection Profile for Server Virtualization, Version 1.1. The criteria against which the Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, Microsoft Windows 10 Hyper-V were judged are described in the Protection Profile Assurance Activities.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 revision 4. The product, when delivered configured as identified in the guidance document, satisfies all of the security functional requirements stated in the Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, Microsoft Windows 10 Hyper-V Security Target, Version 0.07. The project underwent CCEVS validation team review.  The evaluation was completed in November 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

Security Audit

Windows has the ability to collect audit data, review audit logs, protect audit logs from overflow, and restrict access to audit logs.  Audit information generated by the system includes the date and time of the event, the user identity that caused the event to be generated, and other event specific data.  Authorized administrators can review audit logs and have the ability to search and sort audit records. Authorized administrators can also configure the audit system to include or exclude potentially auditable events to be audited based on a wide range of characteristics. In the context of this evaluation, the protection profile requirements cover generating audit events, selecting which events should be audited, and providing secure storage for audit event entries.

Cryptographic Support

Windows provides validated cryptographic functions that support encryption/decryption, cryptographic signatures, cryptographic hashing, cryptographic key agreement (which is not studied in this evaluation), and random number generation. The TOE additionally provides support for public keys, credential management and certificate validation functions and provides support for the National Security Agency’s Suite B cryptographic algorithms. Windows also provides extensive auditing support of cryptographic operations, the ability to replace cryptographic functions and random number generators with alternative implementations[1], and a key isolation service designed to limit the potential exposure of secret and private keys. In addition to using cryptography for its own security functions, Windows offers access to the cryptographic support functions for user-mode and kernel-mode programs. Public key certificates generated and used by Windows authenticate users and machines as well as protect both user and system data in transit.

  • IPsec: Windows implements IPsec to provide protected, authenticated, confidential, and tamper-proof networking between two peer computers.
  • TLS: Windows implements TLS to provide protected, authenticated, confidential, and tamper-proof networking between two peer computers.

User Data Protection

In the context of this evaluation Windows protects computer virtualization capabilities.

Identification and Authentication

In the context of this evaluation, Windows provides the ability to use, store, and protect X.509 certificates that are used for IPsec and TLS authenticates the administrator to the computer.

Security Management

Windows includes several functions to manage security policies.  Policy management is controlled through a combination of access control, membership in administrator groups, and privileges.

Protection of the TSF

Windows provides a number of features to ensure the protection of TOE security functions.   Windows protects against unauthorized data disclosure and modification by using a suite of Internet standard protocols including IPsec, IKE, and TLS.  Windows ensures process isolation security for all processes through private virtual address spaces, execution context, and security context.  The Windows data structures defining process address space, execution context, memory protection, and security context are stored in protected kernel-mode memory. Windows includes self-testing features that ensure the integrity of executable program images and its cryptographic functions. Finally, Windows provides a trusted update mechanism to update Windows binaries itself.

Session Locking

In the context of this evaluation Windows allows an authorized administrator to configure the system to display a logon banner before the logon dialog.

Trusted Path/Channels

Windows uses the IPsec suite of protocols to provide a Virtual Private Network Connection (VPN) between itself, acting as a VPN client, and a VPN gateway in addition to providing protected communications for HTTPS and TLS.


[1] This option is not included in the Windows Common Criteria evaluation.


Vendor Information

Logo
Microsoft Corporation
Mike Grimm
425 703 5683
425 936 7329
MGrimm@microsoft.com

microsoft.com
Site Map              Contact Us              Home