CC, CAPP, LSPP and EAL4+

December 30th, 2008

The terms CC, CAPP, EAL4+ are used often in AIX security discussions. The article discusses about these in AIX perspective. Let’s understand what exactly CC, CAPP and EAL4+ are.

What is CC

CC is Common Criteria. Its an ISO15408 standard for assurance evaluation of IT products. Any system evaluated according to Common Criteria will be CC Evaluated System.

What is CAPP

CAPP is Controlled Access Protection Profile, another standard for evaluating the security of system according to Common Criteria(CC). So, a CAPP compliant system is one which is designed for meeting CAPP according to CC.

What is LSPP

LSPP is Labeled security Protection Profile. LSPP has further security restrictions and is available for

installation with “Trusted AIX” only.

What is EAL4+

EAL4+ is Evaluation Assurance Level 4. Any CAPP system will be called CAOO/EAL4+ system. EAL4+ puts some restrictions on software installation during Base Operating System Install(BOS). Network access is also restricted according to these standards. The other profile available with LSPP/EAL4+.

If a system is evaluated according to CC, then it will remain valid only till the specific hardware/software configuration of the system is unchanged. Making any changes to the configuration brings the system in non evaluated state. That simply means that system is no longer certified. This does not necessarily mean that the system is in non-secured configuration.

A CAPP/EAL4+ technology option will be only available if

  1. Installation is set to New and Complete Overwrite.
  2. 64 bit kernel is being used.
  3. English language is used.
  4. JFS2 is enabled.

After setting CAPP/EAL4+, TCB is automatically set to ‘Yes’.

The topics are discussed in full details in the book SC23-6603-00. The book is available for free download from redbooks website.

Tags: , , , , , , , , ,
Posted in Security | No Comments »

Comments

Leave a Reply

 Comment Form 

 



More articles from the category: Security


Why SUID Programs Are Dangerous

SUID programs in Unix based systems are one of the most dangerous things you can every have one your systems. Today I’m gonna discuss the dangers of SUID programs in Unix based system. For system security, often it’s suggested to keep minimum or no suid programs in the systems. Here is a brief introduction and practicle demo of the dangers of SUID programs. I start from the definition and then explain a bit about these programs and then give an example to make you understand.

CC, CAPP, LSPP and EAL4+

If a system is evaluated according to CC, then it will remain valid only till the specific hardware/software configuration of the system is unchanged. Making any changes to the configuration brings the system in non evaluated state. That simply means that system