FiberHome Enhanced Optical Transport Equipment
Manager Security Target
Version: 1.9
FiberHome Telecommunication Technologies Co., Ltd.
September 2021
LEGAL INFORMATION
The contents of this document are protected by copyright laws and international treaties. Any
reproduction or distribution of this document or any portion of this document, in any form by
any means, without the prior written consent of FiberHome is prohibited. Additionally, the
contents of this document are protected by contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or
service marks, of FiberHome or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties,
representations or conditions are disclaimed, including without limitation any implied
warranty of merchantability, fitness for a particular purpose title or non-infringement.
FiberHome and its licensors shall not be liable for damages resulting from the use of or
reliance on the information contained herein.
FiberHome or its licensors may have current or pending intellectual property rights or
applications covering the subject matter of this document. Except as expressly provided in
any written license between FiberHome and its licensee, the user of this document shall not
acquire any license to the subject matter herein.
FiberHome reserves the right to upgrade or make technical change to this product without
further notice. Users may visit FiberHome technical support website www.FiberHome.com to
inquire related information.
The ultimate right to interpret this product resides in FiberHome.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 3/51
Document History
Table 1 - History of FiberHome Enhanced Optical Transport Equipment Security Target
Version Date Description
1.0 2020/06/22 Initial version
1.1 2020/07/03 Update TOE name and Webpage link
1.2 2020/9/17 Revision of the assessment
1.3 2020/9/18 Revise the format
1.4 2020/9/25 Add Security related card and Non-Security related card
1.5 2020/12/18 Revision Comments
1.6 2021/3/9 Revision Comments
1.7 2021/05/06 Revision Comments
1.8 2021/09/02 Revision Comments
1.9 2021/09/27 Revision Comments
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 4/51
Contents
1 ST Introduction............................................................................................................................... 7
1.1 ST reference............................................................................................................................7
1.2 TOE reference........................................................................................................................ 7
1.3 TOE Overview........................................................................................................................7
1.3.1 TOE Type.................................................................................................................................10
1.3.2 Major features of the TOE....................................................................................................... 10
1.3.3 Required non-TOE hardware/software/firmware.................................................................... 10
1.4 TOE Description...................................................................................................................11
1.4.1 Evaluated configuration........................................................................................................... 11
1.4.2 Physical Scope......................................................................................................................... 12
1.4.3 Logical Scope...........................................................................................................................16
2 Conformance Claims.....................................................................................................................17
2.1 CC conformance claim.........................................................................................................17
2.2 PP claim................................................................................................................................17
2.3 Security requirement package claim.................................................................................... 17
3 Security Problem Definition.........................................................................................................18
3.1 Threats..................................................................................................................................18
3.1.1 Assets and threat agents...........................................................................................................18
3.1.2 Threats......................................................................................................................................18
3.2 Organizational Security Policies.......................................................................................... 19
3.3 Assumptions......................................................................................................................... 19
4 Security Objectives........................................................................................................................20
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 5/51
4.1 Security Objectives for the TOE.......................................................................................... 20
4.2 Security Objectives for the Environment............................................................................. 21
5 Extended Component Definition..................................................................................................23
6 IT Security Requirements.............................................................................................................25
6.1 Security Functional Requirements....................................................................................... 25
6.1.1 Access...................................................................................................................................... 26
6.1.2 Identification & Authentication............................................................................................... 27
6.1.3 Roles &Authorisation.............................................................................................................. 29
6.1.4 Logging & Auditing.................................................................................................................31
6.1.5 Protection of the TSF...............................................................................................................32
6.1.6 Management.............................................................................................................................32
6.2 Security Assurance Requirements........................................................................................34
6.3 Security Assurance Requirements Rationale........................................................................36
7 TOE Summary Specification........................................................................................................37
8 Rationale.........................................................................................................................................41
8.1 Rationale for Security Objectives.........................................................................................41
8.2 Security Functional Requirements Rationale.......................................................................45
8.2.1 Dependencies Rationale...........................................................................................................49
9 Appendix........................................................................................................................................ 51
9.1 Acronyms............................................................................................................................. 51
9.2 References............................................................................................................................ 51
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 6/51
Figures
Figure 1 - TOE demarcation..............................................................................................................9
Tables
Table 1 - History of FiberHome Enhanced Optical Transport Equipment Security Target...............3
Table 2 – UNM2000 EMS Server requirements............................................................................. 10
Table 3 – UNM2000 EMS Client requirements.............................................................................. 11
Table 4 - Physical scope of optical transport equipment.................................................................12
Table 5 - Physical scope of UNM2000 EMS Server.......................................................................14
Table 6 - Physical scope of UNM2000 EMS Client........................................................................15
Table 7 - TOE security functional requirements..............................................................................25
Table 9 – Management functions.....................................................................................................32
Table 10 – Security Assurance Requirements................................................................................. 34
Table 11 – Rationale for security objectives (1)..............................................................................41
Table 12 – Rationale for security objectives (2)..............................................................................42
Table 13 – Rationale for SFRs (1)...................................................................................................45
Table 14 - Rationale for SFRs (2)....................................................................................................46
Table 12 - Rationale for dependencies of security functional requirements................................... 49
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 7/51
1 ST Introduction
1.1 ST reference
ST title: FiberHome Enhanced Optical Transport Equipment Manager Security
Target
ST developer: FiberHome Telecommunication Technologies Co., Ltd.
ST version number: 1.9
1.2 TOE reference
TOE name: FiberHome Enhanced Optical Transport Equipment Manager including
UNM2000 Server and UNM2000 Client and OTEs: FONST1000 D2,
FONST 5000 COTP, FONST 5000 U10E, FONST 5000 U20E, and
FONST 5000 N32.
TOE version: UNM2000 EMS Server version V3R2SP1
UNM2000 EMS Client version V3R2SP1
FONST 5000 COTP version RP0100
FONST 5000 U10E version RP0101
FONST 5000 U20E version RP0101
FONST 1000 D2 version RP0100
FONST 5000 N32 version RP0101
1.3 TOE Overview
This chapter presents a general overview of FiberHome Enhanced Optical Transport Equipment
Manager, a distributed TOE for the management of the Optical Network Terminal (ONT)
equipment used to terminate the optical fiber line, demultiplex the signal into its component parts
(voice telephone, television, and Internet), and provide power to customer telephones. FiberHome
Enhanced Optical Transport Equipment also helps to provide secure Internet connectivity.
The TOE is deployed in three parts:
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 8/51
UNM2000 Element Management System (EMS) server
UNM2000 Element Management System (EMS) client
Optical Transport Equipment (OTE), namely FONST
FONST stands for company product series name, following 4 digit numbers was decided by
physical size, and following identification code means different scenario was described as follow:
No TOE Description
1 FONST 5000 COTP
The COTP is an optical layer subrack, Which is a single-layer
single-sided subrack providing full-height and half-height slots.
2 FONST 5000 U10E
U10E is an electrical layer subfrack for OTN electrical layer board
access, it has 11 service slots and a backplane bandwidth of
400G/per slot.
3 FONST 5000 U20E
U20E is an electrical layer subfrack for OTN electrical layer board
access, it has 22 service slots and a backplane bandwidth of
400G/per slot.
4 FONST 1000 D2
The FONST 1000 D2 is data center interconnection equipment. It
features small size, large capacity, high speed, low power
consumption, and optical / electrical integration. It has 8 service
slots and the maximum capacity of a single slot is 800G.
5 FONST 5000 N32
The FONST 5000 N32 integrated sub rack is three-layered and
single-sided. It has 32 service slots and the maximum capacity of a
single slot is 400G.
The TOE through the application of OTN technology guarantees the flexibility of service
end-to-end (E2E) grooming and enables different services to share bandwidth. The network
maintenance and fault isolation can be performed easily by virtue of abundant OTN overheads and
simple operation on the EMS.
The TOE is depicted with red dashed line in Figure 1, together with relevant entities in its
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 9/51
environment.
Figure 1 - TOE demarcation
The structure of the deployed TOE, including its role in the system is as follows:
The UNM2000 EMS Client and the UNM2000 EMS Server parts of the TOE are connected
to the same Intranet, which is considered trusted.
The OTEs (also part of the TOE) are distributed and connected to Internet.
The UNM2000 EMS Server sends performance data, alarm data, configuration data and
similar information to the OTE.
One or more management workstations with an UNM2000 EMS Client installed on them,
which is used as a graphical user interface to the EMS Server.
The Operating System Windows Server 2012 of the UNM2000 EMS server supply
timestamps.
The communication between the UNM2000 EMS Server and the OTEs is done using a
private protocol based on TCP/IP with a different encapsulation format.
Lastly, the TOE uses a MYSQL 14.14 in order to store the user credentials and the logs. This
database is located in the UNM2000 EMS Server and it is installed at the same time that the EMS
Server software, therefore, no additional configuration is required. This database has no direct
interface associated and its protection is ensured by the TOE environment.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 10/51
1.3.1 TOE Type
The TOE is a distributed solution for the management of OTEs (models FONST1000 D2, FONST
5000 COTP, FONST 5000 U10E, FONST 5000 U20E, and FONST 5000 N32). The TOE
encompasses:
The software running on the UNM2000 EMS Server
The software running on the UNM2000 EMS Client
The firmware running on the OTEs
All the security functionality of the TOE relies on the software/firmware. No security functionality
relies on the hardware.
1.3.2 Major features of the TOE
The major security features of the TOE are the following:
Authentication: the TOE implements mechanisms for users authentication
Authorization: the TOE implements a role-based access control policy for users
Access Control: the TOE control the access to the OTEs
Audit: the TOE generates audit records
Management: the TOE include management functionality
1.3.3 Required non-TOE hardware/software/firmware
The UNM2000 EMS Server requires for its operation:
Table 2 – UNM2000 EMS Server requirements
Type Name and version
Hardware A Server suitable to run the OS.
Suggested Hardware:
CPU 4 E5-2667V2-8 core Processors
RAM Memory 128GB
6 x 600 GB physical hard disk
2 x 200G SSD + 30T disk array
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 11/51
Type Name and version
OS Windows Server 2012 R2 (Supply time sources)
Database MYSQL 14.14 distribution 5.7.18 for Win64 (x86_64)
The UNM2000 EMS Client requires for its operation:
Table 3 – UNM2000 EMS Client requirements
Type Name and version
Hardware A Workstation suitable to run the OS.
Suggested Hardware:
CPU Intel XeonE5-2637V2 (4-core) 3.5GHz
RAM Memory 16GB
1 x 2TB physical hard disk
OS Windows 10 (10.0.10240)
1.4 TOE Description
1.4.1 Evaluated configuration
The evaluated configuration of the TOE consist of:
UNM2000 EMS Server
Hardware
Same hardware as defined in section 1.3.3 Required non-TOE hardware/software/firmware
Software
Windows Server 2012 R2
TOE – UNM2000 EMS Server V3R2SP1
UNM2000 EMS Client
Hardware
Same hardware as defined in section 1.3.3 Required non-TOE hardware/software/firmware
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 12/51
Software
Windows 10 (10.0.10240)
TOE – UNM2000 EMS Client V3R2SP1
OTEs
FONST1000 D2, FONST 5000 COTP, FONST 5000 U10E, FONST 5000 U20E, and FONST
5000 N32
1.4.2 Physical Scope
1.4.2.1 Physical Scope Optical Transport Equipment
Table 4 - Physical scope of optical transport equipment
Type Identifier Version Form of
Delivery
Developer Hash
HW FONST 5000 COTP RP0100 package module FiberHome
FONST 5000 U10E RP0101 FiberHome
FONST 5000 U20E RP0101 FiberHome
FONST 1000 D2 RP0100 FiberHome
FONST 5000 N32 RP0101 FiberHome
PDF FONST 1000 D2
Data Center
Interconnection
Equipment
Configuration Guide
A fhm.FiberHome.
com
FiberHome 85ab3b3ab0bfd1
8d5c8fe065847b
99e654dd1ff39d
190c6c21cd46b
b7417afd6
FONST 1000 D2
Data Center
Interconnection
Equipment Hardware
Description
A fhm.FiberHome.
com
FiberHome 8b815af66b388
5c6130cc7636b
6635db90cbcaa
3f48659cbdbc61
e2dfaed7107
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 13/51
Type Identifier Version Form of
Delivery
Developer Hash
FONST 1000 D2
Data Center
Interconnection
Equipment Product
Description
A fhm.FiberHome.
com
FiberHome 03d1656e955f8
467dc317d5890
08c3247458737
0ef048610ce9f0
83ff3d3495c
FONST 5000 U
Series Packet
Enhanced OTN
Equipment Hardware
Description
I fhm.FiberHome.
com
FiberHome 898a22d86caf2d
e7bcc78135ca45
6d2921bca60eb
3124b34d09eff6
3beadcaa7
FONST 5000 U
Series Packet
Enhanced OTN
Equipment Product
Description
I fhm.FiberHome.
com
FiberHome b10b1c1fa5e4cf
14e504b302d58
5ba38bd03fac03
1c25dc13b58e4
0400e1860e
FONST 5000 U
Series Packet
Enhanced OTN
Equipment
Troubleshooting
Guide
B fhm.FiberHome.
com
FiberHome 4d62bc48cf34fa
92f7c8dee273ae
703d87e59327a
1d2d3bc7ada4d
9a00f1fb1f
POTN Series of
Products Handling of
Common Alarms
A fhm.FiberHome.
com
FiberHome 0cd5ee7af1bb7a
60541438c2b72
788aa530a4203
986b8151e3ae4
bf7ede7a9bb
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 14/51
1.4.2.2 Physical Scope UNM2000 EMS Server
Table 5 - Physical scope of UNM2000 EMS Server
Type / Name Version Form of
Delivery
Developer Hash
Hardware UNM2000 Element
Management System
Server equipment
N.A. package
module
FiberHome
Software UNM2000 Element
Management System
Server software
UNM2000
V3R2SP1
Pre-installed FiberHome
PDF UNM2000_Network
Convergence
Management System
V3R2 Operation
Guide
A fhm.FiberHo
me.com
FiberHome 3e1ae16516e08
ccf818f207dcdb
2253ea3fcfd203
8c596a63335f0
263b25c746
UNM2000_Network
Convergence
Management System
V3R2_Release Notes
A fhm.FiberHo
me.com
FiberHome f84889f7f652da
3572196d325d0
1455cc84cdcf5b
aa39b8e136507
ab5ee29a01
UNM2000_Network
Convergence
Management System
V3R2 Installation
Guide
A fhm.FiberHo
me.com
FiberHome fbeb71cbd1128f
f46506488c577
b52273c116753
e01bfda8014b8
cab5c113e55
UNM 2000 OTN
POTN Service
Configuration Guide
A fhm.FiberHo
me.com
FiberHome fff30b677b8a2c
db921da99be55
742d720e77269
cf6ee34edf918f
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 15/51
Type / Name Version Form of
Delivery
Developer Hash
d1177ec3ce
UNM2000_Network
Convergence
Management System
Troubleshooting
Guide
A fhm.FiberHo
me.com
FiberHome d17889cc7f499
886666136922d
43df5ea33622d
8dec15a5e1c9a
db48e24b49ef
1.4.2.3 Physical scope UNM2000 EMS client
Table 6 - Physical scope of UNM2000 EMS Client
Type Name Version Form of
Delivery
Developer Hash
Software UNM2000 Element
Management System
Client software
V3R2SP1 CD-ROM FiberHome 85ab3b3ab0bf
d18d5c8fe065
847b99e654d
d1ff39d190c6
c21cd46bb74
17afd6
PDF Please refer to Guide
regarding UNM2000
EMS Server
NA Together with
UNM2000
EMS Server
package.
FiberHome
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 16/51
1.4.3 Logical Scope
The TOE logical scope consists of the security functions/features provided/controlled by the TOE.
The TOE provides the following security features:
1.4.3.1 Authentication
The TOE supports a flexible authentication framework, allowing the TOE to accept/reject users
from UNM2000 EMS client based on: username/password and a configurable subset of IP address
and time of login.
1.4.3.2 Authorization
The TOE supports a flexible role-based authorization framework with predefined and customizable
roles for management. These roles can use the UNM2000 EMS server to manage OTEs.
1.4.3.3 Access Control
OTE transport data of WDM/OTN/POTN/DCI connecting status, in such a way that:
Only the intended recipients from UNM2000 EMS server are able to read OTE signal.
Nobody can modify the signals of OTE, which was monitored by UNM2000 EMS server.
1.4.3.4 Audit
UNM2000 EMS server supports flexible logging and auditing of events.
Records in log files can provide the following uses: monitoring system resources; auditing user
behaviour; alerting on suspicious behaviour.
1.4.3.5 Management
The TOE manages traffic rules, authentication, authorization, user accounts and sessions.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 17/51
2 Conformance Claims
2.1 CC conformance claim
This ST claims conformance to
Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and
General Model; CCMB-2017-04-001/2/3, Version 3.1, Revision 5, April 2017.
Common Criteria for Information Technology Security Evaluation, Part 2: Security
Functional Components; CCMB-2017-04-001/2/3, Version 3.1, Revision 5, April 2017.
Common Criteria for Information Technology Security Evaluation, Part 3: Security
Assurance Components; CCMB-2017-04-001/2/3, Version 3.1, Revision 5, April 2017.
as follows
CC Part 2 extended,
CC Part 3 conformant.
2.2 PP claim
This security target does not claim to any protection profile.
2.3 Security requirement package claim
This security target claims to be conformant to the assurance package EAL 2 augmented by
ALC_FLR.2 (Flaw reporting procedures).
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 18/51
3 Security Problem Definition
3.1 Threats
3.1.1 Assets and threat agents
The assets are:
1. A.Security_parameter: Security parameter’s confidentiality and integrity that was set by
administrators in UNM2000 EMS Server.
2. A.OTE_communication: Confidentiality and integrity of communication between OTE and
UNM2000 EMS server.
These assets are threatened by the following threat agents:
1. TA.ACCESS_OTE: An attacker with access to OTEs.
2. TA.PHYSICAL: An attacker with physical access to the UNM2000 EMS server.
3. TA.ROGUE_USER: A user seeking to act outside his/her authorization from UNM2000
EMS Client.
3.1.2 Threats
Threats to the TOE are defined as below:
T.Confidentiality TA.ACCESS_OTE is able to read A.OTE_communication that he is
not allowed to read.
T.Integrity TA.ACCESS_OTE is able to modify A.OTE_communication that he
is not allowed to modify.
T.Physical_attack TA.PHYSICAL gains physical access to the A.OTE_communication
and is able to violate Confidentiality and integrity of A.Security
parameter and A.OTE_communication.
T.Unauthorised TA.ROGUE_USER performs actions on the A.Security_parameter
that he is not authorized to do.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 19/51
T.Authorised TA.ROGUE_USER performs actions on the A.Security_parameter,
but it cannot be proven.
3.2 Organizational Security Policies
Security policies to be fulfilled by the TOE are defined as below:
P.FLEXIBLE_MANAGEMENT The TOE must be able to support:
A role-based authorization framework with predefined and customizable roles, to manage
the TOE itself.
Manage authentication framework, allowing the TOE to accept/reject users based on
username/password and a configurable subset of IP-address and time of login.
Review logging and auditing of events regularly.
3.3 Assumptions
Assumptions for the IT and non-IT environment and intended usage are defined as below:
A.TRUSTED_NETWORK It is assumed that the intranet connecting UNM 2000 EMS
Server, and EMS Client is trusted and managed with firewall
policy. On the other hand the connection between UNM 2000
EMS Server and the OTEs is considered secure and trustful
since the WDM/OTN/POTN/DCI protocols are used.
A.TIME_SYNC It is also assumed that the UNM2000 EMS server underlying
Windows Server 2012, which supply time sources are trusted
and will not be used to attack the TOE.
A.NO_GENERAL_PURPOSE There are no general-purpose computing capabilities (e.g.
compilers or user applications) available on the TOE, other
than those services necessary for the operation, administration
and support of the TOE.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 20/51
4 Security Objectives
These security objectives describe how the threats described in the previous section will be
addressed. It is divided into:
The Security Objectives for the TOE, describing what the TOE will do to address the
threats
The Security Objectives for the Operational Environment, describing what other entities
must do to address the threats
A rationale that the combination of all of these security objectives indeed addresses the threats may
be found in section 8.1 of this Security Target.
4.1 Security Objectives for the TOE
TOE security objectives are defined as below:
O. Access The TOE shall ensure that OTEs can:
Only send data across pre-defined traffic rules to certain other OTE.
Only receive data across pre-defined traffic rules from other OTE.
Is not able to modify the signal of OTE after the traffic rules was
defined.
O.Authorise The TOE shall support a flexible role-based authorization framework with
predefined and customizable roles. These roles can use the TOE to manage
WDM/OTN/POTN/DCI connecting status from OTE, and manage the role
policy. Each role allows a user to perform certain actions, and the TOE
shall ensure that users can only perform actions when they have a role that
allows this.
O.Authenticate The TOE shall support a flexible authentication framework for UNM2000
EMS server, allowing accept/reject users from UNM2000 EMS Client
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 21/51
based on: username/password and a configurable subset of IP address and
time of login, for verifying if the user’s identification was permitted by
configured conditions.
O.Auditing The TOE shall support flexible logging and auditing of events. UNM2000
EMS client’s user met role policy can access different kinds of log file by
UNM 2000 EMS server, which includes monitoring OTEs resource, user
behaviour from UNM2000 EMS client, and alerting on suspicious
behaviour from UNM 2000 EMS server and OTEs.
O. Manage The TOE provides the management configuration for following items:
Traffic rules of OTEs
Authentication of UNM 2000 EMS Client user
Authorization of access right to UNM 2000 EMS Server
Restriction on user accounts and sessions between UNM 2000 EMS
Client to UNM2000 EMS Server
4.2 Security Objectives for the Environment
Security objectives for the Environment (covers objectives for the IT environment and non
IT-environment) are defined as below:
OE.SERVER_SECURITY The customer shall ensure that the UNM2000 EMS Server and
the OTEs shall be protected from physical intrusion or attacks.
OE.CLIENT_SECURITY The customer shall ensure that only management workstations
can host UNM2000 EMS Client, which should be protected
from attackers to subsequently:
Disclose passwords or other sensitive information
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 22/51
Hijack the client
OE.TRUST&TRAIN_USERS The customer shall ensure that only assigned appropriately
personnel that are sufficiently trustworthy and sufficiently
trained to fulfil role policy of TOE.
OE.TIME The underlying O.S. of UNM 2000 EMS Server support clock
synchronization.
OE.TRUSTED_NETWORKS The customer shall ensure that:
The connection of intranet should be authorized via
pre-defined VPN and firewall policy, so EMS client and
UNM2000 EMS server are configured trustful.
The connection between UNM2000 EMS server and the
OTEs are performed via VPN using the
WDM/OTN/POTN/DCI protocols, therefore, it is
considered secure and trustful.
OE.NO_GENERAL_PURPOSE There are no general-purpose computing capabilities (e.g.
compilers or user applications) available on the TOE, other than
those services necessary for the operation, administration and
support of the TOE. Therefore, users without the administrator
rights can not install 3rd
party software.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 23/51
5 Extended Component Definition
FAU_GEN.3 Simplified audit data generation
Family behaviour
This Security Target introduces one extended component: FAU_GEN.3 Simplified audit data
generation. This component is a simplified version of FAU_GEN.1 and is therefore a suitable
member of the FAU_GEN family. It was added to remove the need to log start and stop of auditing
and to simplify the requirement.
Component levelling
FAU_GEN.1 Audit data generation defines the level of auditable events, and specifies the list
of data that shall be recorded in each record.
FAU_GEN.2 User identity association, the TSF shall associate auditable events to individual
user identities.
FAU_GEN.3 Add or delete types of events to be logged in the security log.
Management: FAU_GEN.1, FAU_GEN.2, FAU_GEN.3
There are no management activities foreseen.
Audit: FAU_GEN.1, FAU_GEN.2, FAU_GEN.3
There are no auditable events foreseen.
FAU_GEN.3 Simplified audit data generation
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 24/51
Hierarchical to: No other components.
Dependencies: FPT_STM.1 Reliable time stamps
FAU_GEN.3.1 The TSF shall be able to generate an audit record of the following auditable
events: [assignment: defined auditable events].
FAU_GEN.3.2 The TSF shall record within each audit record: Date and time of the event,
[assignment: other information about the event].
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 25/51
6 IT Security Requirements
6.1 Security Functional Requirements
This chapter defines the TOE security functional requirements. A list of the security functional
requirements is provided in Table 7. The full text of the security functional requirements is
contained below.
The following notational conventions are used in the requirements. Operations are indicated in bold,
except refinements, which are indicated in bold italic. In general refinements were applied to clarify
requirements and/or make them more readable. Iterations were indicated by adding three letters to
the component name
Table 7 - TOE security functional requirements
Class Functional
requirement
Title
Access FDP_IFC.1 Subset information flow control
FDP_IFF.1 Simple security attributes
Identification &
Authentication
FIA_UID.2 User identification before any action
FIA_UAU.2 User authentication before any action
FIA_AFL.1 Authentication failure handling
FIA_SOS.1 Verification of secrets
FTA_SSL.3 TSF-initiated termination
FTA_MCS.1 Basic limitation on multiple concurrent sessions
Roles &
Authorisation
FMT_SMR.1 Security roles
FDP_ACC.2 Complete access control
FDP_ACF.1 Security attribute based access control
Logging & FAU_GEN.3 Audit data generation
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 26/51
Class Functional
requirement
Title
Auditing FAU_SAR.1 Audit review
FAU_STG.1 Protected audit trail storage
Management FMT_SMF.1 Specification of Management Functions
FMT_MSA.1 Management of security attributes
FMT_MSA.3 Static attribute initialisation
Protection of the
TSF
FPT_STM.1 Time stamps
6.1.1 Access
FDP_IFC.1 Subset information flow control
FDP_IFC.1.1 The TSF shall enforce the [Traffic Policy] on [
Ports (any physical Port on OTEs) which receive, send, and modify OTEs traffic.
Services (on Network) which receive, send, and modify security parameters.
]
FDP_IFF.1 Simple security attributes
FDP_IFF.1.1 The TSF shall enforce the [Traffic Policy] based on the following types of subject
and information security attributes: [
Subjects:
(1)Other network element sending data packages to the OTE. Attributes:
source IP, source port, service.
Information:
(1)Data packages from other network elements. Attributes: destination
port (physical and logical), network service.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 27/51
]
FDP_IFF.1.2 The TSF shall permit an information flow between a controlled subject and controlled
information via a controlled operation if the following rules hold: [
The OTE ACCEPT data information from other network elements if the
configurable rule is explicitly set to ALLOW based on source IP, source port,
destination IP, destination port and WDM/OTN/POTN/DCI Signal
FDP_IFF.1.3 The TSF shall enforce the [additional information flow control SFP rules: OTEs
are in the default wavelength].
FDP_IFF.1.4 The TSF shall explicitly authorise an information flow based on the following rules:
[none]
FDP_IFF.1.5 The TSF shall explicitly deny an information flow based on the following rules:
[none]
6.1.2 Identification & Authentication
FIA_UID.2 User identification before any action
FIA_UID.2.1 The TSF shall require each EMS user to be successfully identified
by username (in all cases), and
by IP-address (if so configured for that user), and
the user is allowed to login at this time (if so configured for that user)
before allowing any other TSF-mediated actions on behalf of that user
FIA_UAU.2 User authentication before any action
FIA_UAU.2.1 The TSF shall require each EMS user to be successfully authenticated before
allowing any other TSF-mediated actions on behalf of that user.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 28/51
FIA_AFL.1 Authentication failure handling
FIA_AFL.1.1 The TSF shall detect when [an administrator configurable positive integer within
[1-99]] unsuccessful authentication attempts occur related to [user login].
FIA_AFL.1.2 When the defined number of unsuccessful authentication attempts has been [met], the
TSF shall [
lock the user account until unlocked by the administrator, or
lock the user account until an administrator configurable positive integer within
1-1440 of minutes have passed, if the account has not been set to permanent locking.
]
FIA_SOS.1 Verification of secrets
FIA_SOS.1.1 The TSF shall provide a mechanism to verify that secrets meet [
At least 8 characters including three of the four types: number, small letter, capital
letter, other characters
cannot contain black spaces
cannot be the username in reverse order or a common dictionary word
can be configured to expire after a configurable amount of time < 999 days
can be configured to be different from the previous 5 or more passwords when
changed
]
Application note: the secrets are the user passwords.
FTA_SSL.3 TSF-initiated termination
FTA_SSL.3.1 The TSF shall terminate an interactive session after a [
configurable period of inactivity more than 30 minutes
when the allowed work time (if so configured for that user) expires
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 29/51
]
FTA_MCS.1 Basic limitation on multiple concurrent sessions
FTA_MCS.1.1 The TSF shall restrict the maximum number of concurrent sessions that belong to
the same user.
FTA_MCS.1.2 The TSF shall enforce, by default, a limit of [1] session per user.
6.1.3 Roles &Authorisation
FMT_SMR.1 Security roles
FMT_SMR.1.1 The TSF shall maintain the roles:[
Administrators
Security Administrator Group
Subdomain Security Administrator Group
Ordinary User Group
Operator Group
Maintainer Group
Inspector Group
FMT_SMR.1.2 The TSF shall be able to associate users with roles.
FDP_ACC.2 Complete access control
FDP_ACC.2.1 The TSF shall enforce the [Role Policy] on [
Subjects:
(1)EMS Client Users
Objects:
(1)EMS Server Resources
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 30/51
] and all operations among subjects and objects covered by the SFP.
FDP_ACC.2.2 The TSF shall ensure that all operations between any subject controlled by the TSF
and any object controlled by the TSF are covered by an access control SFP.
Application note:
Operations are:
R=Read
D=Delete
C=Create
M=Modify
FDP_ACF.1 Security attribute based access control
FDP_ACF.1.1 The TSF shall enforce the [Role Policy] to objects based on the following: [
Subjects:
(1)EMS Client Users. Attribute: user role
Objects:
(1)EMS Server Resources. Attribute: none
]
FDP_ACF.1.2 The TSF shall enforce the following rules to determine if an operation among
controlled subjects and controlled objects is allowed: [a client operation user can be performed
upon a server resource as long as the client user role allows performing such actions upon the
object and the group that the user belongs has the right to carry out operations over the
object category from the particular object.]
FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to objects based on the
following additional rules: [The users from the administrator group has access to all the
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 31/51
operations over all the object].
FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the following
additional rules: [The users from inspector group has no access to any operations over the
objects].
6.1.4 Logging & Auditing
FAU_GEN.3 Audit data generation
FAU_GEN.3.1 The TSF shall be able to generate an audit record of the following auditable events:
[
authentication success/failure
user account is unlocked
user account is enabled
user account is disabled
events that are set to auditable by an Administrator
]
FAU_GEN.3.2 The TSF shall record within each audit record: [
Date and time of the event,
User name
Type of event
Detailed Information
]
Application note: The TOE maintains 3 separate logs: (1) A security log for authentication events,
(2) An operation log for FMT_SMF.1: operations performed by users and (3) A system log for
EMS server action record.
FAU_SAR.1 Audit review
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 32/51
FAU_SAR.1.1 The TSF shall provide [Administrator and suitably customized roles] with the
capability to read [auditable events] from the audit records.
FAU_SAR.1.2 The TSF shall provide the audit records in a manner suitable for the user to interpret
the information.
FAU_STG.1 Protected audit trail storage
FAU_STG.1.1 The TSF shall protect the stored audit records in the audit trail from unauthorized
deletion.
FAU_STG.1.2 The TSF shall be able to [prevent] unauthorized modifications to the stored audit
records in the audit trail.
6.1.5 Protection of the TSF
FPT_STM.1 Reliable time stamps
FPT_STM.1.1 The TSF shall be able to provide reliable time stamps.
6.1.6 Management
FMT_SMF.1 Specification of Management Functions
FMT_SMF.1.1 The TSF shall be capable of performing the following management functions: [
Table 9 – Management functions
Category Management function Related to
SFR
OTE Manage the Traffic Policy Rules FDP_IFF.1
EMS Set whether a user can only login from certain IP addresses,
and if so, which IP addresses
FIA_UID.2
EMS Set the time that a user may remain logged in while inactive FTA_SSL.3
EMS Set whether a user is only allowed to work at certain times, and
if so, at which times
FTA_SSL.3
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 33/51
Category Management function Related to
SFR
EMS Set the number of allowed unsuccessful authentication attempts FIA_AFL.1
EMS Set the number of hours that an account remains locked FIA_AFL.1
EMS Set whether a user account should be:
o unlockable, or
o locked (either permanently or temporarily)
when it exceeds the number of allowed consecutive
unsuccessful authentication attempts
FIA_AFL.1
EMS Unlock a user account FIA_AFL.1
EMS Set whether a user password expires after a certain time, and if
so, after how long
FIA_SOS.1
EMS Set whether the new password of a user must be different from
the last n passwords when the password is changed by the user
and configure n
FIA_SOS.1
EMS Set the maximum number of concurrent sessions for the same
user
FTA_MCS.1
EMS Create, edit and delete customized roles FMT_SMR.1
EMS Add or remove roles to/from users FMT_SMR.1
EMS Add types of events to be logged in the security log FAU_GEN.3.1
EMS Create, edit and delete user accounts FDP_ACC.2
FDP_ACF.1
EMS Disable/enable user accounts FDP_ACC.2
FDP_ACF.1
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 34/51
Category Management function Related to
SFR
EMS Lock/unlock roles FDP_ACC.2
FDP_ACF.1
OTE Adding, deleting and modifying rules in the Taffic Policy FDP_IFC.1,
FDP_IFF.1
]
FMT_MSA.1 Management of security attributes
FMT_MSA.1.1 The TSF shall enforce the [Role Policy] to restrict the ability to [change_default,
query, modify, delete] the security attributes [user role, access rights to operations] to
[Administrators].
FMT_MSA.3 Static attribute initialisation
FMT_MSA.3.1 The TSF shall enforce the [Role Policy] to provide [restrictive] default values for
security attributes that are used to enforce the SFP.
FMT_MSA.3.2 The TSF shall allow the [Administrators] to specify alternative initial values to
override the default values when an object or information is created.
6.2 Security Assurance Requirements
The security assurance requirements for the TOE are the assurance components of evaluation
assurance level 2 (EAL 2) augmented ALC_FLR.2. They are all drawn from Part 3 of the Common
Criteria. The assurance components are listed in Table 9.
Table 10 – Security Assurance Requirements
Assurance class Assurance component (Identifier & Name)
Development(ADV) ADV_ARC.1 Security architecture description
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 35/51
Assurance class Assurance component (Identifier & Name)
ADV_FSP.2 Security-enforcing functional specification
ADV_TDS.1 Basic design
Guidance documents (AGD) AGD_OPE.1 Operational user guidance
AGD_PRE.1 Preparative procedures
Life-cycle support (ALC) ALC_CMC.2 Use of a CM system
ALC_CMS.2 Parts of the TOE CM coverage
ALC_DEL.1 Delivery procedures
ALC_FLR.2 Flaw reporting procedures
Security target evaluation
(ASE)
ASE_CCL.1 Conformance claims
ASE_ECD.1 Extended components definition
ASE_INT.1 ST introduction
ASE_OBJ.2 Security objectives
ASE_REQ.2 Derived security requirements
ASE_SPD.1 Security problem definition
ASE_TSS.1 TOE summary specification
Tests (ATE) ATE_COV.1 Evidence of coverage
ATE_FUN.1 Functional testing
ATE_IND.2 Independent testing - sample
Vulnerability assessment
(AVA)
AVA_VAN.2 Vulnerability analysis
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 36/51
6.3 Security Assurance Requirements Rationale
The Security Assurance Requirements for this Security Target are EAL2+ALC_FLR.2. The reasons
for this choice are that:
EAL 2 is deemed to provide a good balance between assurance and costs and is in
line with FiberHome customer requirements.
ALC_FLR.2 provides assurance that FiberHome has a clear and functioning
process of accepting security flaws from users and updating the TOE when required.
This is also in line with FiberHome customer requirements.
The refinements are derived from FiberHome customer requirements as well.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 37/51
7 TOE Summary Specification
FDP_IFC.1, FDP_IFF.1
The TOE enforce OTE’s data transport by Traffic rule:
OTEs’ Ports are physically isolated from each other, and can only talk to each other through
a switch in the TOE with pre-defined traffic rule.
OTEs’ signal cannot be modified with pre-defined traffic rule.
General:
TOE provides GUI authentication interface, which provide security control with:
FIA_UID.2, FIA_UAU.2, FIA_AFL.1
Whenever a user need to access UNM2000 EMS Server, the user needs to be granted access right
by login UNM2000 EMS client,
Access control:
OTE transport data of WDM/OTN/POTN/DCI connecting status, in such a way that:
Only the intended recipients from UNM2000 EMS server are able to read OTE signal.
Nobody can modify the signals of OTE, which was monitored by UNM2000 EMS
server.
● Nobody can modify the signals
Authentication:
The TOE supports a flexible authentication framework, allowing the TOE to accept/reject
users from UNM2000 EMS client based on: username/password and a configurable subset of
IP address and time of login.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 38/51
FMT_SMR.1, FDP_ACC.2, FDP_ACF.1,
The TOE allows management of the telecommunications network by different users. The TOE can
be configured to give each user precisely the access to the resources of the telecommunication
network that user needs to do his job. To assist in this, the TOE has a number of pre-defined roles:
Administrators: This user group has the management domain over assembly of objects
and operation authorities over assembly of application operations.
Security Administrator Group: This user group has the operation authorities
related to the security management, including user management and online
user management.
Subdomain Security Administrator Group: The Subdomain Security Administrator Group,
created by the security administrator and with its management domain assigned by the
security administrator, only has the security management authority, which cannot be
modified.
Ordinary User Group: The Ordinary User Group is created by the security administrator
(user in the Security Administrator Group) or subdomain security administrator (user in
the Subdomain Security Administrator Group). The management domain and operation
authority of the users in this group are assigned by the security administrator or
subdomain security administrator (When a subdomain security administrator assigns
authority to other users, he cannot assign authority of Administrators group or Security
Administrator Group).
Operator Group: This user group has the management domain over assembly of objects
and operation authorities over assembly of application operators by default. The member
in this group not only has the operation authority of the inspector group, but also can
Authorization:
The TOE supports a flexible role-based authorization framework with predefined and
customizable roles for management. These roles can use the UNM2000 EMS server to
manage OTEs.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 39/51
configure, create and delete data.
Maintainer Group: This user group has the management domain over assembly of objects
and operation authorities over assembly of application maintainers by default. The
member in this group not only has the authority of inspector group and operator group,
but also can configure and download the EMS and device function related data.
Inspector Group: This user group has the management domain over assembly of objects
and operation authorities over assembly of application inspectors by default. The member
in this group can only view, query, count, and export data rather than configure or create
data.
and can assign these roles to specific users.
FAU_GEN.3, FAU_SAR.1, FAU_STG.1, FPT_STM.1
The TOE maintains a security log for authentication events, and supports different log view criteria
according to role policy.
FMT_SMF.1
The TOE allows the Administrator to configure (for each user), what/how/when user was allowed
to log-in:
Audit:
UNM2000 EMS server supports flexible logging and auditing of events.
Records in log files can provide the following uses: monitoring system
resources; auditing user behaviour; alerting on suspicious behaviour.
Management:
The TOE manages traffic rules, authentication, authorization, user accounts and sessions.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 40/51
FMT_MSA.1, FMT_MSA.3
The TOE allows specifying secure values to the attributes used in the access control policy, for
enabling user roles to access different management operations.
FTA_MCS.1, FTA_SSL.3
Session Limitation, conditional block for advanced account management.
FIA_SOS.1
Support password policy by request.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 41/51
8 Rationale
8.1 Rationale for Security Objectives
Table 11 – Rationale for security objectives (1)
Security
objectives
Threat/OSP/
Assumption
O.AUTHORISE
O.AUTHENTICATE
O.
ACCESS
O.AUDITING
O.MANAGE
OE.SERVER_SECURITY
OE.CLIENT_SECURITY
OE.TRUST&TRAIN_USERS
OE.TIME
OE.TRUSTED_NETWORKS
OE.NO_GENERAL_PURPOSE
T. Confidentiality X
T.Integrity X
T.Physical_attack X X X X
T.Unauthorised X X X X X
T.Authorised X X
P.FLEXIBLE_MANAGEMENT X X X
A.TRUSTED_NETWORK X
A.TIME_SYNC X
A.NO_GENERAL_PURPOSE X
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 42/51
Table 12 – Rationale for security objectives (2)
Assumptions/OSPs/Threats Objectives
T.Confidentiality
TA.ACCESS_OTE is able to read
A.OTE_communication that he is not allowed
to read.
This threat is countered by O.ACCESS, which
ensure traffic rules on OTEs.
T.Integrity
TA.ACCESS_OTE is able to modify
A.OTE_communication that he is not allowed
to modify
This threat is countered by the third bullet of
O.ACCESS, which ensure traffic rules on OTEs.
T.Physical_attack
TA.PHYSICAL gains physical access to the
A.OTE_communication and is able to violate
Confidentiality and integrity of A.Security
parameter and A.OTE_communication.
This threat is countered by:
O.AUTHENTICATE, EMS server can verify
user’s identification and IP address.
O.MANAGE, provides management configuration
item of OTEs’ traffic rule and EMS server’s
authorization.
OE.SERVER_SECURITY, Access to the EMS
server and OTEs should be managed by customer.
OE.TRUST&TRAIN_USERS, requiring that the
administrator’s role with privilege should be
trusted and trained by customer.
T.Unauthorised
TA.ROGUE_USER performs actions on the
A Security parameter that he is not authorized
to do.
This threat is countered by four security objectives:
O.AUTHORISE, providing role-based
management for granting access right.
O.AUTHENTICATE EMS server can verify user’s
identification and IP address.
O.MANAGE provides management configuration
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 43/51
Assumptions/OSPs/Threats Objectives
item of EMS server’s authorization.
OE.TRUST&TRAIN_USERS, requiring that the
user’s role with privilege should be trusted and
trained by customer.
OE.CLIENT_SECURITY, the EMS Client should
be protected by customer for preventing sensitive
information leak, Hijack, and min-in-the-middle
attack.
T.Authorised
TA.ROGUE_USER performs actions on the
A.Security_parameter, but it cannot be
proven.
This threat is countered by:
O.AUDITING will ensure that the actions of the
user can be traced back to him.
OE.TIME support the proving evidence on EMS
server.
P.FLEXIBLE_MANAGEMENT
The TOE must be able to support:
A role-based authorization
framework with predefined and
customizable roles, to manage the
TOE itself.
Manage authentication framework,
allowing the TOE to accept/reject
users based on username/password
and a configurable subset of
IP-address and time of login.
Review logging and auditing of
events regularly.
This OSP is primarily implemented by the
combination of three security objectives
O.MANAGE provides management configuration
item on role policy and authorization.
O.AUDITING will ensure that the actions of the
user can be traced back to him.
OE.TIME support the proving evidence on EMS
server.
A.TRUSTED_NETWORK This assumption is upheld by
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 44/51
Assumptions/OSPs/Threats Objectives
It is assumed that the intranet connecting
UNM 2000 EMS Server, and EMS Client is
trusted and managed with firewall policy. On
the other hand the connection between UNM
2000 EMS Server and the OTEs is considered
secure and trustful since the
WDM/OTN/POTN/DCI network protocols
are used.
OE.TRUSTED_NETWORK, connection of
intranet should managed and authorized by
customer.
On the other hand, UNM2000 EMS server and
OTEs connection are performed via VPN using the
WDM/OTN/POTN/DCI network protocols,
therefore, it is considered secure and trustful.
A.TIME_SYNC
It is also assumed that the UNM2000 EMS
server underlying Windows Server 2012,
which supply time sources are trusted and will
not be used to attack the TOE.
This assumption is upheld by
OE.TIME support the clock synchronization.
A.NO_GENERAL_PURPOSE
There are no general-purpose computing
capabilities (e.g. compilers or user
applications) available on the TOE, other than
those services necessary for the operation,
administration and support of the TOE.
This assumption is upheld by
OE.NO_GENERAL_PURPOSE support the clock
synchronization.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 45/51
8.2 Security Functional Requirements Rationale
Table 13 – Rationale for SFRs (1)
Security
objectives
Security
functional
requirements
O.
ACCESS
O.AUTHORISE
O.AUTHENTICATE
O.AUDITING
O.MANAGE
FDP_IFC.1 X
FDP_IFF.1 X
FIA_UID.2 X
FIA_UAU.2 X
FIA_AFL.1 X
FIA_SOS.1 X X
FTA_SSL.3 X X
FTA_MCS.1 X X
FMT_SMR.1 X
FDP_ACC.2 X
FDP_ACF.1 X
FAU_GEN.3 X
FPT_STM.1 X
FAU_SAR.1 X
FAU_STG.1 X
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 46/51
Security
objectives
Security
functional
requirements
O.
ACCESS
O.AUTHORISE
O.AUTHENTICATE
O.AUDITING
O.MANAGE
FMT_SMF.1 X X X X X
FMT_MSA.1 X
FMT_MSA.3 X
Table 14 - Rationale for SFRs (2)
Security objectives SFRs addressing the security objectives
O. Access
The TOE shall ensure that client-side
equipment can:
Only send data across the network to certain
other client-side equipment
Only receive data across the network from
that client-side equipment
Is not able to modify data that is not created
by it or sent to it.
This objective is met by FDP_IFF.1 and
FDP_IFC.1 specifying that there are rules
regulating the access and FMT_SMF.1 allowing
management of these rules.
O.Authorise
The TOE shall support a flexible role-based
authorization framework with predefined and
customizable roles. These roles can use the
TOE to manage the WDM/OTN/POTN/DCI
This objective is met by:
FMT_SMR.1 stating the predefined and
customizable roles.
FDP_ACC.2 and FDP_ACF.1 defining a Role
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 47/51
Security objectives SFRs addressing the security objectives
network and manage the TOE itself. Each
role allows a user to perform certain actions,
and the TOE shall ensure that users can only
perform actions when they have a role that
allows this.
Policy, which states how the various roles
manage the network and the TOE. These also
state that only roles can perform
actions(operations on resources) and therefore
users can only do this when they have the
correct role
FMT_SMF.1 configuring all of the above.
Together, these SFRs support a flexible,
role-based authorization framework.
O.Authenticate
The TOE shall support a flexible
authentication framework, allowing the TOE
to accept/reject users based on:
Username / password and a configurable
subset of IP-address and time of login.
This objective is met by:
FIA_UID.2 stating that identification will be
done by username, password, IP/MAC-address,
login time
FIA_UAU.2 stating that users must be
authenticated
FIA_SOS.1 stating that passwords must have a
minimum quality
FIA_AFL.1 stating what happens when
authentication fails repeatedly
FTA_SSL.3 logging users off when they are no
longer allowed to work or when their role is
locked
FTA_MCS.1 preventing a user of having too
many sessions or all users together having too
many sessions
FMT_SMF.1 configuring all of the above.
Together, these SFRs support a flexible
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 48/51
Security objectives SFRs addressing the security objectives
authentication framework.
O.Auditing
The TOE shall support flexible logging and
auditing of events.
This objective is met by:
FAU_GEN.3 showing which events are logged
FAU_SAR.1 showing that the logged events can
be audited and by whom
FAU_STG.1 showing how the audit logs are
protected
FMT_SMF.1 configuring all of the above
Together, these SFRs support a flexible logging
and auditing framework.
O.Manage
The TOE provides the management
configuration for following items:
Traffic rules of OTEs
Authentication of UNM 2000 EMS Client
user
Authorization of access right to UNM 2000
EMS Server
Restriction on user accounts and sessions
between UNM 2000 EMS Client to
UNM2000 EMS Server
This objective is met by:
FMT_SMF.1 allows administrator to configure
the user’s privilege.
FTA_MCS.1 provides conditional block to
account.
FTA_SSL.3 provides session limitation for
account management.
FIA_SOS.1 support customized password
policy.
FMT_MSA.1 allows managing the security
attributes of the access control policy.
FMT_MSA.3 allows managing the security
attributes of the access control policy.
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 49/51
8.2.1 Dependencies Rationale
Table 12 - Rationale for dependencies of security functional requirements
SFR Dependencies
FAU_GEN.3 FPT_STM.1: met in the environment by OE.TIME
FAU_SAR.1 FAU_GEN.1: met by FAU_GEN.3, which is similar enough to
meet the dependency
FAU_STG.1 FAU_GEN.1: met by FAU_GEN.3, which is similar enough to
meet the dependency
FDP_ACC.2 FDP_ACF.1: met
FDP_ACF.1 FDP_ACC.1: met by FDP_ACC.2
FMT_MSA.3: met.
FDP_IFC.1 FDP_IFF.1: met
FDP_IFF.1 FDP_IFC.1: met
FMT_MSA.3: unnecessary, since the information control policy
attributes cannot be managed.
FIA_AFL.1 FIA_UAU.1: met by FIA_UAU.2
FIA_SOS.1 _
FIA_UAU.2 FIA_UID.1: met by FIA_UID.2
FIA_UID.2 _
FMT_SMF.1 _
FMT_SMR.1 FIA_UID.1: met by FIA_UID.2
FMT_MSA.1 FDP_ACC.1: met by FDP_ACC.2
FMT_SMR.1: met by FMT_SMR.1
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 50/51
SFR Dependencies
FMT_SMF.1: met by FMT_SMF.1
FMT_MSA.3 FMT_MSA.1: met by FMT_MSA.1
FMT_SMR.1: met by FMT_SMR.1
FTA_MCS.1 FIA_UID.1: met by FIA_UID.2
FTA_SSL.3 _
FiberHome Enhanced Optical Transport Equipment Manager
Security Target
FiberHome Telecommunication Technologies Co., Ltd. 51/51
9 Appendix
9.1 Acronyms
EMS Element Management System
NMS Network Management System
DCI Data Center Interconnection
ONT Optical Network Terminal
OTE Optical Transport Equipment
UNM Unified Network Management
POTN Packet Enhanced Optical Transport Network
WDM Wave Division Multiplexing
9.2 References
[CC] Common Criteria for Information Technology Security Evaluation – Part
1: Introduction and general model, dated April 2017, Version 3.1,
Revision 5 CCMB- 2017-04-001/2/3
Common Criteria for Information Technology Security Evaluation – Part
2: Security functional requirements, dated April 2017, Version 3.1,
Revision 5 CCMB- 2017-04-001/2/3
Common Criteria for Information Technology Security Evaluation – Part
3: Security assurance requirements, dated April 2017, Version 3.1,
Revision 5 CCMB- 2017-04-001/2/3
[CEM] Common Evaluation Methodology for Information Technology Security
Evaluation, dated April 2017, Version 3.1, Revision 5 CCMB-
2017-04-001/2/3