The target of evaluation (TOE) is the operating system Cray UNICOS/lc 2.1. The TOE is a general purpose; multi-user, multi-tasking Linux based operating system, which provides a platform for a variety of applications. The evaluation covers the Cray XT4 and XT5 (excluding the XT5h blade) computer systems.
\r\n\r\n
The TOE Security Functions (TSF) consists of operating system functions that run in kernel mode plus some trusted processes. These are the functions that enforce the security policy as defined in the Security Target. The basic tools required for the secure configuration and management of the TOE are included as part of the TSF in this evaluation.
","evaluation_configuration":null,"security_evaluation_summary":"The Cray UNICOS/lc 2.1 operating system was evaluated against the Common Criteria for Information Technology Security Evaluation, Version 2.3, by the atsec information security corporation Common Criteria Testing Laboratory (CCTL). The evaluation methodology used was the Common Methodology for Information Technology Security Evaluation, Version 2.3. The CCTL concluded that the TOE was Common Criteria Part 2 extended and Part 3 conformant, with a claimed Evaluation Assurance Level of EAL3 augmented by ALC_FLR.1. The extensions to part 2 of the Common Criteria are those introduced by the Controlled Access Protection Profile [CAPP]. The validation was conducted by NIAPs Common Criteria Evaluation and Validation Scheme (CCEVS). The evaluation was completed on 18 November, 2008.
","environmental_strengths":"Cray UNICOS/lc provides the security functionality to meet the Controlled Access Protection Profile requirements. The following are the security features available:
\r\n\r\n
Identification and Authentication: The TOE provides identification and authentication using pluggable authentication modules (PAM) based upon user passwords. The quality of the passwords used can be enforced through configuration options controlled by the TOE. Other authentication methods (e. g. Kerberos authentication, token based authentication) that are supported by the TOE as pluggable authentication modules are not part of the evaluated configuration. Functions ensure a basic password strength and limit the use of the su command and restrict root login to specific terminals are also included.
\r\n\r\n
Audit: The TOE provides the capability to audit a large number of events including individual system calls as well as events generated by trusted processes. Audit data is collected in regular files in ASCII format. The TOE provides a program for the purpose of searching the audit records. The system administrator can define a rule base to restrict auditing to the events he is interested in. This includes the ability to restrict auditing to specific events, specific users, specific objects or a combination of all of this.
\r\n\r\n
Discretionary Access Control: Discretionary Access Control (DAC) restricts access to file system objects based on Access Control Lists (ACLs) that include the standard UNIX permissions for user, group and others. Access control mechanisms also protect IPC objects from unauthorized access. The TOE includes the ext3 file system, which supports POSIX ACLs. In addition, the TOE supports the Lustre file system providing standard UNIX permissions, as well as NFSv3.
\r\n\r\n
Object Reuse: File system objects as well as memory and IPC objects will be cleared before they can be reused by a process belonging to a different user.
\r\n\r\n
Security Management: The management of the security critical parameters of the TOE is performed by administrative users. A set of commands that require root privileges, are used for system management. Security parameters are stored in specific files that are protected by the access control mechanisms of the TOE against unauthorized access by users that are not administrative users.
\r\n\r\n
Secure Communication: The TOE supports the definition of trusted channels using either the SSH v2 or the SSL v3 protocol. In the case of SSH the TOE includes the SSH server and client functions. Password based authentication is supported. To use the SSL v3 protocol the TOE provides the Stunnel client and server functions. Only a restricted number of cipher suites are supported for those protocols in the evaluated configuration. They are listed in the Security Target.
TSF Protection: While in operation, the kernel software and data are protected by the hardware memory protection mechanisms. The memory and process management components of the kernel ensure a user process cannot access kernel storage or storage belonging to other processes. Non-kernel TSF software and data are protected by DAC/MAC/RBAC and process isolation mechanisms. In the evaluated configuration, the reserved user ID root owns the directories and files that define the TSF configuration. In general, files and directories containing internal TSF data (e.g., configuration files, batch job queues) are also protected from reading by DACpermissions. The TOE and the hardware and firmware components are required to be physically protected from unauthorized access. The system kernel mediates all access to the hardware mechanisms themselves, other than program visible CPU instruction functions.
\r\n\r\n
The cryptography used in this product was asserted as tested by the vendor.
","features":[]}