Xerox WorkCentre 7328/7335/7345 Security Target - ?· Xerox WorkCentre 7328/7335/7345 Security Target…

Download Xerox WorkCentre 7328/7335/7345 Security Target - ?· Xerox WorkCentre 7328/7335/7345 Security Target…

Post on 02-Sep-2018

214 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

<ul><li><p>Xerox WorkCentre 7328/7335/7345 </p><p> Security Target </p><p>Version 1.2.7 </p><p>This document is a translation of the evaluated and certified security target written in Japanese </p></li><li><p>- i - </p><p>- Table of Contents - </p><p>1. ST OVERVIEW ................................................................................................... 1 1.1. ST Identification ....................................................................................................................1 1.2. ST Overview ..........................................................................................................................1 1.3. Common Criteria Conformance Claim..................................................................................2 1.4. References..............................................................................................................................2 1.5. Acronyms and Terminology...................................................................................................3 </p><p>1.5.1. Acronyms.................................................................................................................................... 3 1.5.2. Terminology................................................................................................................................ 4 </p><p>2. TOE DESCRIPTION ........................................................................................... 8 2.1. TOE Overview .......................................................................................................................8 </p><p>2.1.1. Product Type............................................................................................................................... 8 2.1.2. Function Types............................................................................................................................ 8 2.1.3. Service Overview ....................................................................................................................... 9 </p><p>2.1.3.1. Environment Assumptions......................................................................................................... 9 2.1.3.2. Security Function Overview .................................................................................................... 10 </p><p>2.2. User Assumptions ................................................................................................................ 11 2.3. Logical Scope and Boundary ............................................................................................... 11 </p><p>2.3.1. Basic Functions......................................................................................................................... 12 2.3.1.1. Control Panel Function ............................................................................................................ 12 2.3.1.2. Copy Function ......................................................................................................................... 12 2.3.1.3. Print Function .......................................................................................................................... 12 2.3.1.4. Scan Function, Network Scan Function................................................................................... 13 2.3.1.5. Fax Function ............................................................................................................................ 13 2.3.1.6. i-Fax / D-Fax Functions........................................................................................................... 13 2.3.1.7. CWIS Function ........................................................................................................................ 13 </p><p>2.3.2. Security Functions .................................................................................................................... 13 2.3.2.1. Hard Disk Data Overwrite (TSF_IOW)................................................................................... 13 2.3.2.2. Hard Disk Data Encryption (TSF_CIPHER) ........................................................................... 14 2.3.2.3. User Authentication (TSF_USER_AUTH).............................................................................. 14 2.3.2.4. System Administrators Security Management (TSF_FMT)................................................... 16 2.3.2.5. Customer Engineer Operation Restriction (TSF_CE_LIMIT) ................................................ 17 2.3.2.6. Security Audit Log (TSF_FAU)............................................................................................... 17 2.3.2.7. Internal Network Data Protection (TSF_NET_PROT)............................................................ 17 2.3.2.8. Fax Flow Security (TSF_FAX_FLOW) .................................................................................. 17 </p><p>2.4. Physical Scope and Boundary..............................................................................................17 2.5. Assets Protected by TOE .....................................................................................................19 </p><p>3. TOE SECURITY ENVIRONMENT ................................................................. 21 </p></li><li><p>- ii - </p><p>3.1. Assumptions.........................................................................................................................21 3.2. Threats..................................................................................................................................22 3.3. Organizational Security Policy ............................................................................................22 </p><p>4. SECURITY OBJECTIVES................................................................................ 23 4.1. Security Objectives for the TOE ..........................................................................................23 4.2. Security Objectives for the Environment.............................................................................23 </p><p>5. IT SECURITY REQUIREMENTS.................................................................... 25 5.1. TOE Security Functional Requirements ..............................................................................25 </p><p>5.1.1. Class FAU: Security Audit........................................................................................................ 25 5.1.2. Class FCS: Cryptographic support ........................................................................................... 28 5.1.3. Class FDP: User data protection............................................................................................... 29 5.1.4. Class FIA: Identification and authentication ............................................................................ 32 5.1.5. Class FMT: Security management............................................................................................ 33 5.1.6. Class FPT: Protection of TSF ................................................................................................... 37 5.1.7. Class FTP: Trusted path/channels............................................................................................. 38 5.1.8. TOE Security Function Strength............................................................................................... 38 </p><p>5.2. TOE Security Assurance Requirements ...............................................................................38 5.3. Security Requirements for the IT Environment ...................................................................39 </p><p>6. TOE SUMMARY SPECIFICATION ............................................................... 40 6.1. TOE Security Functions.......................................................................................................40 </p><p>6.1.1. Hard Disk Data Overwrite (TSF_IOW).................................................................................... 41 6.1.2. Hard Disk Data Encryption (TSF_CIPHER)............................................................................ 42 6.1.3. User Authentication (TSF_USER_AUTH) .............................................................................. 42 6.1.4. System Administrators Security Management (TSF_FMT).................................................... 44 6.1.5. Customer Engineer Operation Restriction (TSF_CE_LIMIT) ................................................. 45 6.1.6. Security Audit Log (TSF_FAU) ............................................................................................... 46 6.1.7. Internal Network Data Protection (TSF_NET_PROT) ............................................................ 48 6.1.8. Fax Flow Security (TSF_FAX_FLOW) ................................................................................... 50 </p><p>6.2. Security Function Strength Level ........................................................................................50 6.3. Assurance Measures.............................................................................................................50 </p><p>6.3.1. Configuration Management Description TAS_CONFIG .................................................... 51 6.3.2. TOE Configuration List TAS_CONFIG_LIST ................................................................... 51 6.3.3. Delivery, Introduction, and Operation Procedure Description TAS_DELIVERY .............. 51 6.3.4. Functional Specification TAS_FUNC_SPEC...................................................................... 52 6.3.5. Disclosure PaperTAS_DISC_PAPER................................................................................... 52 6.3.6. High-Level Design Specification TAS_HIGHLDESIGN ................................................... 52 6.3.7. Correspondence Analysis Description TAS_REPRESENT ................................................ 52 6.3.8. User Guide TAS_GUIDANCE ............................................................................................ 53 6.3.9. Test Plan and Report TAS_TEST ........................................................................................ 54 6.3.10. Vulnerability Analysis TAS_VULNERABILITY ........................................................... 54 </p></li><li><p>- iii - </p><p>7. PP CLAIMS........................................................................................................ 56 7.1. PP Reference ........................................................................................................................56 7.2. PP Refinement......................................................................................................................56 7.3. PP Addition ..........................................................................................................................56 </p><p>8. RATIONALE...................................................................................................... 57 8.1. Security Objectives Rationale..............................................................................................57 8.2. Security Requirements Rationale.........................................................................................60 </p><p>8.2.1. Security Functional Requirements Rationale ........................................................................... 60 8.2.2. Rationale for Security Functional Requirement of IT Environment......................................... 65 8.2.3. Rationale for Minimum Functional Strength Level.................................................................. 65 8.2.4. Dependencies of Security Functional Requirements ................................................................ 65 8.2.5. Interactions among Security Functional Requirements ............................................................ 68 </p><p>8.2.5.1. Bypass Prevention ................................................................................................................... 69 8.2.5.2. De-activation Prevention ......................................................................................................... 71 8.2.5.3. Interference .............................................................................................................................. 71 8.2.5.4. Detection of Defeat.................................................................................................................. 71 </p><p>8.2.6. Consistency Rationale between Security Functional Requirements......................................... 71 8.2.7. Requirement Rationale for Security Assurance ........................................................................ 73 </p><p>8.3. Rationale for TOE Summary Specification .........................................................................73 8.3.1. Rationale for TOE Security Function Requirements ................................................................ 73 8.3.2. Security Function Strength Rationale ....................................................................................... 76 8.3.3. Security Assurance Measures Rationale ................................................................................... 76 </p><p>8.4. PP Claims Rationale.............................................................................................................79 </p></li><li><p>- iv - </p><p>- List of Figures and Tables - </p><p>Figure 1: Intended Operational Environment ................................................................................................ 9 Figure 2: MFP Units and TOE Logical Scope ............................................................................................. 12 Figure 3: Authentication Flow for Private Print and Mailbox ..................................................................... 15 Figure 4: MFP Units and TOE Physical Scope............................................................................................ 18 Figure 5: Assets under and not under Protection ......................................................................................... 20 </p><p>Table 1: Function Types and Capabilities ...................................................................................................... 8 Table 2: User Role Assumptions...................................................................................................................11 Table 3: Categories of TOE Configuration Data ......................................................................................... 20 Table 4: Assumptions................................................................................................................................... 21 Table 5: Threats Addressed by the TOE ...................................................................................................... 22 Table 6: Organizational Security Policy ...................................................................................................... 22 Table 7: Security Objectives for the TOE.................................................................................................... 23 Table 8: Security Objec...</p></li></ul>