SERTIT, P.O. Box 814, N-1306 Sandvika, NORWAY
Phone: +47 67 86 40 00 Fax: +47 67 86 40 09 E-mail: post@sertit.no Internet: www.sertit.no
Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security
SERTIT-117 CR Certification Report
Issue 1.0 25 June 2019
Expiry date 25 June 2024
Cloudian Solution HyperStore version 7.2
CERTIFICATION REPORT - SERTIT STANDARD REPORT TEMPLATE ST 009E VERSION 2.5 15.05.2018
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
Page 2 of 14 SERTIT-117 CR Issue 1.0
25 June 2019
ARRANGEMENT ON THE RECOGNITION OF COMMON CRITERIA CERTIFICATES IN
THE FIELD OF INFORMATION TECHNOLOGY SECURITY (CCRA)
SERTIT, the Norwegian Certification Authority for IT Security, is a member of the above
Arrangement and as such this confirms that the Common Criteria certificate has been
issued by or under the authority of a Party to this Arrangement and is the Party’s c laim
that the certificate has been issued in accordance with the terms of this Arrangement
The judgements contained in the certificate and Certification Report are those of SERTIT
which issued it and the evaluation facility (EVIT) which carried out the eva luation. There
is no implication of acceptance by other Members of the Agreement Group of liability in
respect of those judgements or for loss sustained as a result of reliance placed upon
those judgements by a third party.
The recognition under CCRA is limited to cPP related assurance packages or components
up to EAL 2 with ALC_FLR CC part 3 components.
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
SERTIT-117 CR Issue 1.0
25 June 2019
Page 3 of 14
Contents
1 Certification Statement 4
2 Abbreviations 5
3 References 6
4 Executive Summary 7
4.1 Introduction 7
4.2 Evaluated Product 7
4.3 TOE scope 7
4.4 Protection Profile Conformance 7
4.5 Assurance Level 7
4.6 Security Policy 7
4.7 Security Claims 8
4.8 Threats Countered 8
4.9 Threats and Attacks not Countered 8
4.10 Environmental Assumptions and Dependencies 8
4.11 Evaluation Conduct 9
4.12 General Points 9
5 Evaluation Findings 10
5.1 Introduction 10
5.2 Delivery 11
5.3 Installation and Guidance Documentation 11
5.4 Misuse 11
5.5 Vulnerability Analysis 11
5.6 Developer’s Tests 11
5.7 Evaluators’ Tests 12
6 Evaluation Outcome 13
6.1 Certification Result 13
6.2 Recommendations 13
Annex A: Evaluated Configuration 14
TOE Identification 14
TOE Documentation 14
TOE Configuration 14
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
Page 4 of 14 SERTIT-117 CR Issue 1.0
25 June 2019
1 Certification Statement
Cloudian, Inc. Cloudian Solution is a multi-tenant object storage system,
which consolidates unstructured data objects and data files to a single,
limitlessly scalable storage.
Cloudian Solution (HyperStore version 7.2) has been evaluated under the
terms of the Norwegian Certification Authority for IT Security and has met the
Common Criteria Part 3 (ISO/IEC 15408) components of Evaluation
Assurance Level EAL 2 augmented with ALC_FLR.1 for the specified
Common Criteria Part 2 (ISO/IEC 15408) functionality in the specified
environment when running on the platforms specified in Annex A.
Certification
team
Arne Høye Rage, SERTIT
Lars Borgos, SERTIT
Date approved 25 June 2019
Expiry date 25 June 2024
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
SERTIT-117 CR Issue 1.0
25 June 2019
Page 5 of 14
2 Abbreviations
CC Common Criteria for Information Technology Security
Evaluation(ISO/IEC 15408)
CCRA Arrangement on the Recognition of Common Criteria
Certificates in the Field of Information Technology Security
CEM Common Methodology for Information Technology Security
Evaluation
cPP collaborative Protection Profile
EAL Evaluation Assurance Level
EOR Evaluation Observation Report
ETR Evaluation Technical Report
EVIT Evaluation Facility under the Norwegian Certification
Scheme for IT Security
EWP Evaluation Work Plan
ISO/IEC 15408 Information technology –- Security techniques –- Evaluation
criteria for IT security
POC Point of Contact
PP Protection Profile
QP Qualified Participant
SERTIT Norwegian Certification Authority for IT Security
SOGIS MRA SOGIS Mutual Recognition Agreement of Information
Technology Security Evaluation Certificates
SPM Security Policy Model
ST Security Target
TOE Target of Evaluation
TSF TOE Security Functions
TSP TOE Security Policy
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
Page 6 of 14 SERTIT-117 CR Issue 1.0
25 June 2019
3 References
[1] SERTIT (2018), The Norwegian Certification Scheme, SD001E,
Version 10.4, SERTIT, 20 February 2018.
[2] CCRA (2017), Common Critera for Information Technology Security
Evaluation, Part 1: Introduction and general model, CCMB-2017-04-
001, Version 3.1 R5, CCRA, April 2017.
[3] CCRA (2017), Common Criteria for Information Technology Security
Evaluation, Part 2: Security functional components, CCMB-2017-
04-002, Version 3.1 R5, CCRA, April 2017.
[4] CCRA (2017), Common Criteria for Information Technology Security
Evaluation, Part 3: Security assurance components, CCMB- 2017-
04-003, Version 3.1 R5, CCRA, April 2017.
[5] CCRA (2017), Common Methodology for Information Technology
Security Evaluation, Evaluation Methodology, CCMB-2017-04-004,
Version 3.1 R5, CCRA, April 2017.
[6] CCRA (2006), ST sanitising for publication, 2006-04-004, CCRA,
April 2006.
[7] CCRA (2014), Arrangement on the Recognition of Common Criteria
Certificates In the field of Information Technology Security , CCRA,
July 2n d
2014.
[8] Hyperstore Object Storage Software Platform Security Target
version 1.3, 05 June 2019
[9] ETR for the evaluation project SERTIT-117Common Criteria EAL2
Augmented with ALC_FLR.1 Evaluation of HyperStore Object
Storage Software Platform, Version 1.1, 7 June 2019
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
SERTIT-117 CR Issue 1.0
25 June 2019
Page 7 of 14
4 Executive Summary
4.1 Introduction
This Certification Report states the outcome of the Common Criteria security
evaluation of Cloudian Solution (HyperStore version 7.2) to the developer,
Cloudian, Inc., and is intended to assist prospective consumers when judging
the suitability of the IT security of the product for their particular
requirements.
Prospective consumers are advised to read this report in conjunction with the
ST [8] which specifies the functional, environmental and assurance
evaluation components.
4.2 Evaluated Product
The version of the product evaluated was Cloudian Solution (HyperStore
version 7.2).
This product is also described in this report as the Target of Evaluation
(TOE). The developer was Cloudian, Inc.
Details of the evaluated configuration, including the TOE’s supporting
guidance documentation, are given in Annex A.
4.3 TOE scope
The scope of the evaluation includes software and hardware that form the
TOE and the TOE security functions that are stated in Section 7.1 of the
Security Target[8].
4.4 Protection Profile Conformance
The ST [8] did not claim conformance to any protection profile/cPP.
4.5 Assurance Level
The ST [8] specified the assurance components for the evaluation.
Predefined evaluation assurance level EAL 2 augmented with ALC_FLR.1
was used. Common Criteria Part 3[4] describes the scale of assurance given
by predefined assurance levels EAL1 to EAL7. An overview of CC is given in
CC Part 1[2].
4.6 Security Policy
P .ACCOUNTABILITY The authorized users of the TOE shall be held
accountable for their actions within the TOE.
P .ADMIN_ACCESS An authorized administrator must manage the TOE
securely.
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
Page 8 of 14 SERTIT-117 CR Issue 1.0
25 June 2019
P .CRYPTOGRAPHIC The TOE shall provide cryptographic functions for its
own use, including encryption/decryption operations.
4.7 Security Claims
The ST [8] fully specifies the TOE’s security objectives, the threats which
these objectives counter and security functional components and security
functions to elaborate the objectives. All of the SFR’s are taken from CC Part
2[3]; use of this standard facilitates comparison with other evaluated
products.
4.8 Threats Countered
TT.ADMIN_ERROR The TOE may be incorrectly configured that may result in
the TOE’s acquisition of ineffective security mechanisms.
TT.ADMIN_EXPLOIT A person/company may gain access to an administrator
account.
TT_AUDIT_COMPROMISE A person/company may modify or remove audit
records to mask actions in the past or prevent logging of actions in the
future.
TT.CRYPTO_ COMPROMISE An attacker may compromise cryptographic
keys and the data protected by the cryptographic mechanisms.
TT.HACK_ACCESS A person/company gets undetected system access to the
TOE due to missing, weak and/or incorrectly implemented access control,
causing potential violations of integrity, confidentiality or availability.
TT.MALFUNCTION A) The TOE may malfunction which may compromise
information and data processing. B) The TOE may malfunction which may
compromise roles and permissions.
TE.DATALOSS End users may store or transmit sensitive data in a manner
that is inconsistent with a defined organizational policy, leading to loss of
confidentiality.
4.9 Threats and Attacks not Countered
No threats or attacks that are not countered are described.
4.10 Environmental Assumptions and Dependencies
A.NO_GENERAL_PURPOSE There are no general-purpose computing
capabilities (e.g., compilers or user applications) available on the TOE, other
than those services necessary for the operation, administration and support
of the TOE.
A.PHYSICAL The TOE shall presumably be located in physically secure
environment that can be accessed only by the authorized administrators.
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
SERTIT-117 CR Issue 1.0
25 June 2019
Page 9 of 14
A.TRUSTED_ADMIN The administrators of the TOE shall not have any
malicious intention, shall receive proper training on the TOE management,
and shall follow the administrator guidelines.
4.11 Evaluation Conduct
The evaluation was carried out in accordance with the requirements of the
Norwegian Certification Scheme for IT Security as described in SERTIT
Document SD001E[1]. The Scheme is managed by the Norwegian
Certification Authority for IT Security (SERTIT). As stated on page 2 of this
Certification Report, SERTIT is a member of the Arrangement on the
Recognition of Common Criteria Certificates in the Field of Information
Technology Security, CCRA. The evaluation was conducted in accordance
with the terms of this Arrangement.
The purpose of the evaluation was to provide assurance about the
effectiveness of the TOE in meeting its ST[8] which prospective consumers
are advised to read. To ensure that the ST[8] gave an appropriate baseline
for a CC evaluation, it was first itself evaluated. The T OE was then evaluated
against this baseline. Both parts of the evaluation were performed in
accordance with CC Part 3[4] and the Common Evaluation Methodology
(CEM)[5].
SERTIT monitored the evaluation in accordance with SD001E[1] which was
carried out by the Advanced Data Security Commercial Evaluation Facility
(EVIT). The evaluation was completed when the EVIT submitted the final
ETR[9] to SERTIT in 7 June 2019. SERTIT then produced this Certification
Report.
4.12 General Points
The evaluation addressed the security functionality claimed in the ST [8] with
reference to the assumed operating environment specified by the ST [8]. The
evaluated configuration was that specified in Annex A. Prospective
consumers are advised to check that this matches their identified
requirements and give due consideration to the recommendations and
caveats of this report.
Certification does not guarantee that the IT product is free from security
vulnerabilities. This Certification Report and the belonging Certificate only
reflect the view of SERTIT at the time of certification. It is furthermore the
responsibility of users (both existing and prospective) to ch eck whether any
security vulnerabilities have been discovered since the date shown in this
report. This Certification Report is not an endorsement of the IT product by
SERTIT or any other organization that recognizes or gives effect to this
Certification Report, and no warranty of the IT product by SERTIT or any
other organization that recognizes or gives effect to this Certification Report
is either expressed or implied.
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
Page 10 of 14 SERTIT-117 CR Issue 1.0
25 June 2019
5 Evaluation Findings
The evaluators examined the following assurance classes and compo nents
taken from CC Part 3[4]. These classes comprise the EAL 2 assurance
package augmented with ALC_FLR.1.
Assurance class Assurance components
Development ADV_ARC.1 Security architecture description
ADV_FSP.2 Security-enforcing functional specification
ADV_TDS.1 Basic design
Guidance
documents
AGD_OPE.1 Operational user guidance
AGD_PRE.1 Preparative procedures
Life-cycle
support
ALC_CMC.2 Use of a CM system
ALC_CMS.2 Parts of the TOE CM coverage
ALC_DEL.1 Delivery procedures
ALC_FLR.1 Basic Flaw Remediation
Security Target
evaluation
ASE_CCL.1 Conformance claims
ASE_ECD.1 Extended components definition
ASE_INT.1 ST introduction
ASE_OBJ.2 Security objectives
ASE_REQ.2 Derived security requirements
ASE_SPD.1 Security problem definition
ASE_TSS.1 TOE summary specification
Tests ATE_COV.1 Evidence of coverage
ATE_FUN.1 Functional testing
ATE_IND.2 Independent testing - sample
Vulnerability
assessment
AVA_VAN.2 Vulnerability analysis
5.1 Introduction
The evaluation addressed the requirements specified in the ST [8]. The
results of this work were reported in the ETR[9] under the CC Part 3[4]
headings. The following sections note considerations that are of particular
relevance to either consumers or those involved with subsequent assurance
maintenance and re-evaluation of the TOE.
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
SERTIT-117 CR Issue 1.0
25 June 2019
Page 11 of 14
5.2 Delivery
On receipt of the TOE, the consumer is recommended to check that the
evaluated version has been supplied, and to check that the securit y of the
TOE has not been compromised in delivery.
5.3 Installation and Guidance Documentation
Installation of the TOE must be performed completely in accordance with the
guidance in the Operational User Guidance documents provided by the
developer.
These documents are a collection of all security relevant operations and
settings that must be observed to ensure that the TOE operates in a secure
manner.
5.4 Misuse
There is always a risk of intentional and unintentional misconfigurations that
could possibly compromise confidential information. The user should always
follow the guidance for the TOE in order to ensure that the TOE operates in a
secure manner.
The guidance documents adequately describe the mode of operation of the
TOE, all assumptions about the intended environment and all requirements
for external security. Sufficient guidance is provided for the consumer to
effectively use the TOE’s security functions.
5.5 Vulnerability Analysis
The Evaluators’ vulnerability analysis was based on both public domain
sources and the visibility of the TOE given by the evaluation process.
The evaluators conducted a search of ST, guidance documents, functional
specification, TOE design and security architecture description to identify
possible vulnerabilities.
Potential vulnerabilities have been identified and analyzed.
Penetration tests have been created and performed by the evaluators.
The conclusion is that the TOE is not vulnerable, and the TOE is resistant to
attackers possessing Basic attack potential per requirement s of EAL2.
5.6 Developer’s Tests
The evaluators have examined the test plan and determined that it describes
the scenarios for performing each test, including any ordering dependencies
on results of other tests. The test plan provides information about the tes t
configuration being used: both on the configuration of the TOE and on any
test equipment being used, as well as information about how to execute the
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
Page 12 of 14 SERTIT-117 CR Issue 1.0
25 June 2019
tests. This information is detailed enough to ensure that the test
configuration is reproducible.
5.7 Evaluators’ Tests
For sampling of the developers test the evaluators have employed a
combination of a random sampling method and a method based on the intent
to cover the TSFI, Security Functions, and subsystems to the maximum
extent possible.
The evaluators checked that the actual test results are consistent with the
expected test results that were specified by the developer.
For independent testing the evaluators have employed a method based on
the intent to cover the TSFI, Security Functions, and subsystems t o the
maximum extent possible. The evaluators took into consideration the
potential security impact of the tests, as well as the number of subsystems
that contribute to successful completion of the tests.
The evaluators conducted testing and recorded the results. All results were
consistent with expected result and of passing grade.
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
SERTIT-117 CR Issue 1.0
25 June 2019
Page 13 of 14
6 Evaluation Outcome
6.1 Certification Result
After due consideration of the ETR[9], produced by the Evaluators, and the
conduct of the evaluation, as witnessed by the Certifier, SERTIT has
determined that Cloudian Solution (HyperStore version 7.2) meets the
specified Common Criteria Part 3 components of Evaluation Assurance Level
EAL 2 augmented with ALC_FLR.1 for the specified Common Criteria Part 2
functionality in the specified environment, when running on platforms
specified in Annex A.
6.2 Recommendations
Prospective consumers of Cloudian Solution (HyperStore version 7.2) should
understand the specific scope of the certification by reading this report in
conjunction with the ST[8]. The TOE should be used in accordance with a
number of environmental considerations as specified in the ST[8].
Only the evaluated TOE configuration should be installed. This is specified in
Annex A with further relevant information given above in Section 4.3 “TOE
Scope” and Section 5 “Evaluation Findings”.
The TOE should be used in accordance with the supporting guidance
documentation included in the evaluated configuration.
Cloudian Solution (HyperStore
version 7.2)
EAL 2 augmented with ALC_FLR.1
Page 14 of 14 SERTIT-117 CR Issue 1.0
25 June 2019
Annex A: Evaluated Configuration
TOE Identification
The TOE consists of:
HyperStore version 7.2 Software
TOE Documentation
The supporting guidance documents evaluated were:
[a] HyperStore Object Storage Software Platform Security Target,
Version 1.2
[b] Cloudian Guidance Documentation, Version 1.1
[c] Cloudian HyperStore Administration Guide, Version 1.0
[d] Cloudian HyperStore Installation Guide, Version 1.0
TOE Configuration
The following configuration was used for testing: