ملخص المحتوى في الصفحة رقم 1
SUSE Linux Enterprise Server 10 SP1 EAL4
High-Level Design
Version 1.2.1������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
ملخص المحتوى في الصفحة رقم 2
Version Author Date Comments 1.0 EJR 3/15/07 First draft based on RHEL5 HLD 1.1 EJR 4/19/07 Updates based on comments from Stephan Mueller and Klaus Weidner 1.2 GCW 4/26/07 Incorporated Stephan's comment to remove racoon 1.2.1 GCW 10/27/08 Added legal matter missing from final draft. Novell, the Novell logo, the N logo, and SUSE are registered trademarks of Novell, Inc. in the United States and other countries. IBM, IBM logo, BladeCenter, eServer, iSeries, i5/OS, OS/400, PowerPC, POWER3, POWER4
ملخص المحتوى في الصفحة رقم 3
Table of Contents 1 Introduction....................................................................................................................................................1 1.1 Purpose of this document.......................................................................................................................1 1.2 Document overview ..............................................................................................................................1 1.3 Conventions
ملخص المحتوى في الصفحة رقم 4
4.1.2.1 DAC....................................................................................................................................25 4.1.2.2 AppArmor............................................................................................................................26 4.1.2.3 Programs with software privilege.........................................................................................26 4.2 TOE Security Functions software structure............................
ملخص المحتوى في الصفحة رقم 5
5.1.5 Discretionary Access Control (DAC)..........................................................................................55 5.1.5.1 Permission bits.....................................................................................................................56 5.1.5.2 Access Control Lists ............................................................................................................57 5.1.6 Asynchronous I/O ........................................................
ملخص المحتوى في الصفحة رقم 6
5.3.3.2 Common functions...............................................................................................................76 5.3.3.3 Message queues....................................................................................................................77 5.3.3.4 Semaphores..........................................................................................................................78 5.3.3.5 Shared memory regions.............................................
ملخص المحتوى في الصفحة رقم 7
5.5.3 Kernel memory management....................................................................................................142 5.5.3.1 Support for NUMA servers................................................................................................142 5.5.3.2 Reverse map Virtual Memory............................................................................................143 5.5.3.3 Huge Translation Lookaside Buffers.........................................................
ملخص المحتوى في الصفحة رقم 8
5.8.3 securityfs....................................................................................................................................174 5.9 Device drivers....................................................................................................................................174 5.9.1 I/O virtualization on System z....................................................................................................175 5.9.1.1 Interpretive-execution facility...........
ملخص المحتوى في الصفحة رقم 9
5.11.3.1 agetty................................................................................................................................203 5.11.3.2 gpasswd............................................................................................................................203 5.11.3.3 login.................................................................................................................................203 5.11.3.4 mingetty.........................................
ملخص المحتوى في الصفحة رقم 10
5.13.3.2 groupmod.........................................................................................................................232 5.13.3.3 groupdel...........................................................................................................................232 5.13.4 System Time management.......................................................................................................234 5.13.4.1 date.............................................................
ملخص المحتوى في الصفحة رقم 11
6.1 Identification and authentication.......................................................................................................251 6.1.1 User identification and authentication data management (IA.1).................................................251 6.1.2 Common authentication mechanism (IA.2)................................................................................251 6.1.3 Interactive login and related mechanisms (IA.3)..................................................
ملخص المحتوى في الصفحة رقم 12
6.8 Security enforcing interfaces between subsystems.............................................................................255 6.8.1 Summary of kernel subsystem interfaces ..................................................................................256 6.8.1.1 Kernel subsystem file and I/O............................................................................................257 6.8.1.2 Kernel subsystem process control and management............................................
ملخص المحتوى في الصفحة رقم 13
1 Introduction This document describes the High Level Design (HLD) for the SUSE® Linux® Enterprise Server 10 Service Pack 1 operating system. For ease of reading, this document uses the phrase SUSE Linux Enterprise Server and the abbreviation SLES as a synonym for SUSE Linux Enterprise Server 10 SP1. This document summarizes the design and Target of Evaluation Security Functions (TSF) of the SUSE Linux Enterprise Server (SLES) operating system. Used within the Common Criteria evaluation o
ملخص المحتوى في الصفحة رقم 14
2 System Overview The Target of Evaluation (TOE) is SUSE Linux Enterprise Server (SLES) running on an IBM eServer host computer. The SLES product is available on a wide range of hardware platforms. This evaluation covers the SLES product on the IBM eServer System x™, System p™, and System z™, and eServer 326 (Opteron). (Throughout this document, SLES refers only to the specific evaluation platforms). Multiple TOE systems can be connected via a physically-protected Local Area Network (LAN).
ملخص المحتوى في الصفحة رقم 15
The TOE system provides user Identification and Authentication (I&A) mechanism by requiring each user to log in with proper password at the local workstation, and also at any remote computer where the user can enter commands to a shell program (for example, remote ssh sessions). Each computer enforces a coherent Discretionary Access Control (DAC) policy, based on UNIX®-style mode bits and an optional Access Control List (ACL) for the named objects under its control. This chapter documents th
ملخص المحتوى في الصفحة رقم 16
The Common Criteria for Information Technology Security Evaluation [CC] and the Common Methodology for Information Technology Security Evaluation [CEM] demand breaking the TOE into logical subsystems that can be either (a) products, or (b) logical functions performed by the system. The approach in this section is to break the system into structural hardware and software subsystems that include, for example, pieces of hardware such as planars and adapters, or collections of one or more softwa
ملخص المحتوى في الصفحة رقم 17
The SLES kernel includes the base kernel and separately-loadable kernel modules and device drivers. (Note that a device driver can also be a kernel module.) The kernel consists of the bootable kernel image and its loadable modules. The kernel implements the system call interface, which provides system calls for file management, memory management, process management, networking, and other TSF (logical subsystems) functions addressed in the Functional Descriptions chapter of this document.
ملخص المحتوى في الصفحة رقم 18
2.2.2 eServer system structure The system is an eServer computer, which permits one user at a time to log in to the computer console. Several virtual consoles can be mapped to a single physical console. Different users can login through different virtual consoles simultaneously. The system can be connected to other computers via physically and logically protected LANs. The eServer hardware and the physical LAN connecting the different systems running SLES are not included within the eval
ملخص المحتوى في الصفحة رقم 19
Figure 2-3: Local and network services provided by SLES Network services, such as ssh or ftp, involve client-server architecture and a network service-layer protocol. The client-server model splits the software that provides a service into a client portion that makes the request, and a server portion that carries out the request, usually on a different computer. The service protocol is the interface between the client and server. For example, User A can log in at Host 1, and then use ssh
ملخص المحتوى في الصفحة رقم 20
Objects are passive repositories of data. The TOE defines three types of objects: named objects, storage objects, and public objects. Named objects are resources, such as files and IPC objects, which can be manipulated by multiple users using a naming convention defined at the TSF interface. A storage object is an object that supports both read and write access by multiple non-trusted subjects. Consistent with these definitions, all named objects are also categorized as storage objects, but
