HP-UX 11i v3 Update 3のCCOSPP(Common Criteria Compartment Protection Profile)とは

HP-UX11i


HP-UX 11i v3 Update 3のプレスがありました。


ミッションクリティカル環境での仮想化機能を強化した「HP-UX 11i v3 Update 3」を発表
〜性能が大幅に向上し、セキュリティ、省電力などの機能も強化した“統合IT基盤”を支えるOSを提供〜
http://h50146.www5.hp.com/info/newsroom/pr/fy2008/fy08-174.html


HP-UXはもともとCAPP,RBACPPでEAL4+を取得していたのですが、気になる文面がありました。


HP-UX11i v3 Update 3 ミッションクリティカル環境に対応する統合仮想化技術をリード
http://h50146.www5.hp.com/products/software/oe/hpux/topics/update3.html

また、すでに認証を取得しているコモンクライテリア(ISO/IEC15408)セキュリティ認定に加え、コンパートメント機能にも対応する さらに上位のプロテクションプロファイルであるCCOPP (Common Criteria Compartment Protection Profile)についても現在、評価作業中です。


CCOPP (Common Criteria Compartment Protection Profile)とは?


実物あった↓
COTS Compartmentalized Operations Protection Profile
http://www.commoncriteriaportal.org/files/ppfiles/CCOPP-OSv2-0.pdf


28ページ目の
5.2.7 Mandatory Access Control Policy Rules (FDP_IFF.1)

The compartmental label of the subject is a single nonhierarchical category. A CCOPP-OS conformant TOE may allow a subject to have multiple labels simultaneously. The compartment label of the object may be a ‘conceptual label’, for example taking the form of access rules that dictate how subjects in each compartment may access the object.


Security ContainmentのためのPPみたいな


HP-UX Secure Resource Partitions
http://h71028.www7.hp.com/enterprise/cache/257424-0-0-0-121.html

These components are in the Common Criteria evaluated configuration of HP-UX 11i v3 certified against the COTS Compartmentalized Protection Profile - Operating Systems (CCOPP-OS). SRP’s can be configured in a vPars and nPar which are also in the evaluated configuration. The benefit is a third-party evaluation of protections against an approved protection profile. SRP is a safe method of partitioning insuring that an application within an SRP is isolated.


HP-UX 11i v3 Update 3: Greater protection
http://h20338.www2.hp.com/hpux11i/cache/605676-0-0-0-121.html

HP-UX 11i v3 is in evaluation against the new Common Criteria Compartment Protection Profile (CCOPP) which includes compartments, vPars, nPars, CAPP, RBAC, and more. CCOPP is an independent evaluation against the most comprehensive protection profile, assuring customers the effectiveness of vendors’ security solutions.