The evaluated Trusted IRIX system is a system of Silicon Graphics Computer Systems, Inc. (SGI) Origin200 workstations and the Origin 3000 servers connected via an Ethernet. These UNIX-based multi-user, multi-tasking workstations provide high-performance, general-purpose computing in a reduced instruction set computer (RISC) workstation environment. The processor of the Trusted IRIX system workstation and server is the SGI MIPS R12000.
\r\nThe SGI Origin 3000 Series is a family of modular computer server systems. The various internal components of the various SGI Origin 3000 servers and their functions are divided into separate units called "bricks”. These bricks are housed in short or tall rack enclosures.
\r\nThe SGI Origin200 workstation is a multiprocessor system that consists of one or two chassis, which are called modules. The Origin200 GIGA channel uses an additional chassis to provide four extra PCI slots and five XIO slots. Each Origin200 system ships from SGI in either a tower (free-standing) or rack mountable configuration.
\r\nThe Trusted IRIX operating system is a security-enhanced version of the IRIX operating system. In addition to the IRIX identity-based discretionary access control (DAC) on system resources, Trusted IRIX controls access to system resources based on the sensitivity and integrity labels of each resource.
\r\nTrusted IRIX supports a set of access control policies; an identification and authentication capability to mediate and validate requests for entry into the system; an audit trail capability; and networking capability.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that SGI Trusted IRIX/CMW version 6.5.13, with Patches 4354, 4451, 4452, 4373, and 4473 meets the security requirements contained in the Security Target. The criteria against which the SGI Trusted IRIX/CMW Version 6.5.13 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and National and International Interpretations effective on November 21, 2000. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 3 augmented with ADV_SPM.1. The product, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Four validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2002. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-02-0020, dated 10 May 2002) prepared by CCEVS.
","environmental_strengths":"Trusted IRIX is a security-enhanced version of IRIX. The major enhancement made to the base IRIX operating system (OS) is the addition of a label-based MAC policy based on the Bell and LaPadula model and the Biba model.
\r\nTrusted IRIX's MAC policy for sensitivity and integrity is implemented with labels. Each protected resource has associated with it a label that has two components: a sensitivity and an integrity component. These labels are used to determine access to a resource in accordance with the system's MAC policy. This policy defines a dominance relationship between the labels.
\r\nThe Trusted IRIX kernel is responsible for providing memory management, process management, a consistent interface to system hardware, and mediating access to protected resources. It also provides a hierarchical view of files on mass storage devices, and network protocols for communication between machines.
\r\nTrusted IRIX supports multiple file system types in a manner transparent to the user. They include the IRIX eXtended File System (XFS) high-performance file system; the Network File System (NFS) for files stored on remote disks that are exported read-only; and the Debug File System (DBG), a pseudo-file system in which a running process is represented as a file. All the Trusted IRIX file systems are organized into a traditional UNIX-like hierarchy with files as nodes. Non-leaf files are directories, special files that contain references to other files. All files can be identified by their place in the hierarchy, i.e., their pathname. Associated with every file is a set of attributes. These attributes include the file owner, a set of users that are assigned access rights to the file as a group, and information that specifies the access rights of the owner, group, and all other system users. Each of these is a Trusted IRIX protected resource.
\r\nThe Trusted IRIX kernel provides a variety of other mechanisms for interprocess communication. These include traditional UNIX mechanisms such as the pipe; System V mechanisms such as shared memory, semaphore sets, and message queues; and BSD TCP/IP sockets. Trusted IRIX protects the interprocess communications just listed.
\r\nTrusted IRIX supports a least privilege mechanism through the implementation of POSIX P1003.1eD17 capabilities. The SuperUser privileges have been broken out into a set of distinct capabilities, which can be granted and relinquished through a set of inheritance rules.
\r\nThe Trusted IRIX system is a distributed system and supports a range of network protocols and services. The evaluated configuration supports the TCP/IP and RPC protocols, and the ftp, rlogin, rsh, and telnet services.
\r\nAll workstations in the Trusted IRIX system hold an identification and authentication (I&A) database. A user information file, not visible to ordinary users, contains authentication and DAC related data. Other I&A related information is placed in files that are linked to the standard UNIX passwd file and group file; users are given read-only access to these files. Passwords are used to authenticate users of the Trusted IRIX system.
\r\nAudit records of security relevant events are generated on each workstation of the Trusted IRIX system. These records contain the initial login identifier of the user who initiated the audited event. Trusted IRIX commands allow the system administrator to selectively audit events. SGI provides tools to reduce the audit logs for analysis.
\r\nTrusted IRIX supports the UNIX setuid and setgid mechanisms that allow a process to run with the UID or GID of the owner or owning group of the invoked file. Some Trusted IRIX special user identifiers own Trusted IRIX programs and Trusted IRIX uses the setuid mechanism so that processes invoking these programs assume the special identity via the setuid mechanism.
","features":[]}