6.7.4Trusted processes (TP.4)

Section 4.2.2 provides details on the non-kernel trusted process on the SLES system.

6.7.5TSF Databases (TP.5)

Section 4.3 provides details on the TSF databases on the SUSE Linux Enterprise Server system.

6.7.6Internal TOE protection mechanisms (TP.6)

Section 4.1.1 describes hardware privilege implementation for the System x, System p, System z and Opteron eServer 326. Section 5.5 describes memory management and protection. Section 5.2 describes process control and management.

6.7.7Testing the TOE protection mechanisms (TP.7)

Section 5.13 describes the AMTU tool available to administrative user to test the protection features of the underlying abstract machine.

6.8Security enforcing interfaces between subsystems

This section identifies the security enforcing interfaces between subsystems in the high level design of SLES. The individual functions exported by each subsystem are described with the subsystem itself. This section therefore only discusses in general how the individual subsystems work together to provide the security functions of the TOE. This section is mainly used to identify those internal interfaces between subsystems that are security enforcing in the sense that the subsystems work together to provide a defined security function. Interfaces that are not security enforcing are interfaces between subsystems where the interface is not used to implement a security function.

There is also the situation where a kernel subsystem A invokes functions from another kernel subsystem B using the external interface of the kernel subsystem. This, for example, is the case when a kernel subsystem needs to open and read or write files, using the File and I/O kernel subsystem, or when a kernel subsystem sets the user ID or group ID of a process, using the Process Control subsystem.

In those cases, all the security checks performed by those interface functions apply. Note that a system call function in the kernel operates with the real and effective user ID and group ID of the caller unless the kernel function that implements the system call changes this.

This section describes the interfaces between subsystems, but it only discusses interfaces between kernel components that directly implement security functions. Note that kernel subsystems can use the kernel internal interfaces described in the individual subsystems as well as the externally visible interfaces (system calls).

The subsystems are:

Kernel subsystems:

File and I/O

Process Control

Inter-Process Communication

Networking

Memory Management

Audit

221

Page 233
Image 233
IBM 10 SP1 EAL4 manual Trusted processes TP.4, TSF Databases TP.5, Internal TOE protection mechanisms TP.6