The Teradata Database is a relational database management system (RDBMS) that is designed to access, store, and operate on data using Teradata Structured Query Language (Teradata SQL), which is compatible to ANSI SQL with extensions. The database was developed to allow users to view and manage large amounts of data as a collection of related tables. The database executes as a trusted parallel application (TPA) on a symmetric multiprocessing (SMP) or massively parallel processing (MPP) database server.
","evaluation_configuration":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Teradata Database TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 R3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.3. The product, when delivered preconfigured as identified in the Teradata Database Security Administration, Appendix B, B035-1100-098A, November 2009, satisfies all of the security functional requirements stated in the Teradata Database 13.0 Security Target (Version 1.4). Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC and the previous project version underwent three Validation Oversight Panel (VOR) reviews. The evaluation of V13.0 was completed in February 2011. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-10385-2009, dated 29 March 2011) prepared by CCEVS.
","environmental_strengths":"The logical boundaries of Teradata Database can be characterized as the set of security functions available at its interfaces. Each of these security functions is summarized below.
\r\nSecurity Audit:
\r\nThe Teradata Database automatically audits all successful and failed user logon attempts in the event log. An authorized administrative user may search and sort logon/logoff records using SQL statements to query a defined system view. Additionally, an authorized administrative user may control the monitoring of access rights checks performed by Teradata Database and may search and sort access log records using SQL statements to query a defined system view.
\r\nUser Data Protection:
\r\nThe Teradata Database enforces a Discretionary Access Control (DAC) policy for object access based on user identities, object ownership, and active roles. All access to database objects subject to the DAC policy is controlled using access rights. The Teradata Database supports three types of access rights. Implicit rights (ownership rights) are implicitly granted to the immediate owner of a database or database object. Automatic rights are granted automatically by the system to the creator of a database, user, or object, and to a newly created user or database. Explicit rights are granted by any user having the WITH GRANT OPTION privilege for that right. The database ensures that the requestor has the appropriate access rights before access to a database object is allowed.
\r\nUpon initial installation of the Teradata Database, it has only one user. This user is called user DBC and will own all other databases and users in the system. User DBC also has access rights on all objects within the database with the exception of CREATE PROCEDURE and EXECUTE PROCEDURE. Typically, administrative users are created under user DBC and are granted access rights for creating and managing all other users, databases, and objects.
\r\nIdentification and Authentication:
\r\nThe Teradata Database provides user identification and authentication through the use of user accounts and the enforcement of password policies. Users must provide a valid username and password before they can access any database objects or resources. Once identified and authenticated, all subsequent actions allowed within that user's session are based on the user’s identity, access rights, and active roles.
\r\nTOE Access:
\r\nThe Teradata Database allows authorized administrative users to restrict access to the database based on user identities.
\r\nSecurity management:
\r\nThe Teradata Database provides security management functions that enable authorized administrative users to manage the secure operation of the database. These functions include management of users, user security attributes, access rights, security roles, and the audit facilities.
\r\nResource Utilization:
\r\nThe Teradata Database enforces maximum quotas and limits on various resources to ensure that those resources are protected from monopolization by any individual database user. Specifically, an authorized administrator can configure the database to enforce limits on permanent database space allocation, temporary database space usage, and spool database space usage.
","features":[]}