User's Manual

Solaris 9 Security CX-310-301 22

¾ B2 – Fully documented configuration control, facility management and system configuration.

Security administration and operator functions are separated

¾ B3 – Access control lists and full system documentation. Access is based on access control lists

and labels

¾ A – Requires formal proof of the security of the system

Note that each subsequent level builds on the previous level.

To put the above into perspective, a normal PC is rated at D and Trusted Solaris at B1. A Solaris system

running the Basic Security Module (BSM) is rated at C2.

In addition to these formal evaluations, the Common Criteria Organization has provided seven similar

evaluations, called Evaluation Assurance Levels (EAL), which equate to the seven “Orange Book” levels.

These levels are:

¾ EAL1 – Functionally tested

¾ EAL2 – Structurally tested

¾ EAL3 – Methodically tested and checked

¾ EAL4 – Methodically designed, tested and reviewed

¾ EAL5 – Semi formally designed and tested

¾ EAL6 – Semi formally verified design and tested

¾ EAL7 – Formally verified design and tested

Further information on the common criterial EALs can be found at:

http://www.commoncriteriaportal.org/public/files/ccintroduction.pdf

Evaluation standards are of benefit because they provide formal validation of an operating system, allowing

the purchaser to know whether a proposed solution will address the security requirements. The standards

are also international and will not change from one country to the next.

Invalidating a Certification

There are a number of ways in which a certified operating system might be invalidated:

¾ By installing third party software that is not validated at the equivalent (or higher) security level.

¾ By installing operating system patches other than the recommended security patches. Sun provides

a list of irrelevant patches that can safely be applied and will not affect certification. Any other

patches might affect the certification.