Compliant Product - Red Hat Enterprise Linux 8.1
Certificate Date: 2021.01.04CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11107-2021
Product Type: Operating System
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for General Purpose Operating Systems Version 4.2.1
Extended Package for Secure Shell (SSH) Version 1.0
CC Testing Lab: Acumen Security
Red Hat® Enterprise Linux® is the world’s leading enterprise Linux platform. It is an open source operating system (OS) that supports multiple users, user permissions, access controls, and cryptographic functionality.
Red Hat® Enterprise Linux® is the world’s leading enterprise Linux platform. It is an open source operating system (OS) that supports multiple users, user permissions, access controls, and cryptographic functionality. The TOE also supports (sometimes optionally) secure connectivity with several other IT environment devices as described in Table 1 below:
The TOE itself does not have physical boundaries; however, the TOE was evaluated on the following hardware:
Table 2 Evaluated Hardware
The Xeon Silver 4200 series processors are 2nd Generation Intel® Xeon® Scalable Processors and implement the Cascade Lake microarchitecture.
The TOE was tested on a PowerEdge R740 with a Xeon Silver 4216 CPU.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Red Hat Enterprise Linux 8.1 was evaluated is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1. The product, when delivered configured as identified in the Red Hat Enterprise Linux 8.1 CC Guidance, satisfies all of the security functional requirements stated in the Red Hat Enterprise Linux 8.1 Security Target. The project underwent CCEVS Validator review. The evaluation was completed in January 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE provides the security functionality required by [GPOSPP] and [SSHEP].
3.1 Security Audit
The TOE generates and stores audit events using the Lightweight Audit Framework (LAF). The LAF is designed to be an audit system making Linux compliant with the requirements from Common Criteria by intercepting all system calls and retrieving audit log entries from privileged user space applications. The framework allows configuring the events to be recorded from the set of all events that are possible to be audited. Each audit record contains the date and time of event, type of event, subject identity, user identity, and results (success/fail) of the action if applicable.
3.2 Cryptographic Support
The TOE provides a broad range of cryptographic support; providing SSHv2 and TLSv1.2 protocol implementations in addition to individual cryptographic algorithms.
The cryptographic services provided by the TOE are described below:
Table 3 TOE Cryptographic Protocols
The TOE includes three cryptographic libraries/implementations. Each of these cryptographic algorithms have been validated for conformance to the requirements specified in their respective standards, as identified below:
The OpenSSL library provides the TLS Client function. The OpenSSL library also provides the cryptographic algorithms for the SSH Client, SSH Server, trusted update, and secure boot security functions.
3.3 User Data Protection
Discretionary Access Control (DAC) allows the TOE to assign owners to file system objects and Inter-Process Communication (IPC) objects. The owners are allowed to modify Unix-type permission bits for these objects to permit or deny access for other users or groups. The DAC mechanism also ensures that untrusted users cannot tamper with the TOE mechanisms.
The TOE also implements POSIX Access Control Lists (ACLs) that allow the specification of the access to individual file system objects down to the granularity of a single user.
3.4 Identification and Authentication
User identification and authentication in the TOE includes all forms of interactive login (e.g. using the SSH protocol or log in at the local console) as well as identity changes through the su or sudo command. These all rely on explicit authentication information provided interactively by a user.
The authentication security function allows password-based authentication. For SSH access, public-key-based authentication is also supported.
Password quality enforcement mechanisms are offered by the TOE which are enforced at the time when the password is changed.
3.5 Security Management
The security management facilities provided by the TOE are usable by authorized users and/or authorized administrators to modify the configuration of TSF.
3.6 Protection of the TSF
The TOE implements self-protection mechanisms that protect the security mechanisms of the TOE as well as software executed by the TOE. The following self-protection mechanisms are implemented and enforced:
· Address Space Layout Randomization for user space code.
· Stack buffer overflow protection using stack canaries.
· Secure Boot ensuring that the boot chain up to and including the kernel together with the boot image (initramfs) is not tampered with.
· Updates to the operating system are only installed after their signatures have been successfully validated.
· Application Whitelisting restricts execution to known/trusted applications.
3.7 TOE Access
The TOE displays informative banners before users are allowed to establish a session.
3.8 Trusted Path/Channels
The TOE supports TLSv1.2 and SSHv2 to secure remote communications. Both protocols may be used for communications with remote IT entities. Remote administration is only supported using SSHv2.
Red Hat, Inc.
+420 532 294 645