The Teradata Database is a relational database management system (RDBMS) that is designed to access, store, and operate on data using Teradata Structured Query Language (Teradata SQL), which is compatible to ANSI SQL with extensions. The database was developed to allow users to view and manage large amounts of data as a collection of related tables. The database executes as a trusted parallel application (TPA) on a symmetric multiprocessing (SMP) or massively parallel processing (MPP) database server.
\r\nThe Teradata Database is a relational database management system (RDBMS) that includes security functionality for parallel database environments supporting multiple concurrent users. The security functionality includes:
\r\nThe Teradata Database functions as a database server in a traditional client/server environment. Access requests are made via the Teradata Tools and Utilities that provide connectivity to the database and submit Teradata SQL statements to the database. For any access to the database through its defined external interfaces, the database ensures that all security enforcement functions are invoked and succeed before any access request is allowed to proceed.
\r\nThe Teradata Database operates as a trusted parallel application executing as a set of cooperating processes on an underlying host operating system. The host operating system is not part of the TOE but rather part of the supporting IT Environment. The IT Environment provides several supporting security mechanisms to prevent compromise of the TOE security functions including:
\r\nThe operating system included in the evaluation is Microsoft Windows Server 2003.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the NCR Teradata Database TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and International Interpretations effective on November 19, 2003. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.3. The product, when delivered preconfigured as identified in the Teradata Database Security Administration, Appendix B, B035-1100-115A, May 2006, satisfies all of the security functional requirements stated in the NCR Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target (Version 2.0). One validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC and the project underwent two Validation Oversight Panel (VOR) panel reviews. The evaluation was completed in January 2007. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-07-0009, dated 15 February 2007) prepared by CCEVS.
","environmental_strengths":"The logical boundaries of Teradata Database can be characterized as the set of security functions available at its interfaces. Each of these security functions is summarized below.
\r\nSecurity Audit: The Teradata Database automatically audits all successful and failed user logon attempts in the event log. An authorized administrative user may search and sort logon/logoff records using SQL statements to query a defined system view. Additionally, an authorized administrative user may control the monitoring of access rights checks performed by Teradata Database and may search and sort access log records using SQL statements to query a defined system view.
\r\nUser Data Protection: The Teradata Database enforces a Discretionary Access Control (DAC) policy for object access based on user identities, object ownership, and active roles. All access to database objects subject to the DAC policy is controlled using access rights. The Teradata Database supports three types of access rights. Implicit rights (ownership rights) are implicitly granted to the immediate owner of a database or database object. Automatic rights are granted automatically by the system to the creator of a database, user, or object, and to a newly created user or database. Explicit rights are granted by any user having the WITH GRANT OPTION privilege for that right. The database ensures that the requestor has the appropriate access rights before access to a database object is allowed.
\r\nUpon initial installation of the Teradata Database, it has only one user. This user is called user DBC and will own all other databases and users in the system. User DBC also has access rights on all objects within the database with the exception of CREATE PROCEDURE and EXECUTE PROCEDURE. Typically, administrative users are created under user DBC and are granted access rights for creating and managing all other users, databases, and objects.
\r\nIdentification and Authentication: The Teradata Database provides user identification and authentication through the use of user accounts and the enforcement of password policies. Users must provide a valid username and password before they can access any database objects or resources. Once identified and authenticated, all subsequent actions allowed within that user’s session are based on the user’s identity, access rights, and active roles.
\r\nTOE Access - The Teradata Database allows authorized administrative users to restrict access to the database based on user identities.
\r\nSecurity management: The Teradata Database provides security management functions that enable authorized administrative users to manage the secure operation of the database. These functions include management of users, user security attributes, access rights, security roles, and the audit facilities.
\r\nResource Utilization - The Teradata Database enforces maximum quotas and limits on various resources to ensure that those resources are protected from monopolization by any individual database user. Specifically, an authorized administrator can configure the database to enforce limits on permanent database space allocation, temporary database space usage, and spool database space usage.
\r\nProtection of the TOE Security Functions: The Teradata Database is designed with well-defined interfaces that ensure that all appropriate security checks are made before access is provided to protected database objects and resources. The Teradata Database operates as a set of cooperating processes which are managed by the underlying operating system. These processes operate as a trusted parallel application (TPA) such that no interference is allowed by processes associated with any non-TOE entities. Furthermore, the Teradata Database is designed such that its interfaces do not allow unauthorized users access to database resources.
\r\n","features":[]}