Upload
omar-ayoub
View
224
Download
4
Embed Size (px)
DESCRIPTION
Protection Profile for Application Software
Citation preview
ProtectionProfileforApplicationSoftware
Version:1.120141105
NationalInformationAssurancePartnership
RevisionHistory
Version Date Comment
v1.1 20141105 AdditiontoTLSciphersuiteselections
v1.0 20141020 Initialrelease
Contents
1.Introduction1.1.Overview1.2.Terms1.2.1.CommonCriteriaTerms1.2.2.TechnologyTerms1.3.CompliantTargetsofEvaluation1.3.1.TOEBoundary1.4.UseCases2.ConformanceClaims3.SecurityProblemDefinition3.1.Threats3.2.Assumptions3.3.OrganizationalSecurityPolicies4.SecurityObjectives4.1.SecurityObjectivesfortheTOE4.2.SecurityObjectivesfortheOperationalEnvironment4.3.SecurityObjectivesRationale5.SecurityRequirements5.1.SecurityFunctionalRequirements5.1.1.CryptographicSupport(FCS)5.1.2.UserDataProtection(FDP)5.1.3.IdentificationandAuthentication(FIA)5.1.4.SecurityManagement(FMT)5.1.5.ProtectionoftheTSF(FPT)5.1.6.TrustedPath/Channel(FTP)5.2.SecurityAssuranceRequirements5.2.1.ClassASE:SecurityTarget5.2.2.ClassADV:Development5.2.3.ClassAGD:GuidanceDocumentation5.2.4.ClassALC:LifecycleSupport5.2.5.ClassATE:Tests5.2.6.ClassAVA:VulnerabilityAssessmentAppendixA:OptionalRequirementsAppendixB:SelectionBasedRequirementsAppendixC:ObjectiveRequirementsAppendixD:EntropyDocumentationandAssessmentAppendixE:ReferencesAppendixF:Acronyms
1.Introduction
1.1Overview
ThescopeofthisProtectionProfile(PP)istodescribethesecurityfunctionalityofapplicationsoftwareintermsof[CC]andtodefinefunctionalandassurancerequirementsforsuchsoftware.Inrecentyears,softwareattackshaveshiftedfromtargetingoperatingsystemstotargetingapplications.Thishasbeenthenaturalresponsetoimprovementsinoperatingsystemsecurityanddevelopmentprocesses.Asaresult,itisparamountthatthesecurityofapplicationsbeimprovedtoreducetheriskofcompromise.
1.2Terms
ThefollowingsectionsprovidebothCommonCriteriaandtechnologytermsusedinthisProtectionProfile.
1.2.1CommonCriteriaTerms
CommonCriteria(CC) CommonCriteriaforInformationTechnologySecurityEvaluation.
CommonEvaluationMethodology(CEM)
CommonEvaluationMethodologyforInformationTechnologySecurityEvaluation.
ProtectionProfile(PP) Animplementationindependentsetofsecurityrequirementsforacategoryofproducts.
SecurityTarget(ST) Asetofimplementationdependentsecurityrequirementsforaspecificproduct.
TargetofEvaluation(TOE) Theproductunderevaluation.Inthiscase,applicationsoftwareanditssupportingdocumentation.
TOESecurityFunctionality(TSF)
Thesecurityfunctionalityoftheproductunderevaluation.
TOESummarySpecification(TSS)
AdescriptionofhowaTOEsatisfiestheSFRsinaST.
SecurityFunctionalRequirement(SFR)
ArequirementforsecurityenforcementbytheTOE.
SecurityAssuranceRequirement(SAR)
ArequirementtoassurethesecurityoftheTOE.
1.2.2TechnologyTerms
AddressSpaceLayoutRandomization(ASLR)
Anantiexploitationfeaturewhichloadsmemorymappingsintounpredictablelocations.ASLRmakesitmoredifficultforanattackertoredirectcontroltocodethattheyhaveintroducedintotheaddressspaceofanapplicationprocess.
Application(app)
Softwarethatrunsonaplatformandperformstasksonbehalfoftheuserorowneroftheplatform,aswellasitssupportingdocumentation.ThetermsTOEandapplicationareinterchangeableinthisdocument.
ApplicationProgrammingInterface(API)
Aspecificationofroutines,datastructures,objectclasses,andvariablesthatallowsanapplicationtomakeuseofservicesprovidedbyanothersoftwarecomponent,suchasalibrary.APIsareoftenprovidedforasetoflibrariesincludedwiththeplatform.
Credential Datathatestablishestheidentityofauser,e.g.acryptographickeyorpassword.
DataExecutionPrevention(DEP)
Anantiexploitationfeatureofmodernoperatingsystemsexecutingonmoderncomputerhardware,whichenforcesanonexecutepermissiononpagesofmemory.DEPpreventspagesofmemoryfromcontainingbothdataandinstructions,whichmakesitmoredifficultforanattackertointroduceandexecutecode.
Developer Anentitythatwritesapplicationsoftware.Forthepurposesofthisdocument,vendorsanddevelopersarethesame.
MobileCode Softwaretransmittedfromaremotesystemforexecutionwithinalimitedexecutionenvironmentonthelocalsystem.Typically,thereisnopersistentinstallationandexecutionbeginswithouttheuser'sconsentorevennotification.ExamplesofmobilecodetechnologiesincludeJavaScript,Javaapplets,AdobeFlash,andMicrosoftSilverlight.
OperatingSystem(OS)
Softwarethatmanageshardwareresourcesandprovidesservicesforapplications.
PersonallyIdentifiableInformation(PII)
Anyinformationaboutanindividualmaintainedbyanagency,including,butnotlimitedto,education,financialtransactions,medicalhistory,andcriminaloremploymenthistoryandinformationwhichcanbeusedtodistinguishortraceanindividual'sidentity,suchastheirname,socialsecuritynumber,dateandplaceofbirth,mothersmaidenname,biometricrecords,etc.,includinganyotherpersonalinformationwhichislinkedorlinkabletoanindividual.[OMB]
Platform Theenvironmentinwhichapplicationsoftwareruns.Theplatformcanbeanoperatingsystem,anexecutionenvironmentwhichrunsatopanoperatingsystem,orsomecombinationofthese.
SensitiveData Sensitivedatamayincludealluserorenterprisedataormaybespecificapplicationdatasuchasemails,messaging,documents,calendaritems,andcontacts.SensitivedatamustminimallyincludePII,credentials,andkeys.SensitivedatashallbeidentifiedintheapplicationsTSSbytheSTauthor.
StackCookie Anantiexploitationfeaturethatplacesavalueonthestackatthestartofafunctioncall,andchecksthatthevalueisthesameattheendofthefunctioncall.ThisisalsoreferredtoasStackGuard,orStackCanaries.
Vendor Anentitythatsellsapplicationsoftware.Forpurposesofthisdocument,vendorsanddevelopersarethesame.Vendorsareresponsibleformaintainingandupdatingapplicationsoftware.
1.3CompliantTargetsofEvaluation
Therequirementsinthisdocumentapplytoapplicationsoftwarewhichrunsonmobiledevices("apps"),aswellasondesktopandserverplatforms.SomeapplicationtypesarecoveredbymorespecificPPs,whichmaybeexpressedasExtendedPackagesofthisPP.SuchapplicationsaresubjecttotherequirementsofboththisPPandtheExtendedPackagethataddressestheirspecialfunctionality.PPsforsomeparticularlyspecializedapplicationsmaynotbeexpressedasEPsatthistime,thoughtherequirementsinthisdocumentshouldbeseenasobjectivesforthosehighlyspecializedapplications.
Althoughtherequirementsinthisdocumentapplytoawiderangeofapplicationsoftware,consultguidancefromtherelevantnationalschemestodeterminewhenformalCommonCriteriaevaluationisexpectedforaparticulartypeofapplication.Thismayvarydependinguponthenatureofthesecurityfunctionalityoftheapplication.
1.3.1TOEBoundaryAnapplicationisdefinedassoftwarethatrunsonaplatformandperformstasksonbehalfoftheuserorownerofthesystem.Theapplicationconsistsofthesoftwareprovidedbyitsvendorandwhichisinstalledontothefilesystemprovidedbytheoperatingsystem.Itexecutesontheplatform,whichmaybeanoperatingsystem(Figure1),anexecutionenvironment,orsomecombinationofthese(Figure2).Someassuranceactivitiesarespecifictotheparticularplatformonwhichtheapplicationruns,inordertoprovideprecisionandrepeatability.Testactivitiesareactivelysoughtfromplatformvendorssothatcoverageacrossplatformsisascompleteandaccurateaspossible.Thiswillalsoenablecertificationofapplicationsonthoseplatforms.
Applicationsincludesadiverserangeofsoftwaresuchasofficesuites,thinclients,PDFreaders,anddownloadablesmartphoneapps.TheTOEincludesanysoftwareintheapplicationinstallationpackage,eventhosepiecesthatmayextendthefunctionalityoftheunderlyingplatform,suchaskerneldrivers.Manyplatformscomebundledwithapplicationssuchaswebbrowsers,emailclientsandmediaplayersandthesetooshouldbeconsideredsubjecttotherequirementsdefinedinthisdocumentalthoughtheexpectationofformalCommonCriteriaevaluationdependsuponthenationalscheme.BIOSandotherfirmware,theoperatingsystemkernel,andothersystemssoftware(anddrivers)providedaspartoftheplatformareoutsidethescopeofthisdocument.
Figure1:TOEasanApplicationandKernelModuleRunningonanOperatingSystem
Figure2:TOEasanApplicationRunninginanExecutionEnvironmentPlusNativeCode
1.4UseCases
RequirementsinthisProtectionProfilearedesignedtoaddressthesecurityprobleminthefollowingusecases.Theseusecasesareintentionallyverybroad,asmanyspecificusecasesexistforapplicationsoftware.Manyapplicationsmaybeusedincombinationsofthesebroadusecases,andevaluationagainstExtendedPackagesofthisPP,whenavailable,maybemostappropriateforsomeapplicationtypes.
[USECASE1]ContentCreationTheapplicationallowsausertocreatecontent,savingittoeitherlocalorremotestorage.Examplecontentincludestextdocuments,presentations,andimages.
[USECASE2]ContentConsumptionTheapplicationallowsausertoconsumecontent,retrievingitfromeitherlocalorremotestorage.Examplecontentincludeswebpagesandvideo.
[USECASE3]CommunicationTheapplicationallowsforcommunicationinteractivelyornoninteractivelywithotherusersorapplicationsoveracommunicationschannel.Examplecommunicationsincludeinstantmessages,email,andvoice.
2.ConformanceClaimsConformanceStatement
TobeconformanttothisPP,aSTmustdemonstrateExactConformance,asubsetofStrictConformanceasdefinedin[CC]Part1(ASE_CCL).TheSTmustincludeallcomponentsinthisPPthatare:
unconditional(whicharealwaysrequired)selectionbased(whicharerequiredwhencertainselectionsarechosenintheunconditionalrequirements)
andmayincludecomponentsthatareoptionalorobjective.
Unconditionalrequirementsarefoundinthemainbodyofthedocument,whileappendicescontaintheselectionbased,optional,andobjectiverequirements.TheSTmayiterateanyofthesecomponents,butitmustnotincludeanyadditionalcomponent(e.g.fromCCPart2or3oraPPnotconformantwiththisone,orextendedbytheST)notdefinedinthisPPoraPPconformanttothisone.SeeSection1.3regardingmorespecificPPsthatmayextendthisone.
CCConformanceClaimsThisPPisconformanttoParts2(extended)and3(extended)ofCommonCriteriaVersion3.1,Revision4.[CC].
PPClaimThisPPdoesnotclaimconformancetoanyotherProtectionProfile.
PackageClaimThisPPdoesnotclaimconformancetoanypackages.
3.SecurityProblemDefinition
ThesecurityproblemisdescribedintermsofthethreatsthattheTOEisexpectedtoaddress,assumptionsabouttheoperationalenvironment,andanyorganizationalsecuritypoliciesthattheTOEisexpectedtoenforce.
3.1Threats
T.NETWORK_ATTACKAnattackerispositionedonacommunicationschannelorelsewhereonthenetworkinfrastructure.Attackersmayengageincommunicationswiththeapplicationsoftwareoraltercommunicationsbetweentheapplicationsoftwareandotherendpointsinordertocompromiseit.
T.NETWORK_EAVESDROPAnattackerispositionedonacommunicationschannelorelsewhereonthenetworkinfrastructure.Attackersmaymonitorandgainaccesstodataexchangedbetweentheapplicationandotherendpoints.
T.LOCAL_ATTACKAnattackercanactthroughunprivilegedsoftwareonthesamecomputingplatformonwhichtheapplicationexecutes.Attackersmayprovidemaliciouslyformattedinputtotheapplicationintheformoffilesorotherlocalcommunications.
T.PHYSICAL_ACCESSAnattackermaytrytoaccesssensitivedataatrest.
3.2Assumptions
A.PLATFORMTheTOEreliesuponatrustworthycomputingplatformforitsexecution.ThisincludestheunderlyingplatformandwhateverruntimeenvironmentitprovidestotheTOE.
A.PROPER_USERTheuseroftheapplicationsoftwareisnotwillfullynegligentorhostile,andusesthesoftwareincompliancewiththeappliedenterprisesecuritypolicy.
A.PROPER_ADMINTheadministratoroftheapplicationsoftwareisnotcareless,willfullynegligentorhostile,andadministersthesoftwarewithincomplianceoftheappliedenterprisesecuritypolicy.
3.3OrganizationalSecurityPolicies
TherearenoOSPsfortheapplication.
4.SecurityObjectives
4.1SecurityObjectivesfortheTOE
O.INTEGRITYConformantTOEsensuretheintegrityoftheirinstallationandupdatepackages,andalsoleverageexecutionenvironmentbasedmitigations.Softwareisseldomifevershippedwithouterrors,andtheabilitytodeploypatchesandupdatestofieldedsoftwarewithintegrityiscriticaltoenterprisenetwork
security.Processormanufacturers,compilerdevelopers,executionenvironmentvendors,andoperatingsystemvendorshavedevelopedexecutionenvironmentbasedmitigationsthatincreasethecosttoattackersbyaddingcomplexitytothetaskofcompromisingsystems.ApplicationsoftwarecanoftentakeadvantageofthesemechanismsbyusingAPIsprovidedbytheruntimeenvironmentorbyenablingthemechanismthroughcompilerorlinkeroptions.Addressedby:FDP_DEC_EXT.1,FMT_CFG_EXT.1,FPT_AEX_EXT.1,FPT_TUD_EXT.1
O.QUALITYToensurequalityofimplementation,conformantTOEsleverageservicesandAPIsprovidedbytheruntimeenvironmentratherthanimplementingtheirownversionsoftheseservicesandAPIs.Thisisespeciallyimportantforcryptographicservicesandothercomplexoperationssuchasfileandmediaparsing.LeveragingthisplatformbehaviorreliesuponusingonlydocumentedandsupportedAPIs.Addressedby:FMT_MEC_EXT.1,FPT_API_EXT.1,FPT_LIB_EXT.1
O.MANAGEMENTTofacilitatemanagementbyusersandtheenterprise,conformantTOEsprovideconsistentandsupportedinterfacesfortheirsecurityrelevantconfigurationandmaintenance.Thisincludesthedeploymentofapplicationsandapplicationupdatesthroughtheuseofplatformsupporteddeploymentmechanismsandformats,aswellasprovidingmechanismsforconfiguration.Addressedby:FMT_SMF.1,FPT_IDV_EXT.1,FPT_TUD_EXT.1.5
O.PROTECTED_STORAGEToaddresstheissueoflossofconfidentialityofuserdataintheeventoflossofphysicalcontrolofthestoragemedium,conformantTOEswillusedataatrestprotection.ThisinvolvesencryptingdataandkeysstoredbytheTOEinordertopreventunauthorizedaccesstothisdata.Addressedby:FDP_DAR_EXT.1,FCS_STO_EXT.1,FCS_RBG_EXT.1
O.PROTECTED_COMMSToaddressbothpassive(eavesdropping)andactive(packetmodification)networkattackthreats,conformantTOEswilluseatrustedchannelforsensitivedata.Sensitivedataincludescryptographickeys,passwords,andanyotherdataspecifictotheapplicationthatshouldnotbeexposedoutsideoftheapplication.Addressedby:FTP_DIT_EXT.1,FCS_TLSC_EXT.1,FCS_DTLS_EXT.1,FCS_RBG_EXT.1
4.2SecurityObjectivesfortheOperationalEnvironment
ThefollowingsecurityobjectivesfortheoperationalenvironmentassisttheTOEincorrectlyprovidingitssecurityfunctionality.Thesetrackwiththeassumptionsabouttheenvironment.
OE.PLATFORMTheTOEreliesuponatrustworthycomputingplatformforitsexecution.ThisincludestheunderlyingoperatingsystemandanydiscreteexecutionenvironmentprovidedtotheTOE.
OE.PROPER_USERTheuseroftheapplicationsoftwareisnotwillfullynegligentorhostile,andusesthesoftwarewithincomplianceoftheappliedenterprisesecuritypolicy.
OE.PROPER_ADMINTheadministratoroftheapplicationsoftwareisnotcareless,willfullynegligentorhostile,andadministersthesoftwarewithincomplianceoftheappliedenterprisesecuritypolicy.
4.3SecurityObjectivesRationale
Thissectiondescribeshowtheassumptions,threats,andorganizationalsecuritypoliciesmaptothesecurityobjectives.
Threat,Assumption,orOSP SecurityObjectives Rationale
T.NETWORK_ATTACK O.PROTECTED_COMMS,O.INTEGRITY,O.MANAGEMENT
ThethreatT.NETWORK_ATTACKiscounteredbyO.PROTECTED_COMMSasthisprovidesforintegrityoftransmitteddata.ThethreatT.NETWORK_ATTACKiscounteredbyO.INTEGRITYasthisprovidesforintegrityofsoftwarethatisinstalledontothesystemfromthenetwork.ThethreatT.NETWORK_ATTACKiscounteredbyO.MANAGEMENTasthisprovidesfortheabilitytoconfiguretheapplicationtodefendagainstnetworkattack.
T.NETWORK_EAVESDROP O.PROTECTED_COMMS,O.QUALITY,O.MANAGEMENT
ThethreatT.NETWORK_EAVESDROPiscounteredbyO.PROTECTED_COMMSasthisprovidesforconfidentialityoftransmitteddata.TheobjectiveO.QUALITYensuresuseofmechanismsthatprovideprotectionagainstnetworkbasedattack.ThethreatT.NETWORK_EAVESDROPiscounteredbyO.MANAGEMENTasthisprovidesfortheabilitytoconfiguretheapplicationtoprotecttheconfidentialityofitstransmitteddata.
T.LOCAL_ATTACK O.QUALITY TheobjectiveO.QUALITYprotectsagainsttheuseofmechanismsthatweakentheTOEwithregardtoattackbyothersoftwareontheplatform.
T.PHYSICAL_ACCESS O.PROTECTED_STORAGE TheobjectiveO.PROTECTED_STORAGEprotectsagainstunauthorizedattemptstoaccessphysicalstorageusedbytheTOE.
A.PLATFORM OE.PLATFORM TheoperationalenvironmentobjectiveOE.PLATFORMisrealizedthroughA.PLATFORM.
A.PROPER_USER OE.PROPER_USER TheoperationalenvironmentobjectiveOE.PROPER_USERisrealizedthroughA.PROPER_USER.
A.PROPER_ADMIN OE.PROPER_ADMIN TheoperationalenvironmentobjectiveOE.PROPER_ADMINisrealizedthroughA.PROPER_ADMIN.
5.SecurityRequirementsThischapterdescribesthesecurityrequirementswhichhavetobefulfilledbytheTOE.ThoserequirementscomprisefunctionalcomponentsfromPart2andassurancecomponentsfromPart3of[CC].Thefollowingnotationsareused:
Refinementoperation(denotedbyboldtext):isusedtoadddetailstoarequirement,andthusfurtherrestrictsarequirement.Selection(denotedbyitalicizedtext):isusedtoselectoneormoreoptionsprovidedbythe[CC]instatingarequirement.Assignmentoperation(denotedbyitalicizedtext):isusedtoassignaspecificvaluetoanunspecifiedparameter,suchasthelengthofapassword.Showingthevalueinsquarebracketsindicatesassignment.Iterationoperation:areidentifiedwithanumberinsideparentheses(e.g."(1)")
5.1SecurityFunctionalRequirements
TheSecurityFunctionalRequirementsincludedinthissectionarederivedfromPart2oftheCommonCriteriaforInformationTechnologySecurityEvaluation,Version3.1,Revision4,withadditionalextendedfunctionalcomponents.
5.1.1CryptographicSupport(FCS)
FCS_RBG_EXT.1RandomBitGenerationServices
FCS_RBG_EXT.1.1Theapplicationshall[selection:
usenoDRBGfunctionality,invokeplatformprovidedDRBGfunctionality,implementDRBGfunctionality
]foritscryptographicoperations.
ApplicationNote:IfimplementDRBGfunctionalityischosen,thenadditionalFCS_RBG_EXT.2elementsshallbeincludedintheST.Inthisrequirement,cryptographicoperationsincludeallcryptographickeygeneration/derivation/agreement,IVs(forcertainmodes),aswellasprotocolspecificrandomvalues.
AssuranceActivity
IfusenoDRBGfunctionalityisselected,theevaluatorshallinspecttheapplicationanditsdeveloperdocumentationandverifythattheapplicationneedsnorandombitgenerationservices.
IfimplementDRBGfunctionalityisselected,theevaluatorshallensurethatadditionalFCS_RBG_EXT.2elementsareincludedintheST.
IfinvokeplatformprovidedDRBGfunctionalityisselected,theevaluationactivitieswillbeperformedasstatedinthefollowingrequirements.TheevaluatorshallverifythattheTSSidentifiesthecallsusedinacquiringrandomfromeachinstantiationoftheRBGusedfortheapplication'scryptographicfunctionality.Theevaluatorshallensurethatrandombitsareacquiredproperlyfromthe
platform.Thisvariesonaperplatformbasis:
ForBlackBerry:TheevaluatorshallverifythattheapplicationinvokesSecurityBuilderCryptoGSE.
ForAndroid:Theevaluatorshallverifythattheapplicationusesatleastoneofjavax.crypto.KeyGeneratorclassorthejava.security.SecureRandomclassor/dev/random or/dev/urandom.
ForWindows:TheevaluatorshallverifythatBCryptGenRandomorCryptGenRandomAPIisusedforclassicdesktopapplications.TheevaluatorshallverifythattheSystem.RandomAPIisusedforWindowsStoreApplications.Infutureversionsofthisdocument,CryptGenRandommayberemovedasanoptionasitisnolongerthepreferredAPIpervendordocumentation.
ForiOS:TheevaluatorshallverifythattheapplicationinvokesSecRandomCopyBytesoruses/dev/randomdirectlytoacquirerandom.
ForLinux:Theevaluatorshallverifythattheapplicationcollectsrandomfrom/dev/randomor/dev/urandom.
ForSolaris:Theevaluatorshallverifythattheapplicationcollectsrandomfrom/dev/random.
ForMacOSX:Theevaluatorshallverifythattheapplicationuses/dev/randomtoacquirerandom.Ifinvocationofplatformprovidedfunctionalityisachievedinanotherway,theevaluatorshallensuretheTSSdescribeshowthisiscarriedout,andhowitisequivalenttothemethodslistedhere(e.g.higherlevelAPIinvokesidenticallowlevelAPI).
FCS_STO_EXT.1StorageofSecrets
FCS_STO_EXT.1.1Theapplicationshall[selection:
notstoreanycredentials,invokethefunctionalityprovidedbytheplatformtosecurelystore[assignment:listofcredentials],implementfunctionalitytosecurelystore[assignment:listofcredentials]
]tononvolatilememory.
ApplicationNote:Thisrequirementensuresthatpersistentcredentials(secretkeys,PKIprivatekeys,orpasswords)arestoredsecurelywhennotinuse.
Ifimplementfunctionalitytosecurelystorecredentialsisselected,thenthefollowingrequirementsmustbeincludedintheST:FCS_COP.1(1).Ifothercryptographicoperationsareusedtoimplementthesecurestorageofcredentials,thecorrespondingrequirementsmustbeincludedintheST.
AssuranceActivity
TheevaluatorshallchecktheTSStoensurethatitlistsallpersistent
credentials(secretkeys,PKIprivatekeys,orpasswords)neededtomeettherequirementsintheST.Foreachoftheseitems,theevaluatorshallconfirmthattheTSSlistsforwhatpurposeitisused,andhowitisstored.
Forallcredentialsforwhichtheapplicationinvokesplatformprovidedfunctionality,theevaluatorshallperformthefollowingactionswhichvaryperplatform.
ForBlackBerry:TheevaluatorshallverifythattheapplicationusestheBlackBerryKeyStoreandSecurityBuilderAPIstostorecredentials.
ForAndroid:TheevaluatorshallverifythattheapplicationusestheAndroidKeyStoretostorecertificates.
ForWindows:TheevaluatorshallverifythatallcertificatesarestoredintheWindowsCertificateStore.Theevaluatorshallverifythatothersecrets,likepasswords,arestoredintheWindowsCredentialManagerorstoredusingtheDataProtectionAPI(DPAPI).ForWindowsStoreApps,theevaluatorshallverifythattheapplicationisusingtheProtectDataclassandstoringcredentialsinIsolatedStorage.
ForiOS:TheevaluatorshallverifythatallcredentialsarestoredwithinaKeychain.
ForLinux:TheevaluatorshallverifythatallkeysarestoredusingLinuxkeyrings.
ForSolaris:TheevaluatorshallverifythatallkeysarestoredusingSolarisKey Management Framework (KMF).
ForMacOSX:TheevaluatorshallverifythatallcredentialsarestoredwithinKeychain.
5.1.2UserDataProtection(FDP)
FDP_DEC_EXT.1AccesstoPlatformResources
FDP_DEC_EXT.1.1Theapplicationshallprovideuserawarenessofitsintenttoaccess[selection:
nohardwareresources,networkconnectivity,camera,microphone,locationservices,NFC,USB,Bluetooth,[assignment:listofadditionalhardwareresources]
].
ApplicationNote:Theevaluatorshouldensurethattheselectioncapturesallplatformhardwareresourceswhichtheapplicationintendstoaccess.The
requirementiswordedinthiswayduetothediversityofmethodsbywhichuserawarenesscanbeachieved,whichvariesperplatform.Selectionsshouldbeexpressedinamannerconsistentwithhowtheapplicationexpressesitsaccessneedstotheunderlyingplatform.Forexample,theplatformmayprovidelocationserviceswhichimpliesthepotentialuseofavarietyofhardwareresources(e.g.satellitereceivers,WiFi,cellularradio)yetlocationservicesistheproperselection.Thisisbecauseuseoftheseresourcescanbeinferred,butalsobecausetheactualusagemayvarybasedontheparticularplatform.Resourcesthatdonotneedtobeexplicitlyidentifiedarethosewhichareordinarilyusedbyanyapplicationsuchascentralprocessingunits,mainmemory,displays,inputdevices(e.g.keyboards,mice),andpersistentstoragedevicesprovidedbytheplatform.
AssuranceActivity
Theevaluatorshallinstallandruntheapplicationandinspectitsuserdocumentationtoverifythattheuserisinformedofanyneedtoaccesshardwareresources.Themethodofdoingsovariesperplatform.
ForBlackBerry:Theevaluatorshallinstalltheapplicationandrunitforthefirsttime.Theevaluatorshallverifythattheapplicationdisplaysallplatformresourcesitwouldliketoaccess.Note:Iftheusergoesto:App permissions > Settings > Security andPrivacy > Application Permissions > Select applicationin question,itwilllistwhichplatformresourceareapproved/deniedandcanbechanged.
ForAndroid:Theevaluatorshallinstalltheapplicationandverifythattheapplicationdisplaystheplatformresourcesitwouldliketoaccess.ThisincludespermissionssuchasACCESS_COARSE_LOCATION,ACCESS_FINE_LOCATION,BLUETOOTH,CAMERA,INTERNET,NFC,READ_EXTERNAL_STORAGE,RECORD_AUDIO.AcompletelistofAndroidpermissionscanbefoundat:
http://developer.android.com/reference/android/Manifest.permission.htmlhttp://developer.android.com/reference/android/Manifest.permission_group.html
ForWindows:ForWindowsStoreAppstheevaluatorshallchecktheWMAppManifest.xmlfileforalistofrequiredhardwarecapabilities.Theevaluatorshallverifythattheuserismadeawareoftherequiredhardwarecapabilitieswhentheapplicationisfirstinstalled.ThisincludespermissionssuchasID_CAP_ISV_CAMERA,ID_CAP_LOCATION,ID_CAP_NETWORKING,ID_CAP_MICROPHONE,ID_CAP_PROXIMITYandsoon.AcompletelistofWindowsApppermissionscanbefoundat:
http://msdn.microsoft.com/enUS/library/windows/apps/jj206936.aspx
ForWindowsDesktopApplicationstheevaluatorshallverifythateithertheapplicationorthedocumentationprovidetheuserwithalistoftherequiredhardwareresources.
ForiOS:Theevaluatorshallverifythateithertheapplicationorthedocumentationprovidetheuserwithalistoftherequiredhardwareresources.
ForLinux:Theevaluatorshallverifythateithertheapplication
softwareoritsdocumentationprovidestheuserwithalistoftherequiredhardwareresources.
ForSolaris:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistoftherequiredhardwareresources.
ForMacOSX:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistoftherequiredhardwareresources.
FDP_DEC_EXT.1.2Theapplicationshallprovideuserawarenessofitsintenttoaccess[selection:
nosensitiveinformationrepositories,addressbook,calendar,calllists,systemlogs,[assignment:listofadditionalsensitiveinformationrepositories]
].
ApplicationNote:Sensitiveinformationrepositoriesaredefinedasthosecollectionsofsensitivedatathatcouldbeexpectedtobesharedamongsomeapplications,users,oruserroles,buttowhichnotallofthesewouldordinarilyrequireaccess.Theintentisfortheevaluatortoensurethattheselectioncapturesallsensitiveinformationrepositorieswhichtheapplicationisintendedtoaccess.Therequirementiswordedinthiswayduetothediversityofmethodsbywhichuserawarenesscanbeachieved,whichvariesperplatform.
AssuranceActivity
Theevaluatorshallensurethattheselectioncapturesallsensitiveinformationrepositorieswhichtheapplicationisintendedtoaccess.Theevaluatorshallinstallandruntheapplicationsoftwareandinspectitsuserdocumentationtoverifythattheuserisinformedofanyneedtoaccesstheserepositories.Themethodofdoingsovariesperplatform.
ForBlackBerry:Theevaluatorshallinstalltheapplicationandrunitforthefirsttime.Theevaluatorshallverifythattheapplicationdisplaysallplatformresourcesitwouldliketoaccess.
ForAndroid:Theevaluatorshallinstalltheapplicationandverifythattheapplicationdisplaysthepermissionsusedtoaccesssystemwiderepositories.ThisincludespermissionssuchasREAD_CALENDAR,READ_CALL_LOG,READ_CONTACTS,READ_EXTERNAL_STORAGE,READ_LOGS.AcompletelistofAndroidpermissionscanbefoundat:
http://developer.android.com/reference/android/Manifest.permission.htmlhttp://developer.android.com/reference/android/Manifest.permission_group.html
ForWindows:ForWindowsStoreAppstheevaluatorshallchecktheWMAppManifest.xmlfileforalistofrequiredcapabilities.Theevaluatorshallverifythattheuserismadeawareoftherequiredinformationrepositorieswhentheapplicationisfirstinstalled.This
includespermissionssuchasID_CAP_CONTACTS,ID_CAP_APPOINTMENTS,ID_CAP_MEDIALIBandsoon.AcompletelistofWindowsApppermissionscanbefoundat:
http://msdn.microsoft.com/enUS/library/windows/apps/jj206936.aspx
ForWindowsDesktopApplicationtheevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistoftherequiredsensitiveinformationrepositories.
ForiOS:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidesprovidestheuserwithalistoftherequiredsensitiveinformationrepositories.
ForLinux:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistofrequiredsensitiveinformationrepositories.
ForSolaris:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistofrequiredsensitiveinformationrepositories.
ForMacOSX:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistofrequiredsensitiveinformationrepositories.
FDP_DEC_EXT.1.3Theapplicationshallonlyseekaccesstothoseresourcesforwhichithasprovidedajustificationtoaccess.
AssuranceActivity
Theevaluatorshallreviewdocumentationprovidedbytheapplicationdeveloperandforeachresourcewhichitrequestsaccessto,identifythejustificationastowhyaccessisrequired.
FDP_DEC_EXT.1.4Theapplicationshallrestrictnetworkcommunicationto[selection:
nonetworkcommunication,userinitiatedcommunicationfor[assignment:listoffunctionsforwhichtheusercaninitiatenetworkcommunication],respondto[assignment:listofremotelyinitiatedcommunication],[assignment:listofapplicationinitiatednetworkcommunication]
].
ApplicationNote:Thisrequirementisintendedtorestrictbothinboundandoutboundnetworkcommunicationstoonlythoserequired,ortonetworkcommunicationsthatareuserinitiated.Itdoesnotapplytonetworkcommunicationsinwhichtheapplicationmaygenericallyaccessthefilesystemwhichmayresultintheplatformaccessingremotelymounteddrives/shares.
AssuranceActivity
Theevaluatorshallperformthefollowingtests:
Test1:Theevaluatorshallruntheapplication.Whiletheapplicationisrunning,theevaluatorshallsniffnetworktrafficignoringallnonapplicationassociatedtrafficandverifythatanynetworkcommunicationswitnessedaredocumentedintheTSSorareuserinitiated.Test2:Theevaluatorshallruntheapplication.Aftertheapplicationinitializes,theevaluatorshallrunnetworkportscanstoverifythatanyportsopenedbytheapplicationhavebeencapturedintheSTforthethirdselectionanditsassignment.Thisincludesconnectionbasedprotocols(e.g.TCP,DCCP)aswellasconnectionlessprotocols(e.g.UDP).
FDP_DEC_EXT.1.5Theapplicationshall[selection:
nottransmitPIIoveranetwork,requireuserapprovalbeforeexecuting[assignment:listoffunctionsthattransmitPIIoveranetwork]
].
ApplicationNote:ThisrequirementonlyappliestoPIIthatisspecificallyrequestedbytheapplicationitdoesnotapplyiftheuservolunteersPIIwithoutpromptingfromtheapplicationintoageneral(orinappropriate)datafield.AdialogboxthatdeclaresintenttosendPIIpresentedtotheuseratthetimetheapplicationisstartedissufficienttomeetthisrequirement.
AssuranceActivity
TheevaluatorshallinspecttheTSSdocumentationtoidentifyfunctionalityintheapplicationwherePIIcanbetransmitted,andperformthefollowingtests.
Test1:TheevaluatorshallruntheapplicationandexercisethefunctionalityresponsiblyfortransmittingPIIandverifythatuserapprovalisrequiredbeforetransmissionofthePII.
FDP_DAR_EXT.1EncryptionOfSensitiveApplicationData
FDP_DAR_EXT.1.1Theapplicationshall[selection:
leverageplatformprovidedfunctionalitytoencryptsensitivedata,implementfunctionalitytoencryptsensitivedata,notstoreanysensitivedata
]innonvolatilememory.
ApplicationNote:Ifimplementfunctionalitytoencryptsensitivedataisselected,thenevaluationisrequiredagainsttheApplicationSoftwareProtectionProfileExtendedPackage:FileEncryption.
Anyfilethatmaypotentiallycontainsensitivedata(toincludetemporaryfiles)shallbeprotected.Theonlyexceptionisiftheuserintentionallyexportsthesensitivedatatononprotectedfiles.
AssuranceActivity
Theevaluatorshallinventorythefilesystemlocationswheretheapplicationmaywritedata.Theevaluatorshallruntheapplicationandattempttostoresensitivedata.Theevaluatorshalltheninspectthoseareasofthefilesystemtonotewheredatawasstored(ifany),anddeterminewhetherithasbeenencrypted.
Ifnotstoreanysensitivedataisselected,theevaluatorshallinspecttheTSSandensurethatitdescribeshowsensitivedatacannotbewrittentononvolatilememory.Theevaluatorshallalsoensurethatthisisconsistentwiththefilesystemtestabove.
Ifimplementfunctionalitytoencryptsensitivedataisselected,thenevaluationisrequiredagainsttheApplicationSoftwareProtectionProfileExtendedPackage:FileEncryption.Theevaluatorshallensurethatsuchevaluationisunderway.
Ifleverageplatformprovidedfunctionalityisselected,theevaluationactivitieswillbeperformedasstatedinthefollowingrequirements,whichvaryonaperplatformbasis:
ForBlackBerry:TheevaluatorshallinspecttheTSSandensurethatitdescribeshowtheapplicationusestheAdvancedDataatRestProtectionAPIandhowtheapplicationusestheappropriatedomaintostoreandprotecteachdatafile.
ForAndroid:TheevaluatorshallinspecttheTSSandverifythatitdescribeshowfilescontainingsensitivedataarestoredwiththeMODE_PRIVATEflagset.
ForWindows:TheWindowsplatformcurrentlydoesnotprovidedataatrestencryptionserviceswhichdependuponinvocationbyapplicationdevelopers.TheevaluatorshallverifythattheOperationalUserGuidancemakestheneedtoactivateplatformencryption,suchasBitLockerorEncryptingFileSystem(EFS),cleartotheenduser.
ForiOS:TheevaluatorshallinspecttheTSSandensurethatitdescribeshowtheapplicationusestheCompleteProtection,ProtectedUnlessOpen,orProtectedUntilFirstUserAuthenticationDataProtectionClassforeachdatafilestoredlocally.
ForLinux:TheLinuxplatformcurrentlydoesnotprovidedataatrestencryptionserviceswhichdependuponinvocationbyapplicationdevelopers.TheevaluatorshallverifythattheOperationalUserGuidancemakestheneedtoactivateplatformencryptioncleartotheenduser.
ForSolaris:TheSolarisplatformcurrentlydoesnotprovidedataatrestencryptionserviceswhichdependuponinvocationbyapplicationdevelopers.TheevaluatorshallverifythattheOperationalUserGuidancemakestheneedtoactivateplatformencryptioncleartotheenduser.
ForMacOSX:TheMacOSXplatformcurrentlydoesnotprovidedataatrestencryptionserviceswhichdependuponinvocationbyapplicationdevelopers.TheevaluatorshallverifythattheOperationalUserGuidancemakestheneedtoactivateplatformencryptioncleartotheenduser.
5.1.3IdentificationandAuthentication(FIA)
5.1.4SecurityManagement(FMT)
FMT_MEC_EXT.1SupportedConfigurationMechanism
FMT_MEC_EXT.1.1Theapplicationshallinvokethemechanismsrecommendedbytheplatformvendorforstoringandsettingconfigurationoptions.
ApplicationNote:Configurationoptionsthatarestoredremotelyarenotsubjecttothisrequirement.
AssuranceActivity
TheevaluatorshallreviewtheTSStoidentifytheapplication'sconfigurationoptions(e.g.settings)anddeterminewhetherthesearestoredandsetusingthemechanismssupportedbytheplatform.Themethodofdoingsovariesperplatform.
ForBlackBerry:Theevaluatorshallruntheapplicationandmakesecurityrelatedchangestoitsconfiguration.Theevaluatorshallcheckthatatleastonefileintheappfolderoftheapplicationworkingdirectorywasmodifiedtoreflectthechangemade.
ForAndroid:Theevaluatorshallruntheapplicationandmakesecurityrelatedchangestoitsconfiguration.TheevaluatorshallcheckthatatleastoneXMLfileatlocation/data/data/package/shared_prefs/reflectsthechangesmadetotheconfigurationtoverifythattheapplicationusedSharedPreferencesand/orPreferenceActivityclassesforstoringconfigurationdata,wherepackageistheJavapackageoftheapplication.
ForWindows:TheevaluatorshalldetermineandverifythatWindowsStoreAppapplicationsuseeithertheWindows.UI.ApplicationSettingsnamespaceortheIsolatedStorageSettingsnamespaceforstoringapplicationspecificsettings.ForClassicDesktopapplications,theevaluatorshallruntheapplicationwhilemonitoringitwiththeSysInternaltoolProcMonandmakechangestoitsconfiguration.TheevaluatorshallverifythatProcMonlogsshowcorrespondingchangestothetheWindowsRegistry.
ForiOS:Theevaluatorshallverifythattheappusestheuserdefaults systemorkey-value storeforstoringallsettings.
ForLinux:Theevaluatorshallruntheapplicationwhilemonitoringitwiththeutilitystrace.Theevaluatorshallmakesecurityrelatedchangestoitsconfiguration.Theevaluatorshallverifythatstracelogscorrespondingchangestoconfigurationfilesthatresidein/etc(forsystemspecificconfiguration)orintheuser'shomedirectory(foruserspecificconfiguration).
ForSolaris:Theevaluatorshallruntheapplicationwhilemonitoringitwiththeutilitydtrace.Theevaluatorshallmakesecurityrelatedchangestoitsconfiguration.Theevaluatorshallverifythatdtrace
logscorrespondingchangestoconfigurationfilesthatresidein/etc(forsystemspecificconfiguration)orintheuser'shomedirectory(foruserspecificconfiguration).
ForMacOSX:TheevaluatorshallverifythattheapplicationstoresandretrievessettingsusingtheNSUserDefaultsclass.
FMT_CFG_EXT.1SecurebyDefaultConfiguration
FMT_CFG_EXT.1.1Theapplicationshallonlyprovideenoughfunctionalitytosetnewcredentialswhenconfiguredwithdefaultcredentialsornocredentials.
ApplicationNote:Defaultcredentialsarecredentials(e.g.,passwords,keys)thatareautomatically(withoutuserinteraction)loadedontotheplatformduringapplicationinstallation.CredentialsthataregeneratedduringinstallationusingrequirementslaidoutinFCS_RBG_EXT.1arenotbydefinitiondefaultcredentials.
AssuranceActivity
TheevaluatorshallchecktheTSStodetermineiftheapplicationrequiresanytypeofcredentialsandiftheapplicationsinstallswithdefaultcredentials.Iftheapplicationusesanydefaultcredentialstheevaluatorshallrunthefollowingtests.
Test1:Theevaluatorshallinstallandruntheapplicationwithoutgeneratingorloadingnewcredentialsandverifythatonlytheminimalapplicationfunctionalityrequiredtosetnewcredentialsisavailable.Test2:Theevaluatorshallattempttoclearallcredentialsandverifythatonlytheminimalapplicationfunctionalityrequiredtosetnewcredentialsisavailable.Test3:Theevaluatorshallruntheapplication,establishnewcredentialsandverifythattheoriginaldefaultcredentialsnolongerprovideaccesstotheapplication.
FMT_CFG_EXT.1.2Theapplicationshallbeconfiguredbydefaultwithfilepermissionswhichprotectitanditsdatafromunauthorizedaccess.
ApplicationNote:Thepreciseexpectationsforfilepermissionsvaryperplatformbutthegeneralintentionisthatatrustboundaryprotectstheapplicationanditsdata.
AssuranceActivity
Theevaluatorshallinstallandruntheapplication.Theevaluatorshallinspectthefilesystemoftheplatform(totheextentpossible)foranyfilescreatedbytheapplicationandensurethattheirpermissionsareadequatetoprotectthem.Themethodofdoingsovariesperplatform.
ForBlackBerry:Theevaluatorshallrunls -alR|grep -E'$.......(r|-w|--x)'insidetheapplication'sdatadirectoriesto
ensurethatallfilesarenotworldaccessible(eitherread,write,orexecute).Thecommandshouldnotprintanyfiles.Theevaluatorshallalsoverifythatnosensitivedataiswrittentoexternalstoragewhichcouldberead/modifiedbyanyotherapplication.
ForAndroid:Theevaluatorshallrunls -alR|grep -E '$.......(r|-w|--x)'insidetheapplication'sdatadirectoriestoensurethatallfilesarenotworldaccessible(eitherread,write,orexecute).Thecommandshouldnotprintanyfiles.Theevaluatorshallalsoverifythatnosensitivedataiswrittentoexternalstorageasthisdatacanberead/modifiedbyanyapplicationcontainingtheREAD_EXTERNAL_STORAGEand/orWRITE_EXTERNAL_STORAGEpermissions.
ForWindows:TheevaluatorshallruntheSysInternalstools,ProcessMonitorandAccessCheck(ortoolsofequivalentcapability,likeicacls.exe)forClassicDesktopapplicationstoverifythatfileswrittentodiskduringanapplicationsinstallationhavethecorrectfilepermissions,suchthatastandardusercannotmodifytheapplicationoritsdatafiles.ForWindowsStoreAppstheevaluatorshallconsidertherequirementmetbecauseoftheAppContainersandbox.
ForiOS:TheevaluatorshalldeterminewhethertheapplicationleveragestheappropriateDataProtectionClassforeachdatafilestoredlocally.
ForLinux:Theevaluatorshallrunthecommandfind . -perm/007insidetheapplication'sdatadirectoriestoensurethatallfilesarenotworldaccessible(eitherread,write,orexecute).Thecommandshouldnotprintanyfiles.
ForSolaris:Theevaluatorshallrunthecommandfind . \( -perm -001 -o -perm -002 -o -perm -004 \)insidetheapplication'sdatadirectoriestoensurethatallfilesarenotworldaccessible(eitherread,write,orexecute).Thecommandshouldnotprintanyfiles.
ForMacOSX:Theevaluatorshallrunthecommandfind . -perm+007insidetheapplication'sdatadirectoriestoensurethatallfilesarenotworldaccessible(eitherread,write,orexecute).Thecommandshouldnotprintanyfiles.
FMT_SMF.1SpecificationofManagementFunctions
FMT_SMF.1.1TheTSFshallbecapableofperformingthefollowingmanagementfunctions[selection:
nomanagementfunctions,enable/disablethetransmissionofanyinformationdescribingthesystem'shardware,software,orconfiguration,enable/disablethetransmissionofanyPII,enable/disabletransmissionofanyapplicationstate(e.g.crashdump)information,enable/disablenetworkbackupfunctionalityto[assignment:listofenterpriseorcommercialcloudbackupsystems],[assignment:listofothermanagementfunctionstobeprovidedby
theTSF]].
ApplicationNote:Thisrequirementstipulatesthatanapplicationneedstoprovidetheabilitytoenable/disableonlythosefunctionsthatitactuallyimplements.Theapplicationisnotresponsibleforcontrollingthebehavioroftheplatformorotherapplications.
AssuranceActivity
TheevaluatorshallverifythateverymanagementfunctionmandatedbythePPisdescribedintheoperationalguidanceandthatthedescriptioncontainstheinformationrequiredtoperformthemanagementdutiesassociatedwiththemanagementfunction.Theevaluatorshalltesttheapplication'sabilitytoprovidethemanagementfunctionsbyconfiguringtheapplicationandtestingeachoptionselectedfromabove.TheevaluatorisexpectedtotestthesefunctionsinallthewaysinwhichtheSTandguidancedocumentationstatetheconfigurationcanbemanaged.
5.1.5ProtectionoftheTSF(FPT)
FPT_API_EXT.1UseofSupportedServicesandAPIs
FPT_API_EXT.1.1TheapplicationshallonlyusesupportedplatformAPIs.
ApplicationNote:Thedefinitionofsupportedmayvarydependinguponwhethertheapplicationisprovidedbyathirdparty(whoreliesupondocumentedplatformAPIs)orbyaplatformvendorwhomaybeabletoguaranteesupportforplatformAPIswhicharenotexternallydocumented.
AssuranceActivity
TheevaluatorshallverifythattheTSSliststheplatformAPIsusedintheapplication.TheevaluatorshallthencomparethelistwiththesupportedAPIs(availablethroughe.g.developeraccounts,platformdevelopergroups)andensurethatallAPIslistedintheTSSaresupported.
FPT_AEX_EXT.1AntiExploitationCapabilities
FPT_AEX_EXT.1.1Theapplicationshallnotrequesttomapmemoryatanexplicitaddressexceptfor[assignment:listofexplicitexceptions].
ApplicationNote:Requestingamemorymappingatanexplicitaddresssubvertsaddressspacelayoutrandomization(ASLR).
AssuranceActivity
TheevaluatorshallensurethattheTSSdescribesthecompilerflagsusedtoenableASLRwhentheapplicationiscompiled.Theevaluatorshallperformeitherastaticordynamicanalysistodeterminethatno
memorymappingsareplacedatanexplicitandconsistentaddress.Themethodofdoingsovariesperplatform.
ForBlackBerry:TheevaluatorshallrunthesameapplicationontwodifferentBlackBerrysystemsandrunatoolthatwilllistallmemorymappedaddressesfortheapplication.Theevaluatorshallthenverifythetwodifferentinstancessharenomappinglocations.
ForAndroid:TheevaluatorshallrunthesameapplicationontwodifferentAndroidsystems.ConnectviaADBandinspect/proc/PID/maps.Ensurethetwodifferentinstancessharenomappinglocations.
ForWindows:TheevaluatorshallrunthesameapplicationontwodifferentWindowssystemsandrunatoolthatwilllistallmemorymappedaddressesfortheapplication.Theevaluatorshallthenverifythetwodifferentinstancessharenomappinglocations.TheMicrosoftsysinternalstool,VMMap,couldbeusedtoviewmemoryaddressesofarunningapplication.TheevaluatorshalluseatoolsuchasMicrosoft'sBinScopeBinaryAnalyzertoconfirmthattheapplicationhasASLRenabled.
ForiOS:Theevaluatorshallperformastaticanalysistosearchforanymmapcalls(orAPIcallsthatcallmmap),andensurethatnoargumentsareprovidedthatrequestamappingatafixedaddress
ForLinux:TheevaluatorshallrunthesameapplicationontwodifferentLinuxsystems.Theevaluatorshallthencomparetheirmemorymapsusingpmap -x PID toensurethetwodifferentinstancessharenomappinglocations.
ForSolaris:TheevaluatorshallrunthesameapplicationontwodifferentSolarissystems.Theevaluatorshallthencomparetheirmemorymapsusingpmap -x PID toensurethetwodifferentinstancessharenomappinglocations.
ForMacOSX:TheevaluatorshallrunthesameapplicationontwodifferentMacOSXsystems.Theevaluatorshallthencomparetheirmemorymapsusingvmmap PIDtoensurethetwodifferentinstancessharenomappinglocations.
FPT_AEX_EXT.1.2Theapplicationshall[selection:
notallocateanymemoryregionwithbothwriteandexecutepermissions,allocatememoryregionswithwriteandexecutepermissionsforonly[assignment:listoffunctionsperformingjustintimecompilation]
].
ApplicationNote:RequestingamemorymappingwithbothwriteandexecutepermissionssubvertstheplatformprotectionprovidedbyDEP.Iftheapplicationperformsnojustintimecompiling,thenthefirstselectionmustbechosen.
AssuranceActivity
Theevaluatorshallverifythatnomemorymappingrequestsare
madewithwriteandexecutepermissions.Themethodofdoingsovariesperplatform.
ForBlackBerry:Theevaluatorshallperformstaticanalysisontheapplicationtoverifythat
mmapisneverinvokedwithboththePROT_WRITEandPROT_EXECpermissions,andmprotectisneverinvoked.
ForAndroid:Theevaluatorshallperformstaticanalysisontheapplicationtoverifythat
mmapisneverinvokedwithboththePROT_WRITEandPROT_EXECpermissions,andmprotectisneverinvoked.
ForWindows:TheevaluatorshalluseatoolsuchasMicrosoft'sBinScopeBinaryAnalyzertoconfirmthattheapplicationpassestheNXCheck.Theevaluatormayalsoensurethatthe/NXCOMPATflagwasusedduringcompilationtoverifythatDEPprotectionsareenabledfortheapplication.
ForiOS:TheevaluatorshallperformstaticanalysisontheapplicationtoverifythatmprotectisneverinvokedwiththePROT_EXECpermission.
ForLinux:Theevaluatorshallperformstaticanalysisontheapplicationtoverifythatboth
mmapisneverbeinvokedwithboththePROT_WRITEandPROT_EXECpermissions,andmprotectisneverinvokedwiththePROT_EXECpermission.
ForSolaris:Theevaluatorshallperformstaticanalysisontheapplicationtoverifythatboth
mmapisneverbeinvokedwithboththePROT_WRITEandPROT_EXECpermissions,andmprotectisneverinvokedwiththePROT_EXECpermission.
ForMacOSX:TheevaluatorshallperformstaticanalysisontheapplicationtoverifythatmprotectisneverinvokedwiththePROT_EXECpermission.
FPT_AEX_EXT.1.3Theapplicationshallbecompatiblewithsecurityfeaturesprovidedbytheplatformvendor.
ApplicationNote:Thisrequirementisdesignedtoensurethatplatformsecurityfeaturesdonotneedtobedisabledinorderfortheapplicationtorun.
AssuranceActivity
Theevaluatorshallconfiguretheplatformintheascribedmannerandcarryoutoneoftheprescribedtests:
ForBlackBerry:TheevaluatorshallensurethattheapplicationcansuccessfullyrunonthelatestversionoftheBlackBerryOS.
ForAndroid:TheevaluatorshallensurethattheapplicationcanrunwithSEforAndroidenabledandenforcing.
ForWindows:ForbothclassicdesktopandWindowsStoreapplications,theevaluatorshallconfigurethelatestversionofMicrosoft'sEnhancedMitigationExperienceToolkit(EMET)toprotecttheapplication.TheevaluatorshallthenruntheapplicationandverifythattheapplicationdoesnotcrashwhileprotectedbyEMET.
ForiOS:TheevaluatorshallensurethattheapplicationcansuccessfullyrunonthelatestversionofiOS.
ForLinux:TheevaluatorshallensurethattheapplicationcansuccessfullyrunonasystemwithSELinuxenabledandenforcing.
ForSolaris:TheevaluatorshallensurethattheapplicationcanrunwithSolarisTrustedExtensionsenabledandenforcing.
ForMacOSX:TheevaluatorshallensurethattheapplicationcansuccessfullyrunonthelatestversionofOSX.
FPT_AEX_EXT.1.4Theapplicationshallnotwriteusermodifiablefilestodirectoriesthatcontainexecutablefilesunlessexplicitlydirectedbytheusertodoso.
ApplicationNote:Executablesandusermodifiablefilesmaynotsharethesameparentdirectory,butmaysharedirectoriesabovetheparent.
AssuranceActivity
Theevaluatorshallruntheapplicationanddeterminewhereitwritesitsfiles.Forfileswheretheuserdoesnotchoosethedestination,theevaluatorshallcheckwhetherthedestinationdirectorycontainsexecutablefiles.Thisvariesperplatform:
ForBlackBerry:Theevaluatorshallconsidertherequirementmetbecausetheplatformforcesapplicationstowritealldatawithintheapplicationworkingdirectory(sandbox).
ForAndroid:Theevaluatorshallruntheprogram,mimickingnormalusage,andnotewhereallfilesarewritten.Theevaluatorshallensurethattherearenoexecutablefilesstoredunder/data/data/package/wherepackageistheJavapackageoftheapplication.
ForWindows:ForWindowsStoreAppstheevaluatorshallconsidertherequirementmetbecausetheplatformforcesapplicationstowritealldatawithintheapplicationworkingdirectory(sandbox).ForWindowsDesktopApplicationstheevaluatorshallruntheprogram,mimickingnormalusage,andnotewhereallfilesarewritten.Theevaluatorshallensurethattherearenoexecutablefilesstoredinthesamedirectoriestowhichtheapplicationwroteandnodatafilesintheapplicationsinstalldirectory.
ForiOS:Theevaluatorshallconsidertherequirementmetbecausetheplatformforcesapplicationstowritealldatawithinthe
applicationworkingdirectory(sandbox).
ForLinux:Theevaluatorshallruntheprogram,mimickingnormalusage,andnotewhereallfilesarewritten.Theevaluatorshallensurethattherearenoexecutablefilesstoredinthesamedirectoriestowhichtheapplicationwrote.
ForSolaris:Theevaluatorshallruntheprogram,mimickingnormalusage,andnotewhereallfilesarewritten.Theevaluatorshallensurethattherearenoexecutablefilesstoredinthesamedirectoriestowhichtheapplicationwrote.
ForMacOSX:Theevaluatorshallruntheprogram,mimickingnormalusage,andnotewhereallfilesarewritten.Theevaluatorshallensurethattherearenoexecutablefilesstoredinthesamedirectoriestowhichtheapplicationwrote.
FPT_AEX_EXT.1.5Theapplicationshallbecompiledwithstackbasedbufferoverflowprotectionenabled.
AssuranceActivity
TheevaluatorshallensurethattheTSSsectionoftheSTdescribesthecompilerflagusedtoenablestackbasedbufferoverflowprotectionintheapplication.Theevaluatorshallperformastaticanalysistoverifythatstackbasedbufferoverflowprotectionispresent.Themethodofdoingsovariesperplatform:
ForBlackBerry:Theevaluatorshallensurethatthefstackprotectorstrongorfstackprotectorallflagsareused.Thefstackprotectorallflagispreferredbutfstackprotectorstrongisacceptable.
ForAndroid:ApplicationsthatareentirelyJavarunintheJavamachineanddonotneedtraditionalstackprotection.ForapplicationsusingJavaNativeInterface(JNI),theevaluatorshallensurethatthe-fstack-protector-strongor-fstack-protector-allflagsareused.The-fstack-protector-allflagispreferredbut-fstack-protector-strongisacceptable.
ForWindows:TheevaluatorshallreviewtheTSSandverifythatthe/GSflagwasusedduringcompilation.Theevaluatorshallrunatool,likeBinScope,thatcanverifythecorrectusageof/GS
ForiOS:IftheapplicationiscompiledusingGCCorXcode,theevaluatorshallensurethatthe-fstack-protector-strongor-fstack-protector-allflagsareused.The-fstack-protector-allflagispreferredbut-fstack-protector-strongisacceptable.Iftheapplicationisbuiltusinganyothercompiler,thentheevaluatorshalldeterminethatappropriatestackprotectionhasbeenusedduringthebuildprocess.
ForLinux:IftheapplicationiscompiledusingGCC,theevaluatorshallensurethatthe-fstack-protector-strongor-fstack-protector-allflagsareused.The-fstack-protector-allflagispreferredbut-fstack-protector-strongisacceptable.Ifthe
applicationisbuiltusingclang,itmustbecompiledandlinkedwiththe-fsanitize=addressflag.Iftheapplicationisbuiltusinganyothercompiler,thentheevaluatorshalldeterminethatappropriatestackprotectionhasbeenusedduringthebuildprocess.
ForSolaris:IftheapplicationiscompiledusingGCC,theevaluatorshallensurethatthe-fstack-protector-strongor-fstack-protector-allflagsareused.The-fstack-protector-allflagispreferredbut-fstack-protector-strongisacceptable.Iftheapplicationisbuiltusingclang,itmustbecompiledandlinkedwiththe-fsanitize=addressflag.Iftheapplicationisbuiltusinganyothercompiler,thentheevaluatorshalldeterminethatappropriatestackprotectionhasbeenusedduringthebuildprocess.
ForMacOSX:IftheapplicationiscompiledusingGCCorXcode,theevaluatorshallensurethatthe-fstack-protector-strongor-fstack-protector-allflagsareused.The-fstack-protector-allflagispreferredbut-fstack-protector-strongisacceptable.Iftheapplicationisbuiltusinganyothercompiler,thentheevaluatorshalldeterminethatappropriatestackprotectionhasbeenusedduringthebuildprocess.
FPT_TUD_EXT.1IntegrityforInstallationandUpdate
FPT_TUD_EXT.1.1Theapplicationshall[selection:providetheability,leveragetheplatform]tocheckforupdatesandpatchestotheapplicationsoftware.
ApplicationNote:Thisrequirementisabouttheabilityto"check"forupdates.Theactualinstallationofanyupdatesshouldbedonebytheplatform.Thisrequirementisintendedtoensurethattheapplicationcancheckforupdatesprovidedbythevendor,asupdatesprovidedbyanothersourcemaycontainmaliciouscode.
AssuranceActivity
Theevaluatorshallcheckforanupdateusingproceduresdescribedinthedocumentationandverifythattheapplicationdoesnotissueanerror.Ifitisupdatedorifitreportsthatnoupdateisavailablethisrequirementisconsideredtobemet.
FPT_TUD_EXT.1.2Theapplicationshallbedistributedusingtheformatoftheplatformsupportedpackagemanager.
AssuranceActivity
Theevaluatorshallverifythatapplicationupdatesaredistributedintheformatsupportedbytheplatform.Thisvariesperplatform:
ForBlackBerry:TheevaluatorshallensurethattheapplicationispackagedintheBlackberry(BAR)format.
ForAndroid:TheevaluatorshallensurethattheapplicationispackagedintheAndroidapplicationpackage(APK)format.
ForWindows:TheevaluatorshallensurethattheapplicationispackagedintheStandardWindowsInstaller(MSI)formatortheWindowsAppStorepackage(APPX)format.
ForiOS:TheevaluatorshallensurethattheapplicationispackagedintheIPAformat.
ForLinux:Theevaluatorshallensurethattheapplicationispackagedintheformatofthepackagemanagementinfrastructureofthechosendistribution.Forexample,applicationsrunningonRedHatandRedHatderivativesshouldbepackagedinRPMformat.ApplicationsrunningonDebianandDebianderivativesshouldbepackagedindebformat.
ForSolaris:TheevaluatorshallensurethattheapplicationispackagedinthePKGformat.
ForMacOSX:TheevaluatorshallensurethatapplicationispackagedintheDMGformat,thePKGformat,ortheMPKGformat.
FPT_TUD_EXT.1.3Theapplicationshallbepackagedsuchthatitsremovalresultsinthedeletionofalltracesoftheapplication,withtheexceptionofconfigurationsettings,outputfiles,andaudit/logevents.
ApplicationNote:Applicationsbundledwiththesystem/firmwareimagearenotsubjecttothisrequirementiftheuserisunabletoremovetheapplicationthroughmeansprovidedbytheOS.
AssuranceActivity
Theevaluatorshallrecordthepathofeveryfileontheentirefilesystempriortoinstallationoftheapplication,andtheninstallandruntheapplication.Afterwards,theevaluatorshallthenuninstalltheapplication,andcomparetheresultingfilesystemtotheinitialrecordtoverifythatnofiles,otherthanconfiguration,output,andaudit/logfiles,havebeenaddedtothefilesystem.
FPT_TUD_EXT.1.4Theapplicationshallnotdownload,modify,replaceorupdateitsownbinarycode.
ApplicationNote:Thisrequirementappliestothecodeoftheapplicationitdoesnotapplytomobilecodetechnologiesthataredesignedfordownloadandexecutionbytheapplication.
AssuranceActivity
Theevaluatorshallverifythattheapplication'sexecutablefilesarenotchangedbytheapplication.Theevaluatorshallcompletethefollowingtest:
Test1:Theevaluatorshallinstalltheapplicationandthenlocateallofitsexecutablefiles.Theevaluatorshallthen,foreachfile,saveoffeitherahashofthefileoracopyofthefile
itself.TheevaluatorshallthenruntheapplicationandexerciseallfeaturesoftheapplicationasdescribedintheTSS.Theevaluatorshallthencompareeachexecutablefilewiththeeitherthesavedhashorthesavedcopyofthefiles.Theevaluatorshallverifythattheseareidentical.
FPT_TUD_EXT.1.5Theapplicationshall[selection,atleastoneof:providetheability,leveragetheplatform]toquerythecurrentversionoftheapplicationsoftware.
AssuranceActivity
Theevaluatorshallquerytheapplicationforthecurrentversionofthesoftwareaccordingtotheoperationaluserguidance(AGD_OPE.1)andshallverifythatthecurrentversionmatchesthatofthedocumentedandinstalledversion.
FPT_TUD_EXT.1.6Theapplicationinstallationpackageanditsupdatesshallbedigitallysignedsuchthatitsplatformcancryptographicallyverifythempriortoinstallation.
ApplicationNote:Thespecificsoftheverificationofinstallationpackagesandupdatesinvolvesrequirementsontheplatform(andnottheapplication),sothesearenotfullyspecifiedhere.
AssuranceActivity
TheevaluatorshallverifythattheTSSidentifieshowtheapplicationinstallationpackageandupdatestoitaresignedbyanauthorizedsource.ThedefinitionofanauthorizedsourcemustbecontainedintheTSS.TheevaluatorshallalsoensurethattheTSS(ortheoperationalguidance)describeshowcandidateupdatesareobtained.
FPT_LIB_EXT.1UseofThirdPartyLibraries
FPT_LIB_EXT.1.1Theapplicationshallbepackagedwithonly[assignment:listofthirdpartylibraries].
ApplicationNote:Theintentionofthisrequirementisfortheevaluatortodiscoveranddocumentwhethertheapplicationisincludingunnecessaryorunexpectedthirdpartylibraries.Thisincludesadwarelibrarieswhichcouldpresentaprivacythreat,aswellasensuringdocumentationofsuchlibrariesincasevulnerabilitiesarelaterdiscovered.
AssuranceActivity
Theevaluatorshallinstalltheapplicationandsurveyitsinstallationdirectoryfordynamiclibraries.Theevaluatorshallverifythatlibrariesfoundtobepackagedwithoremployedbytheapplicationarelimitedtothoseintheassignment.
5.1.6TrustedPath/Channel(FTP)
FTP_DIT_EXT.1ProtectionofDatainTransit
FTP_DIT_EXT.1.1Theapplicationshall[selection:
nottransmitanydata,nottransmitanysensitivedata,encryptalltransmittedsensitivedatawith[selection,atleastoneof:HTTPS,TLS,DTLS],encryptalltransmitteddatawith[selection,atleastoneof:HTTPS,TLS,DTLS]
]betweenitselfandanothertrustedITproduct.
ApplicationNote:Extendedpackagesmayoverridethisrequirementtoprovideforotherprotocols.Encryptionisnotrequiredforapplicationstransmittingdatathatisnotsensitive.
IfHTTPSisselected,thenevaluationofelementsfromFCS_TLSC_EXT.1isrequired.IfTLSisselected,thenevaluationofelementsfromFCS_HTTPS_EXT.1isrequired.IfDTLSisselected,thenevaluationofelementsfromFCS_DTLS_EXT.1isrequired.
AssuranceActivity
Theevaluatorshallperformthefollowingtests.Test1:Theevaluatorshallexercisetheapplication(attemptingtotransmitdataforexamplebyconnectingtoremotesystemsorwebsites)whilecapturingpacketsfromtheapplication.TheevaluatorshallverifyfromthepacketcapturethatthetrafficisencryptedwithHTTPS,TLSorDTLSinaccordancewiththeselectionintheST.Test2:Theevaluatorshallexercisetheapplication(attemptingtotransmitdataforexamplebyconnectingtoremotesystemsorwebsites)whilecapturingpacketsfromtheapplication.Theevaluatorshallreviewthepacketcaptureandverifythatnosensitivedataistransmittedintheclear.Test3:TheevaluatorshallinspecttheTSStodetermineifusercredentialsaretransmitted.Ifcredentialsaretransmittedtheevaluatorshallsetthecredentialtoaknownvalue.TheevaluatorshallcapturepacketsfromtheapplicationwhilecausingcredentialstobetransmittedasdescribedintheTSS.Theevaluatorshallperformastringsearchofthecapturednetworkpacketsandverifythattheplaintextcredentialpreviouslysetbytheevaluatorisnotfound.
5.2SecurityAssuranceRequirements
TheSecurityObjectivesfortheTOEinSection5wereconstructedtoaddressthreatsidentifiedinSection3.1.TheSecurityFunctionalRequirements(SFRs)inSection5.1areaformalinstantiationoftheSecurity
Objectives.ThePPidentifiestheSecurityAssuranceRequirements(SARs)toframetheextenttowhichtheevaluatorassessesthedocumentationapplicablefortheevaluationandperformsindependenttesting.
ThissectionliststhesetofSARsfromCCpart3thatarerequiredinevaluationsagainstthisPP.IndividualAssuranceActivities(AAs)tobeperformedarespecifiedbothinSection5aswellasinthissection.
ThegeneralmodelforevaluationofTOEsagainstSTswrittentoconformtothisPPisasfollows:
AftertheSThasbeenapprovedforevaluation,theInformationTechnologySecurityEvaluationFacility(ITSEF)willobtaintheTOE,supportingenvironmentalIT,andtheadministrative/userguidesfortheTOE.TheITSEFisexpectedtoperformactionsmandatedbytheCommonEvaluationMethodology(CEM)fortheASEandALCSARs.TheITSEFalsoperformstheAssuranceActivitiescontainedwithinSection5,whichareintendedtobeaninterpretationoftheotherCEMassurancerequirementsastheyapplytothespecifictechnologyinstantiatedintheTOE.TheAssuranceActivitiesthatarecapturedinSection5alsoprovideclarificationastowhatthedeveloperneedstoprovidetodemonstratetheTOEiscompliantwiththePP.
5.2.1ClassASE:SecurityTargetAsperASEactivitiesdefinedin[CEM].
5.2.2ClassADV:DevelopmentTheinformationabouttheTOEiscontainedintheguidancedocumentationavailabletotheenduseraswellastheTSSportionoftheST.TheTOEdevelopermustconcurwiththedescriptionoftheproductthatiscontainedintheTSSasitrelatestothefunctionalrequirements.TheAssuranceActivitiescontainedinSection5.1shouldprovidetheSTauthorswithsufficientinformationtodeterminetheappropriatecontentfortheTSSsection.
ADV_FSP.1BasicFunctionalSpecification(ADV_FSP.1)
ADV_FSP.1.1DThedevelopershallprovideafunctionalspecification.
ADV_FSP.1.2DThedevelopershallprovideatracingfromthefunctionalspecificationtotheSFRs.
ApplicationNote:Asindicatedintheintroductiontothissection,thefunctionalspecificationiscomprisedoftheinformationcontainedintheAGD_OPEandAGD_PREdocumentation.Thedevelopermayreferenceawebsiteaccessibletoapplicationdevelopersandtheevaluator.TheassuranceactivitiesinthefunctionalrequirementspointtoevidencethatshouldexistinthedocumentationandTSSsectionsincethesearedirectlyassociatedwiththeSFRs,thetracinginelementADV_FSP.1.2Disimplicitlyalreadydoneandnoadditionaldocumentationisnecessary.
ADV_FSP.1.1CThefunctionalspecificationshalldescribethepurposeandmethodofuseforeachSFRenforcingandSFRsupportingTSFI.
ADV_FSP.1.2CThefunctionalspecificationshallidentifyallparametersassociatedwitheachSFRenforcingandSFRsupportingTSFI.
ADV_FSP.1.3CThefunctionalspecificationshallproviderationalefortheimplicitcategorizationofinterfacesasSFRnoninterfering.
ADV_FSP.1.4C
ThetracingshalldemonstratethattheSFRstracetoTSFIsinthefunctionalspecification.
ADV_FSP.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.
ADV_FSP.1.2ETheevaluatorshalldeterminethatthefunctionalspecificationisanaccurateandcompleteinstantiationoftheSFRs.
5.2.3ClassAGD:GuidanceDocumentationTheguidancedocumentswillbeprovidedwiththeST.GuidancemustincludeadescriptionofhowtheITpersonnelverifiesthattheOperationalEnvironmentcanfulfillitsroleforthesecurityfunctionality.ThedocumentationshouldbeinaninformalstyleandreadablebytheITpersonnel.GuidancemustbeprovidedforeveryoperationalenvironmentthattheproductsupportsasclaimedintheST.ThisguidanceincludesinstructionstosuccessfullyinstalltheTSFinthatenvironmentandInstructionstomanagethesecurityoftheTSFasaproductandasacomponentofthelargeroperationalenvironment.Guidancepertainingtoparticularsecurityfunctionalityisalsoprovidedrequirementsonsuchguidancearecontainedintheassuranceactivitiesspecifiedwitheachrequirement.
AGD_OPE.1OperationalUserGuidance(AGD_OPE.1)
AGD_OPE.1.1DThedevelopershallprovideoperationaluserguidance.
ApplicationNote:Theoperationuserguidancedoesnothavetobecontainedinasingledocument.Guidancetousers,administratorsandapplicationdeveloperscanbespreadamongdocumentsorwebpages.Whereappropriate,theguidancedocumentationisexpressedintheeXtensibleConfigurationChecklistDescriptionFormat(XCCDF)tosupportsecurityautomation.Ratherthanrepeatinformationhere,thedevelopershouldreviewtheassuranceactivitiesforthiscomponenttoascertainthespecificsoftheguidancethattheevaluatorwillbecheckingfor.Thiswillprovidethenecessaryinformationforthepreparationofacceptableguidance.
AGD_OPE.1.1CTheoperationaluserguidanceshalldescribe,foreachuserrole,theuseraccessiblefunctionsandprivilegesthatshouldbecontrolledinasecureprocessingenvironment,includingappropriatewarnings.
ApplicationNote:Userandadministratoraretobeconsideredinthedefinitionofuserrole.
AGD_OPE.1.2CTheoperationaluserguidanceshalldescribe,foreachuserrole,howtousetheavailableinterfacesprovidedbytheTOEinasecuremanner.
AGD_OPE.1.3CTheoperationaluserguidanceshalldescribe,foreachuserrole,theavailablefunctionsandinterfaces,inparticularallsecurityparametersunderthecontroloftheuser,indicatingsecurevaluesasappropriate.
AGD_OPE.1.4CTheoperationaluserguidanceshall,foreachuserrole,clearlypresenteachtypeofsecurityrelevanteventrelativetotheuseraccessiblefunctionsthatneedtobeperformed,includingchangingthesecuritycharacteristicsofentitiesunderthecontroloftheTSF.
AGD_OPE.1.5CTheoperationaluserguidanceshallidentifyallpossiblemodesofoperationoftheTOE(includingoperationfollowingfailureoroperationalerror),theirconsequences,andimplicationsformaintainingsecureoperation.
AGD_OPE.1.6CTheoperationaluserguidanceshall,foreachuserrole,describethesecuritymeasurestobefollowedinordertofulfillthesecurityobjectivesfortheoperationalenvironmentasdescribedintheST.
AGD_OPE.1.7CTheoperationaluserguidanceshallbeclearandreasonable.
AGD_OPE.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.
AssuranceActivity
SomeofthecontentsoftheoperationalguidancewillbeverifiedbytheassuranceactivitiesinSection5.1andevaluationoftheTOEaccordingtothe[CEM].Thefollowingadditionalinformationisalsorequired.IfcryptographicfunctionsareprovidedbytheTOE,theoperationalguidanceshallcontaininstructionsforconfiguringthecryptographicengineassociatedwiththeevaluatedconfigurationoftheTOE.ItshallprovideawarningtotheadministratorthatuseofothercryptographicengineswasnotevaluatednortestedduringtheCCevaluationoftheTOE.ThedocumentationmustdescribetheprocessforverifyingupdatestotheTOEbyverifyingadigitalsignaturethismaybedonebytheTOEortheunderlyingplatform.Theevaluatorshallverifythatthisprocessincludesthefollowingsteps:Instructionsforobtainingtheupdateitself.ThisshouldincludeinstructionsformakingtheupdateaccessibletotheTOE(e.g.,placementinaspecificdirectory).Instructionsforinitiatingtheupdateprocess,aswellasdiscerningwhethertheprocesswassuccessfulorunsuccessful.Thisincludesgenerationofthehash/digitalsignature.TheTOEwilllikelycontainsecurityfunctionalitythatdoesnotfallinthescopeofevaluationunderthisPP.Theoperationalguidanceshallmakeitcleartoanadministratorwhichsecurityfunctionalityiscoveredbytheevaluationactivities.
AGD_PRE.1PreparativeProcedures(AGD_PRE.1)
AGD_PRE.1.1DThedevelopershallprovidetheTOE,includingitspreparativeprocedures.
ApplicationNote:Aswiththeoperationalguidance,thedevelopershouldlooktotheassuranceactivitiestodeterminetherequiredcontentwithrespecttopreparativeprocedures.
AGD_PRE.1.1CThepreparativeproceduresshalldescribeallthestepsnecessaryforsecureacceptanceofthedeliveredTOEinaccordancewiththedeveloper'sdeliveryprocedures.
AGD_PRE.1.2CThepreparativeproceduresshalldescribeallthestepsnecessaryforsecure
installationoftheTOEandforthesecurepreparationoftheoperationalenvironmentinaccordancewiththesecurityobjectivesfortheoperationalenvironmentasdescribedintheST.
AGD_PRE.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.
AGD_PRE.1.2ETheevaluatorshallapplythepreparativeprocedurestoconfirmthattheTOEcanbepreparedsecurelyforoperation.
AssuranceActivity
Asindicatedintheintroductionabove,therearesignificantexpectationswithrespecttothedocumentationespeciallywhenconfiguringtheoperationalenvironmenttosupportTOEfunctionalrequirements.TheevaluatorshallchecktoensurethattheguidanceprovidedfortheTOEadequatelyaddressesallplatformsclaimedfortheTOEintheST.
5.2.4ClassALC:LifecycleSupportAttheassurancelevelprovidedforTOEsconformanttothisPP,lifecyclesupportislimitedtoenduservisibleaspectsofthelifecycle,ratherthananexaminationoftheTOEvendorsdevelopmentandconfigurationmanagementprocess.Thisisnotmeanttodiminishthecriticalrolethatadeveloperspracticesplayincontributingtotheoveralltrustworthinessofaproductrather,itisareflectionontheinformationtobemadeavailableforevaluationatthisassurancelevel.
ALC_CMC.1LabelingoftheTOE(ALC_CMC.1)
ALC_CMC.1.1DThedevelopershallprovidetheTOEandareferencefortheTOE.
ALC_CMC.1.1CTheTOEshallbelabeledwithauniquereference.
ApplicationNote:Uniquereferenceinformationincludes:ApplicationNameApplicationVersionApplicationDescriptionPlatformonwhichApplicationRunsSoftwareIdentification(SWID)tags,ifavailable
ALC_CMC.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.
AssuranceActivity
TheevaluatorshallchecktheSTtoensurethatitcontainsanidentifier(suchasaproductname/versionnumber)thatspecificallyidentifiestheversionthatmeetstherequirementsoftheST.Further,theevaluatorshallchecktheAGDguidanceandTOEsamplesreceivedfortestingtoensurethattheversionnumberisconsistentwiththatintheST.Ifthevendormaintainsawebsiteadvertisingthe
TOE,theevaluatorshallexaminetheinformationonthewebsitetoensurethattheinformationintheSTissufficienttodistinguishtheproduct.
ALC_CMS.1TOECMCoverage(ALC_CMS.1)
ALC_CMS.1.1DThedevelopershallprovideaconfigurationlistfortheTOE.
ALC_CMS.1.1CTheconfigurationlistshallincludethefollowing:theTOEitselfandtheevaluationevidencerequiredbytheSARs.
ALC_CMS.1.2CTheconfigurationlistshalluniquelyidentifytheconfigurationitems.
ALC_CMS.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.
AssuranceActivity
The"evaluationevidencerequiredbytheSARs"inthisPPislimitedtotheinformationintheSTcoupledwiththeguidanceprovidedtoadministratorsandusersundertheAGDrequirements.ByensuringthattheTOEisspecificallyidentifiedandthatthisidentificationisconsistentintheSTandintheAGDguidance(asdoneintheassuranceactivityforALC_CMC.1),theevaluatorimplicitlyconfirmstheinformationrequiredbythiscomponent.Lifecyclesupportistargetedaspectsofthedeveloperslifecycleandinstructionstoprovidersofapplicationsforthedevelopersdevices,ratherthananindepthexaminationoftheTSFmanufacturersdevelopmentandconfigurationmanagementprocess.Thisisnotmeanttodiminishthecriticalrolethatadeveloperspracticesplayincontributingtotheoveralltrustworthinessofaproductrather,itsareflectionontheinformationtobemadeavailableforevaluation.
Theevaluatorshallensurethatthedeveloperhasidentified(inguidancedocumentationforapplicationdevelopersconcerningthetargetedplatform)oneormoredevelopmentenvironmentsappropriateforuseindevelopingapplicationsforthedevelopersplatform.Foreachofthesedevelopmentenvironments,thedevelopershallprovideinformationonhowtoconfiguretheenvironmenttoensurethatbufferoverflowprotectionmechanismsintheenvironment(s)areinvoked(e.g.,compilerflags).Theevaluatorshallensurethatthisdocumentationalsoincludesanindicationofwhethersuchprotectionsareonbydefault,orhavetobespecificallyenabled.TheevaluatorshallensurethattheTSFisuniquelyidentified(withrespecttootherproductsfromtheTSFvendor),andthatdocumentationprovidedbythedeveloperinassociationwiththerequirementsintheSTisassociatedwiththeTSFusingthisuniqueidentification.
ALC_TSU_EXT.1TimelySecurityUpdates
ALC_TSU_EXT.1.1DThedevelopershallprovideadescriptionintheTSSofhowtimelysecurityupdatesaremadetotheTOE.Applicationdevelopersmustsupportupdatestotheirproductsforpurposesoffixingsecurityvulnerabilities.
ALC_TSU_EXT.1.2DThedevelopershallprovideadescriptionintheTSSofhowusersarenotifiedwhenupdateschangesecuritypropertiesortheconfigurationoftheproduct.
ALC_TSU_EXT.1.1CThedescriptionshallincludetheprocessforcreatinganddeployingsecurityupdatesfortheTOEsoftware.
ALC_TSU_EXT.1.2CThedescriptionshallexpressthetimewindowasthelengthoftime,indays,betweenpublicdisclosureofavulnerabilityandthepublicavailabilityofsecurityupdatestotheTOE.
ALC_TSU_EXT.1.3CThedescriptionshallincludethemechanismspubliclyavailableforreportingsecurityissuespertainingtotheTOE.Thereportingmechanismcouldincludewebsites,emailaddresses,aswellasameanstoprotectthesensitivenatureofthereport(e.g.,publickeysthatcouldbeusedtoencryptthedetailsofaproofofconceptexploit).
ALC_TSU_EXT.2.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.
AssuranceActivity
TheevaluatorshallverifythattheTSScontainsadescriptionofthetimelysecurityupdateprocessusedbythedevelopertocreateanddeploysecurityupdates.Theevaluatorshallverifythatthisdescriptionaddressestheentireapplication.Theevaluatorshallalsoverifythat,inadditiontotheTOEdevelopersprocess,anythirdpartyprocessesarealsoaddressedinthedescription.Theevaluatorshallalsoverifythateachmechanismfordeploymentofsecurityupdatesisdescribed.
Theevaluatorshallverifythat,foreachdeploymentmechanismdescribedfortheupdateprocess,theTSSlistsatimebetweenpublicdisclosureofavulnerabilityandpublicavailabilityofthesecurityupdatetotheTOEpatchingthisvulnerability,toincludeanythirdpartyorcarrierdelaysindeployment.Theevaluatorshallverifythatthistimeisexpressedinanumberorrangeofdays.
Theevaluatorshallverifythatthisdescriptionincludesthepubliclyavailablemechanisms(includingeitheranemailaddressorwebsite)forreportingsecurityissuesrelatedtotheTOE.Theevaluatorshallverifythatthedescriptionofthismechanismincludesamethodforprotectingthereporteitherusingapublickeyforencryptingemailoratrustedchannelforawebsite.
5.2.5ClassATE:TestsTestingisspecifiedforfunctionalaspectsofthesystemaswellasaspectsthattakeadvantageofdesignorimplementationweaknesses.TheformerisdonethroughtheATE_INDfamily,whilethelatteristhroughthe
AVA_VANfamily.AttheassurancelevelspecifiedinthisPP,testingisbasedonadvertisedfunctionalityandinterfaceswithdependencyontheavailabilityofdesigninformation.Oneoftheprimaryoutputsoftheevaluationprocessisthetestreportasspecifiedinthefollowingrequirements.
ATE_IND.1IndependentTestingConformance(ATE_IND.1)
ATE_IND.1.1DThedevelopershallprovidetheTOEfortesting.
ATE_IND.1.1CTheTOEshallbesuitablefortesting.
ATE_IND.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.
ATE_IND.1.2ETheevaluatorshalltestasubsetoftheTSFtoconfirmthattheTSFoperatesasspecified.
ApplicationNote:Theevaluatorshalltesttheapplicationonthemostcurrentfullypatchedversionoftheplatform.
AssuranceActivity
Theevaluatorshallprepareatestplanandreportdocumentingthetestingaspectsofthesystem,includinganyapplicationcrashesduringtesting.Theevaluatorshalldeterminetherootcauseofanyapplicationcrashesandincludethatinformationinthereport.Thetestplancoversallofthetestingactionscontainedinthe[CEM]andthebodyofthisPPsAssuranceActivities.
WhileitisnotnecessarytohaveonetestcasepertestlistedinanAssuranceActivity,theevaluatormustdocumentinthetestplanthateachapplicabletestingrequirementintheSTiscovered.Thetestplanidentifiestheplatformstobetested,andforthoseplatformsnotincludedinthetestplanbutincludedintheST,thetestplanprovidesajustificationfornottestingtheplatforms.Thisjustificationmustaddressthedifferencesbetweenthetestedplatformsandtheuntestedplatforms,andmakeanargumentthatthedifferencesdonotaffectthetestingtobeperformed.Itisnotsufficienttomerelyassertthatthedifferenceshavenoaffectrationalemustbeprovided.IfallplatformsclaimedintheSTaretested,thennorationaleisnecessary.Thetestplandescribesthecompositionofeachplatformtobetested,andanysetupthatisnecessarybeyondwhatiscontainedintheAGDdocumentation.ItshouldbenotedthattheevaluatorisexpectedtofollowtheAGDdocumentationforinstallationandsetupofeachplatformeitheraspartofatestorasastandardpretestcondition.Thismayincludespecialtestdriversortools.Foreachdriverortool,anargument(notjustanassertion)shouldbeprovidedthatthedriverortoolwillnotadverselyaffecttheperformanceofthefunctionalitybytheTOEanditsplatform.
Thisalsoincludestheconfigurationofthecryptographicenginetobeused.ThecryptographicalgorithmsimplementedbythisenginearethosespecifiedbythisPPandusedbythecryptographicprotocolsbeingevaluated(IPsec,TLS,SSH).Thetestplanidentifieshighleveltestobjectivesaswellasthetestprocedurestobefollowedto
achievethoseobjectives.Theseproceduresincludeexpectedresults.
Thetestreport(whichcouldjustbeanannotatedversionofthetestplan)detailstheactivitiesthattookplacewhenthetestprocedureswereexecuted,andincludestheactualresultsofthetests.Thisshallbeacumulativeaccount,soiftherewasatestrunthatresultedinafailureafixinstalledandthenasuccessfulrerunofthetest,thereportwouldshowafailandpassresult(andthesupportingdetails),andnotjustthepassresult.
5.2.6ClassAVA:VulnerabilityAssessmentForthefirstgenerationofthisprotectionprofile,theevaluationlabisexpectedtosurveyopensourcestodiscoverwhatvulnerabilitieshavebeendiscoveredinthesetypesofproducts.Inmostcases,thesevulnerabilitieswillrequiresophisticationbeyondthatofabasicattacker.Untilpenetrationtoolsarecreatedanduniformlydistributedtotheevaluationlabs,theevaluatorwillnotbeexpectedtotestforthesevulnerabilitiesintheTOE.Thelabswillbeexpectedtocommentonthelikelihoodofthesevulnerabilitiesgiventhedocumentationprovidedbythevendor.Thisinformationwillbeusedinthedevelopmentofpenetrationtestingtoolsandforthedevelopmentoffutureprotectionprofiles.
AVA_VAN.1VulnerabilitySurvey(AVA_VAN.1)
AVA_VAN.1.1DThedevelopershallprovidetheTOEfortesting.
AVA_VAN.1.1CTheTOEshallbesuitablefortesting.
ApplicationNote:Suitabilityfortestingmeansnotbeingobfuscatedorpackagedinsuchawayastodisrupteitherstaticordyanmicanalysisbytheevaluator.
AVA_VAN.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.
AVA_VAN.1.2ETheevaluatorshallperformasearchofpublicdomainsourcestoidentifypotentialvulnerabilitiesintheTOE.
ApplicationNote:PublicdomainsourcesincludetheCommonVulnerabilitiesandExposures(CVE)dictionaryforpubliclyknownvulnerabilities.Publicdomainsourcesalsoincludesiteswhichprovidefreecheckingoffilesforviruses.
AVA_VAN.1.3ETheevaluatorshallconductpenetrationtesting,basedontheidentifiedpotentialvulnerabilities,todeterminethattheTOEisresistanttoattacksperformedbyanattackerpossessingBasicattackpotential.
AssuranceActivity
Theevaluatorshallgenerateareporttodocumenttheirfindingswithrespecttothisrequirement.ThisreportcouldphysicallybepartoftheoveralltestreportmentionedinATE_IND,oraseparatedocument.Theevaluatorperformsasearchofpublicinformationtofindvulnerabilitiesthathavebeenfoundinsimilarapplicationswithaparticularfocusonnetworkprotocolstheapplicationusesand
documentformatsitparses.Theevaluatorshallalsorunavirusscannerwiththemostcurrentvirusdefinitionsagainsttheapplicationfilesandverifythatnofilesareflaggedasmalicious.Theevaluatordocumentsthesourcesconsultedandthevulnerabilitiesfoundinthereport.
Foreachvulnerabilityfound,theevaluatoreitherprovidesarationalewithrespecttoitsnonapplicability,ortheevaluatorformulatesatest(usingtheguidelinesprovidedinATE_IND)toconfirmthevulnerability,ifsuitable.Suitabilityisdeterminedbyassessingtheattackvectorneededtotakeadvantageofthevulnerability.Ifexploitingthevulnerabilityrequiresexpertskillsandanelectronmicroscope,forinstance,thenatestwouldnotbesuitableandanappropriatejustificationwouldbeformulated.
A.OptionalRequirementsAsindicatedinSection2,thebaselinerequirements(thosethatmustbeperformedbytheTOE)arecontainedinthebodyofthisPP.Additionally,therearethreeothertypesofrequirementsspecifiedinAppendixA,AppendixB,andAppendixC.Thefirsttype(inthisAppendix)arerequirementsthatcanbeincludedintheST,butarenotrequiredinorderforaTOEtoclaimconformancetothisPP.Thesecondtype(inAppendixB)arerequirementsbasedonselectionsinthebodyofthePP:ifcertainselectionsaremade,thenadditionalrequirementsinthatappendixmustbeincluded.Thethirdtype(inAppendixCarecomponentsthatarenotrequiredinordertoconformtothisPP,butwillbeincludedinthebaselinerequirementsinfutureversionsofthisPP,soadoptionbyvendorsisencouraged.NotethattheSTauthorisresponsibleforensuringthatrequirementsthatmaybeassociatedwiththoseinAppendixA,AppendixB,andAppendixCbutarenotlisted(e.g.,FMTtyperequirements)arealsoincludedintheST.
FCS_TLSC_EXT.1TLSClientProtocol
FCS_TLSC_EXT.1.4TheapplicationshallsupportmutualauthenticationusingX.509v3certificates.
ApplicationNote:TheuseofX.509v3certificatesforTLSisaddressedinFIA_X509_EXT.2.1.ThisrequirementaddsthataclientmustbecapableofpresentingacertificatetoaTLSserverforTLSmutualauthentication.
AssuranceActivity
TheevaluatorshallensurethattheTSSdescriptionrequiredperFIA_X509_EXT.2.1includestheuseofclientsidecertificatesforTLSmutualauthentication.
TheevaluatorshallverifythattheAGDguidancerequiredperFIA_X509_EXT.2.1includesinstructionsforconfiguringtheclientsidecertificatesforTLSmutualauthentication.
Theevaluatorshallalsoperformthefollowingtest:Test1:Theevaluatorshallperformthefollowingmodificationtothetraffic:
Configuretheservertorequiremutualauthentication
andthenmodifyabyteinaCAfieldintheServersCertificateRequesthandshakemessage.ThemodifiedCAfieldmustnotbetheCAusedtosigntheclientscertificate.Theevaluatorshallverifytheconnectionisunsuccessful.
B.SelectionBasedRequirementsAsindicatedintheintroductiontothisPP,thebaselinerequirements(thosethatmustbeperformedbytheTOEoritsunderlyingplatform)arecontainedinthebodyofthisPP.ThereareadditionalrequirementsbasedonselectionsinthebodyofthePP:ifcertainselectionsaremade,thenadditionalrequirementsbelowwillneedtobeincluded.
FCS_RBG_EXT.2RandomBitGenerationfromApplication
FCS_RBG_EXT.2.1Theapplicationshallperformalldeterministicrandombitgeneration(DRBG)servicesinaccordancewith[selection,atleastoneof:
NISTSpecialPublication80090Ausing[selection:Hash_DRBG(any),HMAC_DRBG(any),CTR_DRBG(AES)],FIPSPub1402AnnexC:X9.31Appendix2.4usingAES
].
ThisrequirementdependsuponselectioninFCS_RBG_EXT.1.1.
ApplicationNote:ThisrequirementshallbeincludedinSTsinwhichimplementDRBGfunctionalityischoseninFCS_RBG_EXT.1.1.TheSTauthorshouldselectthestandardtowhichtheRBGservicescomply(eitherSP80090AorFIPS1402AnnexC).
SP80090Acontainsthreedifferentmethodsofgeneratingrandomnumberseachofthese,inturn,dependsonunderlyingcryptographicprimitives(hashfunctions/ciphers).TheSTauthorwillselectthefunctionused(ifSP80090Aisselected),andincludethespecificunderlyingcryptographicprimitivesusedintherequirementorintheTSS.Whileanyoftheidentifiedhashfunctions(SHA1,SHA224,SHA256,SHA384,SHA512)areallowedforHash_DRBGorHMAC_DRBG,onlyAESbasedimplementationsforCTR_DRBGareallowed.
NotethatforFIPSPub1402AnnexC,currentlyonlythemethoddescribedinNISTRecommendedRandomNumberGeneratorBasedonANSIX9.31AppendixA.2.4,Section3isvalid.UseofthisDRBGisdisallowedafter2015perNISTSP800131A.ThePPwillbeupdatedtoreflectthishowever,developersshouldbegintransitioningfromthisDRBGassoonaspossible.
AssuranceActivity
Theevaluatorshallperformthefollowingtests,dependingonthestandardtowhichtheRBGconforms.
ImplementationsConformingtoFIPS1402AnnexC.
ThereferenceforthetestscontainedinthissectionisTheRandomNumberGeneratorValidationSystem(RNGVS).Theevaluatorsshallconductthefollowingtwotests.Notethatthe"expectedvalues"areproducedbyareferenceimplementationofthealgorithmthatisknowntobecorrect.ProofofcorrectnessislefttoeachScheme.
Test1:TheevaluatorsshallperformaVariableSeedTest.Theevaluatorsshallprovideasetof128(Seed,DT)pairstotheTSFRBGfunction,each128bits.Theevaluatorsshallalsoprovideakey(ofthelengthappropriatetotheAESalgorithm)thatisconstantforall128(Seed,DT)pairs.TheDTvalueisincrementedby1foreachset.Theseedvaluesshallhavenorepeatswithintheset.TheevaluatorsensurethatthevaluesreturnedbytheTSFmatchtheexpectedvalues.Test2:TheevaluatorsshallperformaMonteCarloTest.Forthistest,theysupplyaninitialSeedandDTvaluetotheTSFRBGfunctioneachoftheseis128bits.Theevaluatorsshallalsoprovideakey(ofthelengthappropriatetotheAESalgorithm)thatisconstantthroughoutthetest.TheevaluatorstheninvoketheTSFRBG10,000times,withtheDTvaluebeingincrementedby1oneachiteration,andthenewseedforthesubsequentiterationproducedasspecifiedinNISTRecommendedRandomNumberGeneratorBasedonANSIX9.31AppendixA.2.4Usingthe3KeyTripleDESandAESAlgorithms,Section3.Theevaluatorsensurethatthe10,000thvalueproducedmatchestheexpectedvalue.
ImplementationsConformingtoNISTSpecialPublication80090ATest1:Theevaluatorshallperform15trialsfortheRNGimplementation.IftheRNGisconfigurable,theevaluatorshallperform15trialsforeachconfiguration.TheevaluatorshallalsoconfirmthattheoperationalguidancecontainsappropriateinstructionsforconfiguringtheRNGfunctionality.
IftheRNGhaspredictionresistanceenabled,eachtrialconsistsof(1)instantiateDRBG,(2)generatethefirstblockofrandombits(3)generateasecondblockofrandombits(4)uninstantiate.Theevaluatorverifiesthatthesecondblockofrandombitsistheexpectedvalue.Theevaluatorshallgenerateeightinputvaluesforeachtrial.Thefirstisacount(014).Thenextthreeareentropyinput,nonce,andpersonalizationstringfortheinstantiateoperation.Thenexttwoareadditionalinputandentropyinputforthefirstcalltogenerate.Thefinaltwoareadditionalinputandentropyinputforthesecondcalltogenerate.Thesevaluesarerandomlygenerated.generateoneblockofrandombitsmeanstogeneraterandombitswithnumberofreturnedbitsequaltotheOutputBlockLength(asdefinedinNISTSP80090A).
IftheRNGdoesnothavepredictionresistance,eachtrialconsistsof(1)instantiateDRBG,(2)generatethefirstblockofrandombits(3)reseed,(4)generateasecondblockofrandombits(5)uninstantiate.Theevaluatorverifiesthatthesecondblockofrandombitsistheexpectedvalue.Theevaluatorshallgenerateeightinputvaluesforeachtrial.Thefirstisacount(0
14).Thenextthreeareentropyinput,nonce,andpersonalizationstringfortheinstantiateoperation.Thefifthvalueisadditionalinputtothefirstcalltogenerate.Thesixthandseventhareadditionalinputandentropyinputtothecalltoreseed.Thefinalvalueisadditionalinputtothesecondgeneratecall.
Thefollowingparagraphscontainmoreinformationonsomeoftheinputvaluestobegenerated/selectedbytheevaluator.
Entropyinput:thelengthoftheentropyinputvaluemustequaltheseedlength.
Nonce:Ifanonceissupported(CTR_DRBGwithnoDerivationFunctiondoesnotuseanonce),thenoncebitlengthisonehalftheseedlength.
Personalizationstring:Thelengthofthepersonalizationstringmustbelessthenorequaltoseedlength.Iftheimplementationonlysupportsonepersonalizationstringlength,thenthesamelengthcanbeusedforbothvalues.Ifmorethanonestringlengthissupport,theevaluatorshallusepersonalizationstringsoftwodifferentlengths.Iftheimplementationdoesnotuseapersonalizationstring,novalueneedstobesupplied.
Additionalinput:theadditionalinputbitlengthshavethesamedefaultsandrestrictionsasthepersonalizationstringlengths.
FCS_RBG_EXT.2.2ThedeterministicRBGshallbeseededbyanentropysourcethataccumulatesentropyfromaplatformbasedDRBGand[selection:
asoftwarebasednoisesource,noothernoisesource
]withaminimumof[selection:128bits,256bits
]ofentropyatleastequaltothegreatestsecuritystrength(accordingtoNISTSP80057)ofthekeysandhashesthatitwillgenerate.
ThisrequirementdependsuponselectioninFCS_RBG_EXT.1.1.
ApplicationNote:ThisrequirementshallbeincludedinSTsinwhichimplementDRBGfunctionalityischoseninFCS_RBG_EXT.1.1.Forthefirstselectioninthisrequirement,theSTauthorselects'softwarebasednoisesource'ifanyadditionalnoisesourcesareusedasinputtotheapplication'sDRBG.Notethattheapplicationmustusetheplatform'sDRBGtoseeditsDRBG.
Inthesecondselectioninthisrequirement,theSTauthorselectstheappropriatenumberofbitsofentropythatcorrespondstothegreatestsecuritystrengthofthealgorithmsincludedintheST.SecuritystrengthisdefinedinTables2and3ofNISTSP80057A.Forexample,iftheimplementationincludes2048bit
RSA(securitystrengthof112bits),AES128(securitystrength128bits),andHMACSHA256(securitystrength256bits),thentheSTauthorwouldselect256bits.
AssuranceActivity
DocumentationshallbeproducedandtheevaluatorshallperformtheactivitiesinaccordancewithAppendixDandtheClarificationtotheEntropyDocumentationandAssessmentAnnex.
Inthefuture,specificstatisticaltesting(inlinewithNISTSP80090B)willberequiredtoverifytheentropyestimates.
FCS_CKM_EXT.1CryptographicKeyGenerationServices
FCS_CKM_EXT.1.1Theapplicationshall[selection:
generatenoasymmetriccryptographickeys,invokeplatformprovidedfunctionalityforasymmetrickeygeneration,implementasymmetrickeygeneration
].
ThisrequirementdependsuponselectioninFCS_TLSC_EXT.1.
ApplicationNote:Ifimplementasymmetrickeygenerationorinvokeplatformprovidedfunctionalityforasymmetrickeygenerationischosen,thenadditionalFCS_CKM.1elementsshallbeincludedintheST.
AssuranceActivity
Theevaluatorshallinspecttheapplicationanditsdeveloperdocumentationtodetermineiftheapplicationneedsasymmetrickeygenerationservices.Ifnot,theevaluatorshallverifythegeneratenoasymmetriccryptographickeysselectionispresentintheST.Otherwise,theevaluationactivitiesshallbeperformedasstatedintheselectionbasedrequirements.
FCS_CKM.1CryptographicKeyGeneration
FCS_CKM.1.1Theapplicationshallgenerateasymmetriccryptographickeysinaccordancewithaspecifiedcryptographickeygenerationalgorithm[selection:
[RSAschemes]usingcryptographickeysizesof[2048bitorgreater]thatmeetthefollowing:[selection:FIPSPUB1864,DigitalSignatureStandard(DSS),AppendixB.3,ANSIX9.311998,Section4.1
],[ECCschemes]using[NISTcurvesP256,P384and[selection:P521,noothercurves]]thatmeetthefollowing:[FIPSPUB186
4,DigitalSignatureStandard(DSS),AppendixB.4],[FFCschemes]usingcryptographickeysizesof[2048bitorgreater]thatmeetthefollowing:[FIPSPUB1864,DigitalSignatureStandard(DSS),AppendixB.1]
].
ThisrequirementdependsuponselectioninFCS_CKM_EXT.1.
ApplicationNote:TheSTauthorshallselectallkeygenerationschemesused