Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks 7.05, 7.11 manual TOE Summary Specification Rationale, FCSCOP.1, FDPUCT.1

Models: 7.11 7.05

1 67

Download 67 pages 33.01 Kb

Page 62

Security Target, Version 3.9						March 18, 2008


	SFR ID		Dependencies		Dependency Met

	FPT_TST.1		FPT_AMT.1		
	FPT_TST.1		FPT_AMT.1		
	FTP_TRP.1		[none]		
	FTP_TRP.1		[none]		

8.6 TOE Summary Specification Rationale

8.6.1TOE Summary Specification Rationale for the Security Functional Requirements

Each subsection in the TOE Summary Specification (Section 6) describes a security function of the TOE. Each description is organized by a set of requirements with rationale that indicates how these requirements are satisfied by aspects of the corresponding security function. The set of security functions work together to satisfy all of the security functions and assurance requirements. Furthermore, all of the security functions are necessary in order for the TSF to provide the required security functionality. This section, in conjunction with the TOE Summary Specification section, provides evidence that the security functions are suitable to fulfill the TOE security requirements. Please see Section 6 - TOE Summary Specification for more details.

Table 14 identifies the relationship between security requirements and security functions, showing that all security requirements are addressed and all security functions are necessary (i.e., they correspond to at least one security requirement).

The only security mechanism that is realized by a probabilistic or permutational implementation is the password mechanism. Refer to Section 8.7 for Strength of Function.

Table 14 - Mapping of Security Functional Requirements to TOE Security Functions

	TOE Security Function	SFR

	Security Audit	FAU_GEN.1
		FAU_SAR.1

	Cryptographic Support	FCS_CKM.1(a)
		FCS.CKM.4
		FCS_COP.1

	User Data Protection	FDP_ACC.2
		FDP_ACF.1
		FDP_IFC.2
		FDP_IFF.1
		FDP_UCT.1
		FDP_UIT.1

	Identification and	FIA_UAU.1
	Authentication	FIA_UAU.5
		FIA_UID.2

	Security Management	FMT_MOF.1
		FMT_MSA.1
		FMT_MSA.2
		FMT_MSA.3
		FMT_SMF.1
		FMT_SMR.1

	Protection of the TSF	FPT_AMT.1
		FPT_RPL.1
		FPT_TST.1

	Trusted Path/Channels	FTP_TRP.1


Nortel VPN Router v7.05 and Client Workstation v7.11			Page 62 of 67

© 2008 Nortel Networks

Image 62

Nortel Networks 7.05, 7.11 manual TOE Summary Specification Rationale, FCSCOP.1, FDPUCT.1

Contents

Prepared by Evaluation Assurance Level EAL 4+ Document VersionPrepared for Nortel NetworksModification Date Revision HistoryVersion Modified ByTOE SUMMARY SPECIFICATION Table of ContentsTABLE OF CONTENTS REVISION HISTORYPROTECTION PROFILE CLAIMS Table of FiguresTable of Tables RATIONALE1.2 Security Target, TOE and CC Identification and Conformance 1 Security Target Introduction1.1 Purpose Table 1 - ST, TOE, and CC Identification and Conformance1.3.2 Terminology 1.3 Conventions, Acronyms, and Terminology1.3.1 Conventions Table 2 - TerminologyPage 7 of Primary Admin passwordView Nortel VPN Router rights 2.1 Product Type Figure 1 - VPN Client Deployment Configuration of the TOE2 TOE Description 2.2 Product DescriptionFigure 2 - Branch Office Deployment Configuration of the TOE 2.3.1 Physical Boundary Figure 4 - Physical TOE Boundary in Branch Office Tunnel Mode2.3 TOE Boundaries and Scope Figure 3 - Physical TOE Boundary2.3.2 Logical Boundary 2.3.1.1 TOE EnvironmentThe World Nortel VPN Switch Software VxWorks OS Contivity Hardware ApplianceFigure 6 - TOE Logical Boundary in Branch Office Tunnel Mode Software2.3.2.3 User Data Protection 2.3.2.1 Security Audit2.3.2.2 Cryptographic Support 2.3.2.6 Protection of the TOE Security Functions 2.3.2.4 Identification and Authentication2.3.2.5 Security Management 2.3.2.7 Trusted Path/Channels2.3.3 Excluded TOE Functionality 3.2 Threats to Security 3 TOE Security Environment3.1 Assumptions T.HACK 3.2.1 Threats Addressed by the TOE3.2.2 Threats Addressed by the TOE Environment TE.PHYSICAL4 Security Objectives 4.1 Security Objectives for the TOE4.2.2 Non-IT Security Objectives 4.2 Security Objectives for the Environment4.2.1 IT Security Objectives Table 3 - TOE Security Functional Requirements 5 IT Security Requirements5.1 TOE Security Functional Requirements Page 21 of FAUSAR.1 Audit review 5.1.1 Class FAU Security AuditFAUGEN.1 Audit Data Generation Table 4 - Auditable EventsDependencies FAUGEN.1 Audit data generation Page 23 ofCryptographic key generation Diffie-Hellman 5.1.2 Class FCS Cryptographic SupportFCSCKM.1a FCSCKM.1bFCSCOP.1d Cryptographic operation authenticationFCSCOP.1b Cryptographic operation random number generationFCSCKM.4 Cryptographic key destruction FDPITC.2 Import of user data with security attributes, orFCSCKM.1 Cryptographic key generation FMTMSA.2 Secure security attributes5.1.3 Class FDP User Data Protection FDPACC.2 Complete access controlFDPACF.1 Security attribute based access control FDPIFC.2a Complete information flow control VPNFDPIFC.2b Complete information flow control Firewall FDPIFF.1a Simple security attributes VPNFDPIFF.1b Simple security attributes Firewall Page 30 of FDPUCT.1 Basic data exchange confidentialityFDPUIT.1 Data exchange integrity FIAUAU.5 Multiple authentication mechanisms 5.1.4 Class FIA Identification and AuthenticationFIAUAU.1 Timing of authentication FIAUID.2 User identification before any actionPage 32 of FMTMOF.1b Management of security functions behaviour 5.1.5 Class FMT Security ManagementFMTMOF.1a Management of security functions behaviour FMTMSA.1a Management of security attributesFMTMSA.3a Static attribute initialisation FMTMSA.1c Management of security attributesFMTMSA.2 Secure security attributes Page 34 ofFMTMSA.3c Static attribute initialisation FMTSMF.1 Specification of Management FunctionsFMTMSA.3b Static attribute initialisation FMTSMR.1 Security rolesThe TSF shall be able to associate users with roles Page 36 of5.1.6 Class FPT Protection of the TSF FPTAMT.1 Abstract machine testingFPTTST.1 TSF testing FPTRPL.1 Replay detection5.1.7 Class FTP Trusted Path/Channels FTPTRP.1 Trusted pathFPTSEP.1 TSF domain separation 5.2 Security Functional Requirements on the IT EnvironmentFPTRVM.1 Non-bypassability of the TSP FPTSTM.1 Reliable time stampsPage 40 of 5.3 Assurance Requirements Table 6 - Assurance Components6 TOE Summary Specification 6.1 TOE Security FunctionsAccounting Logs 6.1.1 Security AuditConfiguration Log Security LogTOE Security Functional Requirements Satisfied FAUGEN.1, FAUSAR.1 System LogEvent Log Table 9 - FIPS-Validated Cryptographic Algorithms 6.1.2 Cryptographic SupportTable 8 - FIPS Validated Modules 6.1.3 User Data Protection Page 46 of6.1.4 Identification and Authentication 6.1.5 Security Management6.1.6.2 Conditional Self-Tests 6.1.6.1 Power-Up Self-Tests6.1.6 Protection of the TOE Security Functions 6.2 TOE Security Assurance Measures 6.1.7 Trusted Path/Channels8 Augmentation to EAL 4+ assurance level Page 50 of7 Protection Profile Claims 7.1 Protection Profile ReferenceTable 11 - Relationship of Security Threats to Objectives 8 Rationale8.1 Security Objectives Rationale T.HACK Page 54 of Nortel VPN Router v7.05 and Client Workstation2008 Nortel Networks 8.2 Security Functional Requirements Rationale Page 55 ofRequirements Table 12 - Relationship of Security Requirements to ObjectivesObjectives  The Primary Admin access to all the administrative functions that are used to enforce the SFP FMTMSA.3a,b,c O.REPLAY 8.5 Dependency Rationale 8.3 Security Assurance Requirements Rationale8.4 Rationale for Strength of Function Table 13 - Functional Requirements DependenciesMet by hierarchical SFR FIAUID.2 9 Met by hierarchical SFR FDPACC.2Met by hierarchical SFR FDPIFC.2 SFR IDFDPUCT.1 8.6 TOE Summary Specification RationaleFCSCOP.1 8.6.2.3 Development 8.6.2.1 Configuration Management8.6.2.2 Secure Delivery and Operation 8.6.2.6 Tests 8.6.2.4 Guidance Documentation8.6.2.5 Life Cycle Support Documents Page 64 of8.7 Strength of Function 8.6.2.7 Vulnerability and TOE Strength of Function Analyses9 Acronyms Table 15 - AcronymsPage 67 of