1
National Information Assurance Partnership
Common Criteria Evaluation and Validation Scheme
Validation Report
Bodacion Technologies’ HYDRA Server, Version 1.4
Report Number: CCEVS-VR-03-0034
Dated: February13, 2003
Version: 1.0
National Institute of Standards and Technology National Security Agency
Information Technology Laboratory Information Assurance Directorate
100 Bureau Drive 9800 Savage Road, STE 6740
Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6740
®
TM
2
ACKNOWLEDGEMENTS
Validation Team
Patricia Griffin
Jared Thomas
National Security Agency
Fort George G. Meade, MD 20755-6740
Common Criteria Testing Laboratory
COACT Inc.
Columbia, MD
3
Table of Contents
1 Executive Summary......................................................................................................... 4
1.1 Evaluation Details......................................................................................................... 4
1.2 Interpretations ............................................................................................................... 4
2 Identification.................................................................................................................... 5
2.1 ST and TOE Identification............................................................................................ 5
2.2 Product Overview ......................................................................................................... 5
3 Security Overview ........................................................................................................... 6
3.1 Security Threats ............................................................................................................ 6
3.2 Security Objectives ....................................................................................................... 6
3.3 Usage Assumptions....................................................................................................... 7
3.4 Environment Assumptions............................................................................................ 7
4 Evaluated Configuration Information.............................................................................. 7
5 Documentation................................................................................................................. 7
6 IT Product Testing ........................................................................................................... 8
6.1 Test Configuration ........................................................................................................ 8
6.2 System Hardware.......................................................................................................... 8
6.3 Installed System Software............................................................................................. 8
6.4 Test Equipment............................................................................................................. 9
7 Results of the Evaluation ................................................................................................. 9
8 Validation Comments/Recommendations ....................................................................... 9
9 Abbreviations................................................................................................................. 10
10 Bibliography ................................................................................................................ 10
4
1 Executive Summary
The evaluation of the Bodacion Technologies HYDRA Server Version 1.4 was
performed by the COACT Inc. CCTL in the United States and was completed on 13
February 2003. The evaluation was conducted in accordance with the requirements of the
Common Criteria, Version 2.1 and the Common Methodology for IT Security Evaluation
(CEM) Version 1.0.
The Target of Evaluation (TOE) identified in this Validation Report has been evaluated at
an accredited testing laboratory using the Common Methodology for IT Security
Evaluation (Version 1.0) for conformance to the Common Criteria for IT Security
Evaluation (Version 2.1). This Validation Report applies only to the specific version of
the TOE as evaluated. The evaluation has been conducted in accordance with the
provisions of the NIAP Common Criteria Evaluation and Validation Scheme and the
conclusions of the testing laboratory in the evaluation technical report are consistent with
the evidence adduced.
The COACT Inc. evaluation team concluded that the Common Criteria requirements for
Evaluation Assurance Level (EAL1) have been met.
The technical information included in this report was obtained from the Evaluation
Technical Report (ETR) Part 1 (non-proprietary) produced by COACT Inc.
Disclaimer: This Validation Report is not an endorsement of the HYDRA Server product
by any agency of the U.S. Government and no warranty of the product is either expressed
or implied.
1.1 Evaluation Details
· Dates of Evaluation: June 13, 2002 through February 13, 2003
· Evaluated Product: HYDRA Server Version 1.4
· Developer: Bodacion Technologies
· CCTL: COACT, Inc.
· Evaluation Team: Eric J. Grimes, Robert J. West, Tiffani A. Parsons, Todd R.
Calvert
· Evaluation Class: EAL1
· PP Conformance: None
1.2 Interpretations
CC Identification: Common Criteria for Information Technology Security Evaluation,
Version 2.1 August 1999, ISO/IEC 15408. CEM Identification: Common Evaluation
Methodology for Information Technology Security Evaluation, Part 1: Introduction and
General Model, Version 0.6, January 1997; Common Methodology for Information
Technology Security Evaluation, Part 2: Evaluation Methodology, Version 1.0, August
5
1999. During the evaluation process these National and International Interpretations were
used:
National Interpretations:
· I-0393: A Completely Evaluated ST Is Not Required When TOE Evaluation
Starts
· I-0411: Guidance Includes AGD_ADM, AGD_USR, ADO And ALC_FLR
· I-0412: Configuration Items In The Absence Of Configuration Management
· I-0422: Clarification Of “Audit Records”
· I-0423: Some Modifications To The Audit Trail Are Authorized
International Interpretations:
· RI #27: Events And Actions
· RI #37: ACM On Product or TOE
2 Identification
2.1 ST and TOE Identification
· ST: Bodacion Technologies HYDRA Server (EAL1) Version 1.4, 14 February
2003.
· TOE Identification: HYDRA Server Version 1.4
2.2 Product Overview
The Target of Evaluation is the Bodacion Technologies’ HYDRA Sever Version 1.4.
HYDRA Server 1.4 is a hard, real-time embedded system that provides secure web
services including HTTP, HTTPS, FTP, and FTPS. A PowerPC based CompactPCI
system card executes HYDRA Server’s firmware after loading it into RAM from FLASH
memory. The HYDRA Server system card is contained in a standard 3U high CPCI
chassis, along with a mass storage shelf containing an EIDE disk drive. This 3U high
CPCI chassis has the capability to house and operate three HYDRA Server’s. In addition,
the HYDRA has the ability to operate with an additional FLASH memory device; a FIPS
approved SSL accelerator and a 4-port Ethernet NIC, all which are outside the scope of
this evaluation. The HYDRA’s firmware will detect if any of these devices are used.
The HYDRA Server 1.4 eliminates much of the vulnerability in typical web servers
through its design. The HYDRA Server 1.4 does not contain a general-purpose operating
system; it includes a kernel that operates as a resource manager. The kernel contains no
shell or command line that could lead to a hack attack. Since the HYDRA Server 1.4 does
not execute from a hard drive, the HYDRA does not contain a standard file system (e.g.
EXT3, NTFS, FAT32) that would be vulnerable to virus attacks. The HYDRA Server 1.4
contains a proprietary file system embedded within the hardware/firmware design and is
6
not vulnerable to virus attacks. The HYDRA Server 1.4 was designed to help mitigate
vulnerability attacks.
The TOE performs Identification and Authentication for the administrative user of the
TOE. The identification of the security administrator is done automatically and a
password is required when the administrator uses the web console and an Enabler Code,
which is similar to a password, is required via the serial port interface. Web developer
administrators are identified and authenticated by a user name and password when
accessing the TOE via the FTP server. Non-administrative users of the TOE are identified
via their computers IP address strictly for communication purposes and are not part of the
security functionality of the TOE.
3 Security Overview
3.1 Security Threats
The Security Target identified the following threats that the evaluated product addresses:
· T.HACK: A malicious computer user, or hacker can compromise the TSF and
TOE security through a hack attack on the server’s operating environment (the
HYDRA Server 1.4 Kernel/OS).
· T.VIRUS: A computer virus could infect the TOE’s operating environment’s file
system (proprietary file system within the HYDRA Server 1.4) and compromise
the TSF and TOE security data.
· T.ADMIN: A non-administrative user could attempt to configure and manage the
TOE/TSF as an administrator.
3.2 Security Objectives
The Security Target does not state an organizational security policy regarding Bodacion
Technologies’ HYDRA Server Version 1.4.
In order to counter the stated threats, the HYDRA Server has the following security
objectives:
· O.ADMIN: The TOE will allow the administrators the capability to securely
configure and manage the TOE/TSF data.
· O.DESIGN: The TOE will be designed in such a way as to prevent unauthorized
users and data (i.e. files that could contain a virus) access to the TOE.
· O.E.ACCESS: Those responsible for the TOE must ensure that only users
authorized to use the TOE are allowed physical access to the TOE and that the
TOE is properly initially configured.
7
· O.E.NET: Those responsible for the TOE must ensure that the TOE is physically
connected to an Ethernet interface such that it can serve web pages and have
access to an NTP timeserver.
3.3 Usage Assumptions
The findings of the HYDRA Server evaluation are based upon the following usage
assumptions:
· A.ADMIN: Administrators of the HYDRA Sever 1.4 shall be trained and trusted
to enforce the security aspects of the HYDRA Server relevant to them.
· A.SETUP: The security administrator of the TOE shall immediately, upon
installation, change the configuration of the TOE so the web console GUI
operates on a HTTPS server and change the password after the first successful
connection to the HTTPS web console GUI so it shall remain secure.
3.4 Environment Assumptions
The HYDRA Server was evaluated and it therefore recommended to be used in an
environment meeting the following assumptions:
· A.E.LOCATE: The HYDRA Server 1.4 shall be located in a secure facility that
mitigates against unauthorized physical access.
· A.E.CONSOLE: The environment and security mechanisms of the environment
must ensure that only an authorized administrator has access to the TOE via the
serial interface port.
4 Evaluated Configuration Information
Although the CPCI chassis has the capability to house multiple HYDRA systems, in the
evaluated configuration, only one HYDRA Server will be installed in the chassis. The
HYDRA Server has the capability to operate along side a hard drive system database for
additional storage. In the evaluated version, the HYDRA Server will not use this feature.
The HYDRA Server will be configured to operate with a test network.
5 Documentation
The following documentation comes standard with the Bodacion Technologies HYDRA
Server Version 1.4:
· HYDRA Server Version 1.4 User’s Manual, Created March 27, 2002
8
6 IT Product Testing
This section provides a high level description of the subset of TSF tests required to
confirm the TOE operates as specified. Simply put, testing of the TOE confirmed that
various functions could be set accurately, that administrators could have full control of a
secure system, and that secure web browsing and web transfers (e.g., FTP) could be
completed successfully.
The above figure shows the configuration used in performing the independent evaluator
testing.
6.1 Test Configuration
The evaluated configuration of Bodacion Technologies’ HYDRA Server Version 1.4 was
tested and evaluated on the following hardware and software:
6.2 System Hardware
· PowerPC based CompactPCI system card with Ethernet and Serial Ports
· RAM and FLASH memory
· Mass Storage EIDE disk drive
6.3 Installed System Software
· HYDRA Server Firmware version 1.4
9
6.4 Test Equipment
The following equipment was used in the testing of the HYDRA Server Version 1.4:
· A PC with Red Hat Linux installed
· A PC with Windows 98 and Ethereal sniffer software installed
· HYDRA Server 1.4
· A PC with Windows 98 and HyperTerminal program
· 4 port Ethernet hub
· 4 Ethernet cables
· 1 Serial cable
7 Results of the Evaluation
The Bodacion Technologies’ HYDRA Server 1.4 was successfully evaluated at an EAL1
level of assurance. The results of this evaluation are presented in the following sections
of this section based upon the work unit requirements defined in the Common Evaluation
Methodology for EAL1.
· ACM: The evaluation team applied each EAL1 ACM CEM work unit. The ACM
work units ensure that the TOE is accurately and uniquely identified such that the
consumer is able to identify the evaluated TOE and discern one version from
another.
· ADO: The evaluation team applied each EAL1 ADO CEM work unit. The ADO
evaluation ensured the adequacy of the procedures to install, generate, and start up
the TOE in a secure configuration.
· ADV: The evaluation team applied each EAL1 ADV CEM work unit. The
evaluation team assessed the design documentation and found it adequate in
understanding the interfaces to the security functions implemented by the TOE.
· AGD: The evaluation team applied each EAL1 AGD CEM work unit. The
evaluation team ensured the adequacy of the administrator and user guidance in
describing how to securely administer and use the TOE.
· ATE: The evaluation team applied each EAL1 ATE CEM work unit. The
evaluation team tested the TOE to ensure that it performed as described in the
functional specification and as stated in the TOE security functional requirements.
8 Evaluator Comments/Recommendations
The COACT, Inc. has no specific recommendations relative to this TOE.
10
9 Abbreviations
CC Common Criteria
CPCI Compact Peripheral Component Interconnect
EAL Evaluation Assurance Level
EIDE Enhanced Integrated Drive Electronics
EXT3 Third Extension File System (Linux)
FAT32 32-bit File Allocation Table
FLASH Flashable non-volatile memory
FSP Functional Specification
FTP File Transfer Protocol
FTPS File Transfer Protocol Secure
GUI Graphical User Interface
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure Sockets
IP Internet Protocol
IT Information Technology
NIAP National Information Assurance Partnership
NTFS New Technology File System
NTP Network Time Protocol
OS Operating System
PP Protection Profile
RAM Random Access Memory
RCR Representative Correspondence
SF Security Function
SFP Security Function Policy
SOF Strength of Function
SSL Secure Socket Layer
ST Security Target
TOE Target of Evaluation
TSC TSC Scope of Control
TSF TOE Security Function
TSFI TSF Interface
TSS TOE Summary Specification
10 Bibliography
Bodacion Technologies’ Functional Specification for the EAL1 CC Evaluation, dated
October 23, 2002
Common Criteria for Information Technology Security Evaluation, Part 1 Introduction
and General Model, Version 2.1, dated August 1999
Common Criteria for Information Technology Security Evaluation, Part 2 Security
Functional Requirements, Version 2.1, dated August 1999
11
Common Criteria for Information Technology Security Evaluation, Part 3 Security
Assurance Requirements, Version 2.1, dated August 1999
Common Methodology for Information Technology Security Evaluation, Part 1, Version
0.6, dated January 1997
Common Methodology for Information Technology Security Evaluation, Part 2, Version
1.0, dated August 1999
EAL1 Testing Claim Document, dated August 29, 2002
HYDRA Server Version 1.4 Evaluation Technical Report, Document # E1-1102-018,
dated November 25, 2002
HYDRA Server Version 1.4 Security Target, Document # E1-0602-003(3), dated
September 5, 2002
HYDRA Server Version 1.4 User Manual, dated March 27, 2002
HYDRA System Architecture, dated September 3, 2002
HYDRA Versioning, dated August 29, 2002
Test Activity Document, dated August 29, 2002