Validated Product - TIBCO Enterprise Message Service Version 4.3.0Certificate Date: 29 December 2006 Validation Report Number: CCEVS-VR-06-0053 Product Type: Secure Messaging Conformance Claim: EAL2 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory
PRODUCT DESCRIPTIONThe Target of Evaluation (TOE) is TIBCO Enterprise Message ServiceTM Version 4.3.0. EMS is a Java Messaging Service (JMS) version 1.1 provider (server), which is a messaging system server application that provides both JMS interfaces and administrative console interfaces. The TOE provides a uniform messaging interface between applications in the IT environment according to the JMS specification that these applications can use to communicate with each other. SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TIBCO Enterprise Message ServiceTM Version 4.3.0 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 family of assurance requirements. The product, when configured as specified in the TIBCO Enterprise Message ServiceTM Installation Software Release 4.3 and the Security Features User’s Guide For TIBCO Enterprise Message ServiceTM 4.3, satisfies all of the security functional requirements stated in the TIBCO Enterprise Message ServiceTM Version 4.3.0 Security Target, Issue 1.0, 8 December 2006. The supported platforms in this evaluation are Microsoft Windows 2000 (Professional, Server, and Advanced Server) with Service Pack 2; Microsoft Windows XP, Microsoft Windows 2003; Sun Solaris 2.7, 2.8, 2.9, 2.10; HP-UX 11.0, 11i; HP-UX Itanium 11.22; IBM AIX 5.1; Linux (kernel 2.4); Linux Itanium (kernel 2.4); HP Tru 64 UNIX 5.1A; Mac OS X 10.3. The platform must also include Java Runtime Environment (JRE) JRE 1.3 and Entrust SSL v6.1. One Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in December 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0053, dated 31 January 2007) prepared by CCEVS. ENVIRONMENTAL STRENGTHSThe TOE creates and delivers messages. Messages are structured data that one application sends to another. The creator of the message is located in the IT environment and is known as the producer. The receiver of the message is also located in the IT environment and is known as the consumer. The TOE acts as an intermediary for the message and sends it to the correct destination. TIBCO Enterprise Message ServiceTM Version 4.3.0 TOE supports the following six security functions: Security audit - The TOE generates audit records for start-up and shutdown of the audit functions, as well as unsuccessful use of the authentication mechanism, all requests to send a message using a topic or a queue, and use of the management functions. The IT environment is relied on to provide a reliable timestamp, to protect the audit trail as well as provide the ability to review its contents. Cryptographic support - The TOE provides its own FIPS-evaluated cryptographic engine (an instance of OpenSSL 0.9.7i) which performs symmetric encryption and decryption of messages and digital signature verification of certificates. The TOE is also configured to use a FIPS-evaluated cryptomodule in the IT environment (Entrust SSL v6.1). User data protection - All messaging users (subjects) are subject to the Messaging Access Control Policy for all available operations on topics and queues (objects) that are used to send and receive publish/subscribe and point-to-point messages, respectively. The TOE restricts access to topics and queues using ACLs. ACLs are used to grant access to either individual users or groups. ACLs also specify the necessary permissions that a user or group must possess in order to perform a requested operation. The TOE also provides the ability to implement security domains of subjects by grouping users into administrative domains so that administrators can only perform actions within their domain. Grouping users into domains is implemented using “protection permissions”. Protection permissions allow grouping users into administrative domains so that administrators can only perform actions within their domain. An administrator can only perform administrative operations on a user that has the same protection permission as the user. Identification and authentication - The TOE defines users in terms of user identity, authentication data, group memberships, and permissions. The TOE can authenticate users using its password mechanism or an LDAP authentication mechanism provided by the IT Environment. The TOE can be configured to allow users to attempt to authenticate using either mechanism. Security management - The ability to manage topic and queue ACLs as well as message user security attributes is limited to administrators or users that have been granted the necessary administrative permission by restricting access to interfaces. By default, access to topics and queues must be explicitly granted by administrators or users that have been granted the necessary administrative permission using restricted interfaces. The TOE provides administrative interfaces to manage topics and queues, and users. Self protection - The TOE prevents users from bypassing implicit and explicit policies that it enforces by requiring authenticated messaging users as well as authenticated administrators. |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}
