Validated Product - Sybase Adaptive Server Enterprise 15.0.1Certificate Date: 21 September 2007 Validation Report Number: CCEVS-VR-VID10234-2007 Product Type: DBMS Conformance Claim: EAL4 Augmented with ALC_FLR.2 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory
PRODUCT DESCRIPTION
Adaptive Server Enterprise is a relational database management system (RDBMS) server that operates in the context of a commercial operating system, providing services to local and remote clients via the Tabular Data Stream (TDS) protocol. ASE version 15.0.1 is a revised version of the previously evaluated ASE Version 12.5.2. Among a number of non-security relevant feature additions and modifications (such as partitioned databases on a given server and a new query processing engine), ASE version 15.0.1 includes resource governor enhancements and the ability to encrypt database columns. The ASE Server runs as an application on top of an operating system and depends on the services exported by the operating system to function. ASE uses operating system services for process creation and manipulation; device and file processing; shared memory creation and manipulation; and security requests such as inter-process communication. The hardware upon which the operating system runs is completely transparent to ASE - ASE sees only the operating system’s user interfaces. The ASE Server is one or more operating system processes that service client requests. Although not tested by the evaluation lab, multiple processes can be configured to enhance performance on multiprocessor systems. An ASE process has two distinct components, a DBMS component and a kernel component. The DBMS component manages the processing of SQL statements (data manipulation language - DML, data definition language - DDL, stored procedures and administrative commands), accesses data in a database, and manages different types of Server resources. The kernel component performs low-level functions for the DBMS component, such as task and engine management; network and disk I/O; and low-level memory management. Note that the TDS engine, that part of ASE that processes a TDS request, also uses the kernel component for low-level services. All of the ASE processes attach to one or more shared memory segments. The shared memory contains data structures that relate to task management and operating system services, caches of database buffers, object descriptors, and other resources (e.g., other caches, queues, and stream I/O buffers) required to manage and process database commands. Each client is associated with its own ASE task. In addition, there are several system tasks that perform specific services (e.g., tasks to write buffers to disk, tasks to write audit data to disk, and tasks to communicate with the network.) The set of operating systems included in the evaluation Microsoft Windows 2000 (SP4) for x86, Microsoft Windows Server 2003 for x86, Sun Solaris Version 8 for sparc (32- and 64-bit), Sun Solaris Version 9 for sparc (32- and 64-bit), Sun Solaris Version 10 for sparc (32- and 64-bit), IBM AIX 5L Version 5.2 (64-bit), Hewlett-Packard HP-UX 11i v1 for PA-risc (64-bit), Hewlett-Packard HP-UX 11i v2 for PA-risc (64-bit), Red Hat Enterprise Linux 3.0 for x86and Red Hat Enterprise Linux 4.0 for x86. SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Sybase Adaptive Server Enterprise TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3 and International Interpretations effective on ENVIRONMENTAL STRENGTHS
Adaptive Server Enterprise is a DBMS designed to execute as a set of applications in the context of commercially available operating systems. ASE supports eight security functions: Security audit: Cryptographic Support: ASE supports the ability to encrypt data at the column level. Encryption of only the sensitive data minimizes processing overhead as compared to encrypting an entire database. SQL statements are available to create applicable encryption keys and specify columns for encryption. ASE handles key generation and storage and also provides System Security Officers the ability to destroy keys that are no longer needed. Encryption and decryption of data occurs automatically and transparently as data is written to and read from encrypted columns. No client application changes are required. User data protection: ASE implements a Discretionary Access Control Policy over applicable database objects - databases, tables, views, and stored procedures. Note that there are other database objects that are either always private, always public, or are part of one of the afore-mentioned objects. In each case, the objects each have an owner which is initially the creator of the object. Object owners have special permissions, while other users can subsequently be granted specific access permissions based on user identity, group memberships and active roles allowing applicable operations on objects. ASE also implements a Policy-based Access Control Policy over the content of database tables. This policy controls access based on Application Contexts of the current subject in conjunction with Access Rules associated with columns in database tables. This policy effectively allows access to be controlled on very specific and widely varying information about users. Identification and authentication: ASE provides its own identification and authentication mechanism in addition to the underlying operating system. Users must provide a valid username and password before they can access any security-related functions. Once identified and authenticated, all subsequent actions are associated with that user and policy decisions are based on the users identity, group memberships and active roles. Security management: ASE provides functions necessary to manage users and associated privileges, access permissions, and other security functions such as audit. The functions are restricted based on Discretionary Access Control Policy rules including role restrictions. While all of the administrative functions are available through and restricted at the TDS ASE Server interface, an application (isql) is provided to support ASE administrators. Protection of the TSF: ASE protects itself and ensures that its policies are enforced in a number of ways. While there is dependence on the underlying operating system to separate its process constructs, enforce file and memory access restrictions, and to provide communication services, ASE protects itself by keeping its context separate from that of its users and also by making effective use of the operating system mechanisms to ensure that memory and files used by ASE have the appropriate access settings. Furthermore, ASE interacts with users through well-defined interfaces designed to ensure that the ASE security policies are always enforced. Resource utilization: ASE provides resource limits to help System Administrators prevent queries and transactions from monopolizing server resources. Specifically, System Administrators can configure ASE to prevent queries and transactions that: exceed estimated or actual I/O costs, return too many rows, exceed the temporary database space allocated, and/or exceed a specified elapsed time. When a System Administrator configures a resource limit, all current users are immediately subject to the new limits unless resource limits are not enabled. If resource limits are not enabled, the System Administrator is notified that the configured limits would become effective when resource limits are enabled for the server. TOE access: |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}
