Trusted RUBIX 5.0 is an SQL based relational database management system that relies upon the IT Environment for security services that include user identification and authentication, a reliable time source, domain separation, and residual data protection. The IT Environment and its security requirements are not included in this evaluation. Trusted RUBIX 5.0 operates in a standalone or a client/server configuration. Client processes are untrusted application programs that have been linked with Trusted RUBIX 5.0 client software so that they can communicate with the Trusted RUBIX server process. There is one instantiation of the server for each active client. A given client and server pair can run on the same machine or on different machines connected via a network. The server process must reside on the same machine as the data to be accessed.
\r\nAll communications between Trusted RUBIX 5.0 client and server take place on a single level connection. There are two types of clients: Interactive SQL (ISQL) and Call Level Interface (CLI). The first client type, ISQL client, provides a prompt driven, interactive interface where SQL operations may be typed in or read from a script file. The second client type, Call Level Interface (CLI), is a set of C language function calls that may be used to write application programs to operate on the database. Each client is a program that executes with the credentials and privileges of the initiating user. Trusted RUBIX 5.0 server software includes the server process itself and a set of trusted programs. Trusted RUBIX 5.0 interacts with physical data through Trusted Solaris 8 operating system files. The trusted programs are database security management utilities used only by trusted database administrative personnel.
\r\nTrusted RUBIX provides Discretionary Access Control (DAC), which restricts access to the objects based on the identity of the subjects, and/or groups to which they belong. The DAC policy is implemented with an Access Control List (ACL) associated with each protected Trusted RUBIX 5.0 resource.
\r\nTrusted RUBIX 5.0 uses a kernelized approach to implementing its Mandatory Access Control (MAC security policy. Security rules (i.e., simple and * security properties) are encapsulated in a low level kernel and access decisions are performed as simple read and write operations. Trusted RUBIX 5.0 MAC policy for sensitivity is implemented with labels. Each protected resource has associated with it a sensitivity label that consists of a hierarchical level and a set of non-hierarchical categories. These labels are used to determine access to a resource in accordance with the MAC policy. In addition, the Trusted RUBIX 5.0 MAC security policy is fully integrated with the Trusted Solaris 8 MAC security policy.
\r\nIn the well-known database issue of polyinstantiation, duplicate records with differing labels are inserted into a common table. Trusted RUBIX 5.0 has thoroughly considered, constructed, and tested polyinstantiation rules. A multilevel database often has a need for a cover story - where the actual data may be highly classified, but where there must be some value visible to lower level users.
\r\nTrusted RUBIX 5.0 uses the same binary label and security lattice of Trusted Solaris 8. It relies on Trusted Solaris 8 functionality to compare and manipulate labels. Trusted RUBIX 5.0 stores labels as an intrinsic part of the labelled object (row, table, view, catalog, schema, index, database), Using Trusted Solaris 8 means that the label dominance rules, label format (e.g., number of levels, categories, etc), and any label aliases known to the Trusted Solaris 8 are available and utilized within Trusted RUBIX to determine access. This reduces maintenance and training costs and simplifies application development since is only one set of labels to maintain.
\r\nTrusted RUBIX 5.0 provides a security audit (Audit) function that recognizes and records security relevant activities, both legitimate (but accidental) errors by users and unauthorized requests. It also provides audit utilities for authorized administrative personnel to perform auditable event selection and audit trail query and examination. A privileged user can use these utilities to determine which security relevant activities took place and who (which user) was responsible for them.
\r\nTrusted RUBIX 5.0 provides secured import and export operations enabling the user to load data into the database, and extract data from the database into a text file. If desired, a privileged user can import and load multilevel data at specified levels into the database.
\r\nTrusted RUBIX 5.0 provides trusted recovery to a consistent and secure state from transaction failure and/or system failure. It also provides backup and restore facilities to ensure the capability to restore the database as a whole after a primary disk error.","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was performed under the Common Criteria Evaluation and Validation Scheme (CCEVS). The purpose of the evaluation was to demonstrate that the Trusted RUBIX meets the EAL4 security assurance requirements according to the Common Criteria for Information Technology Security Evaluation, Version 2.1 and the Common Methodology for Information Technology Security Evaluation, Version 1.0. Validators, on behalf of CCEVS, monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in September 2004. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP).","environmental_strengths":"Trusted RUBIX Version 5.0 is a commercial relational database management system that provides Mandatory Access Control (MAC) multilevel security (MLS), in addition to Discretionary Access Control (DAC). Trusted RUBIX Version 5.0 provides a high level of security assurance and allows different levels of sensitivity data, (e.g., secret data, top secret/special intelligence data), to be represented by different sensitivity labels within a single database. When used in conjunction with Trusted Solaris 8 HW 7/03 Certified Edition for the x86 platform, which conforms to the CC Controlled Access Protection Profile and the CC Labelled Security Protection Profile, Trusted RUBIX Version 5.0 provides a level of protection that is appropriate for IT environments that require that access be controlled to the database and its contents, and where the TOE is appropriately protected from physical attacks.","features":[]}