NIAP CCEVS: Validated Product - EnterpriseDB Postgres Plus Advanced Server 8.4
John Scott III
Certificate Date: 29 July 2011
Validation Report Number: CCEVS-VR-010412-2011
Product Type: DBMS
Conformance Claim: EAL2 Augmented with ALC_FLR.2
PP Identifier: U.S. Government Protection Profile Database Management Systems for Basic Robustness Environments, Version 1.2 (Archived)
CC Testing Lab: CygnaCom Solutions, Inc
PRODUCT DESCRIPTION
Postgres Plus Advanced Server 8.4 is a relational database management system based on PostgreSQL, an open source database.
The TOE provides the following security functionality: security auditing, Discretionary Access Control (DAC), Identification and Authentication (I&A), security management, protection of the TSF, TOE access, and works with the environment to provide trusted channels.
The following PPAS 8.4 product components are in scope:
• Database Server - The database server or DB Server is the relational database engine at the core of the Postgres Plus Advanced Server database server. EnterpriseDB Corporation substantially enhanced PostgreSQL, an open source database, to create the Postgres Plus Advanced Server database server. The Advanced Server database server implements additional named objects such as stored procedures and packages for Oracle compatibility. The database server component provides a Command Line Interface (CLI) that includes: a set of management utilities, the EnterpriseDB Superset Procedural Language (SPL), and the Advanced Server implementation of the SQL language.
• Connectors - Client Connectors are standardized programming interfaces allow a software developer to connect a customer-specific application to the Advanced Server database. Advanced Server provides connectors for the following enterprise programming environments:
o Java Database Connectivity (JDBC)
o Open Data Base Connectivity (ODBC)
o Microsoft .NET framework
o Libpq, API for client applications written in C
o EnterpriseDB Advanced Server Open Client Library (OCI)
• Postgres Studio - Postgres Studio is a DBA console and an enterprise-wide, cross-platform development tool. Postgres Studio provides a Graphical User Interface (GUI) for its users.
• PostGIS Spatial Extensions - Post GIS, an open source geographic information server, is built into Advanced Server. PostGIS spatially enables Advanced Server, allowing it to be used as a backend spatial database for geographic information systems (GIS). This is a non-security related component that is contained in the TOE.
• EDB*Plus - EDB*Plus is a command line interface that offers compatibility with Oracle’s SQL Plus commands.
• Slony Replication - Slony Replication provides database replication services between nodes in a cluster. Slony Replication is as a master-subscriber system that includes the capabilities needed to replicate large databases to a limited number (on the order of a dozen) of subscriber systems. Slony-I implements the model of asynchronous replication, using triggers to collect table updates, where a single “origin” may be replicated to multiple “subscribers” including cascaded subscribers.
• PG Agent - pgAgent is a job scheduling agent for Postgres, capable of running multi-step batch/shell and SQL tasks on complex schedules.
• Update Monitor - The Update Monitor utility polls the Enterprise DB website and alerts server users (with access to the Postgres Task Manager icon) to security updates and enhancements as they become available for Advanced Server 8.4. This functionality is considered to be non-security related as it is only a notification tool and cannot modify the TOE in any way and does not support any of the identified SFRs in this document.
EVALUATED CONFIGURATION
Testing was done using VMware Fusion (based on hardware virtualization) that ran Win2003, RHEL5, and Windows XP as guest operating systems. XServe running OS X Server Apple was the host machine.
Postgres Plus Advanced Server v8.4 is software only TOE running as an application on top of the OS (no hardware or appliances are included in the TOE). Also there are no IT requirements relaying directly on the HW. Considering that virtual HW meet the minimum HW requirements by TOE, using HW virtualization technology will not have any influence or effect in the TOE and/or the TSF.
The TOE was tested on the following operating system platforms:
• DB Server platforms:
o 2 Red Hat Linux Version 5
and
o 2 Microsoft Windows 2003 Server
• 2 Clients Application platform with all the connectors (JDBC, ODBC, .NET, OCI, and libpq), Postgres Studio and EDB*Plus:
o 1 MS Windows (XP)
o 1 Linux (RH5)
Notes:
- Any of the clients can be used as the Administrator Workstation, so there is no need for an additional administrator workstation unless operationally desired.
- According to the developer, PPAS can provide failover/switchover for crossover platforms (Linux ↔ Windows), but that configuration is not recommended and it is not supported by EnterpriseDB. Therefore the failover/switchover function (provided by Slony TOE component) is been evaluated only for Linux RH5 <-> Linux RH5 and Windows 2003 <-> Windows 2003 configurations.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The TOE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R3.
The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 R3.
CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.2.
A team of validators, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in July 2011.
ENVIRONMENTAL STRENGTHS
Advanced Server relies on the IT environment for the following security functionality:
- Storage of audit records in operating system files
- Text Viewer to review audit records
- Identification and Authentication methods that rely upon authentication servers and/or operating system platforms in the IT environment (PAM, LDAP, Kerberos, GSSAPI, SSPI, SSL Certs)
- Identification and Authentication of the “Cluster owner” OS user
- Maintenance of Cluster owner’s password and security attributes
- Storage of the TOE configuration files
- Text Editor to edit the TOE’s configuration files stored at the OS level
- Reliable timestamps from the OS
- OS protection of TOE programs and data (audit, configuration files, executables, and db)
- SSL on the Database Server platform (OpenSSL 0.9.8) and the client and administrator workstations