Samsung MFP Security Kit Type_B V1.5 Security Target V1.1 Samsung Electronics Company This is proprietary information of Samsung Electronics.
Samsung MFP Security Kit Type_B V1.5 Security Target Document History VER SIO N 1.0 1.1 DATE 201006-08 201007-16 DESCRIPTION OF CHANGE SECTIONS AFFECTED Initial Version ALL Apply OR ALL - - 2 Copyright 2010 Samsung Electronics Co., Ltd.
Samsung MFP Security Kit Type_B V1.5 Security Target Contents Document History ..........................................................................2 Contents ........................................................................................3 List of Figures ................................................................................5 List of Tables .................................................................................6 1 Security Target Introduction...............................
Samsung MFP Security Kit Type_B V1.5 Security Target 5.2.3 Class AGD: Operational user guidance................................. 67 5.2.4 Class ALC: Life-cycle support ............................................. 69 5.2.5 Class ATE: Tests ............................................................... 72 5.2.6 Class AVA: Vulnerability analysis ........................................ 74 5.3 SECURITY REQUIREMENTS RATIONALE .............................................. 75 5.3.
Samsung MFP Security Kit Type_B V1.5 Security Target List of Figures Fugure 1: Operating Environment of the TOE ......................................... 10 Figure 2 : Physical Structure of MFP System Software ............................. 18 Figure 3: Logical Scope of the TOE ....................................................... 21 Figure 4 : Information Flow Summary ................................................... 89 5 Copyright 2010 Samsung Electronics Co., Ltd.
Samsung MFP Security Kit Type_B V1.5 Security Target List of Tables Table 2 : Details of Non-TOE Items ...................................................... 11 Table 3 : Specifications of the MFP that will use the TOE.......................... 13 Table 4 : Evaluated Software/Firmware for the TOE ................................ 19 Table 5 : Operations for each user type ................................................. 22 Table 6 : TSF data for each user type...............................................
Samsung MFP Security Kit Type_B V1.5 Security Target 1 Security Target Introduction 1.1 Security Target References Security Target Title : Security Target Version : Publication Date : Samsung MFP Security Kit Type_B V1.5 Security Target Authors : Organization for Security Target Certification : ST Evaluator : Samsung Electronics V1.1 July 16, 010 IT Security Certification Center (ITSCC) of National Intelligence Service (NIS) Korea System Assurance Co., Ltd.
Samsung MFP Security Kit Type_B V1.5 Security Target 1.3 TOE Overview The TOE is embedded software on SAMSUNG Multi-function printers (MFPs). These MFPs include copy, print, scan, scan-to-email, scan-toserver, and fax features. The TOE allows the MFPs to perform image overwrite, fax/network separation, identification, and authentication tasks. Table 1 shows the options that the SAMSUNG MFPs including the TOE provide. 8 Copyright 2010 Samsung Electronics Co., Ltd.
Samsung MFP Security Kit Type_B V1.5 Security Target Table 1: Models and Capabilities Print Copy Fax SCX-5835FN/SCX- Standa Standard Standard 5935FN rd Scan-toemail Scan-toserver Standard Standard The TOE is intended to operate in a network environment that is protected from external malicious attacks (e.g., DoS), and with reliable PCs and authenticated servers. A user is able to access the TOE by using a local user interface, client machine from remote user, or a web user interface.
Samsung MFP Security Kit Type_B V1.5 Security Target Fugure 1: Operating Environment of the TOE To operate TOE, additional non-TOE items such as hardware, firmware, and software are required. The following table shows the non-TOE items and their specifications. 10 Copyright 2010 Samsung Electronics Co., Ltd.
Samsung MFP Security Kit Type_B V1.5 Security Target Table 1 : Details of Non-TOE Items Types Items Objectives The TOE must be embedded in the MFP. MFP PC for system administrator PC for Web system administrator (or telnet system administrator) to access and manage TOE. PC for general user PC for general user to print or scan or copy with TOE Hardware Specification Refer to Table 3 Windows 2000 - CPU: Pentium II 400 MHz or higher - Memory: 64 MB or higher - HDD: 0.
Samsung MFP Security Kit Type_B V1.5 Security Target Types Items Objectives Specification - Memory: 512 MB or higher - HDD: 10 GB or higher • Mac OS X 10.3 ~ 10.4 - CPU: Power PC G4/G5, Intel Processors - Memory: 128 MB Macintosh based on Power PC - HDD: 1 GB or higher • Mac OS X 10.5 - CPU: 867 MHz or Power PC G4/G5 - Memory: 512 MB or higher - HDD: 1 GB or higher • Mac OS X 10.6 - CPU: Intel Processors - Memory: 1 GB or higher - HDD: 1 GB or higher • Linux RedHat 8.0, 9.
Samsung MFP Security Kit Type_B V1.5 Security Target Types Items Objectives Specification SuSE Linux Enterprise Desktop 9, 10 (32/64bit) Ubuntu 6.06, 6.10, 7.04 (32/64bit) Debian 3.1, 4.0 (32/64bit) Mac OS X 10.3 ~ 10.6 RTOS Web browser that can serve SSL communication Printer driver 소프트웨어 SmarThru Office SyncThru 5 Operating system embedded in MFP.
Samsung MFP Security Kit Type_B V1.5 Security Target Image Overwrite User data created during the printing, network scanning, scan-to-email, or scan-to-server processes is immediately recorded on the hard disk drive. One of the core TOE functionalities is an image overwrite function for clearly erasing image data generated during copying, printing, network scanning, scan-to-email, and/or scan-to-server tasks. The image data is completely overwritten from one time to seven times.
Samsung MFP Security Kit Type_B V1.5 Security Target authentication process of the local system should input a PIN into the local user Interface. The telnet administrator should input an ID and a password into the telnet interface. To retain a user’s own file, the Stored Documents feature is provided. Documents can be stored using two methods: Public or Secured. When a user stores documents using the Public option, all users can access and use the documents.
Samsung MFP Security Kit Type_B V1.5 Security Target System audit log The system audit logs include system-pertinent information. Because hackers can attack the TOE with bad intentions, the system audit logs must be securely protected. The audit logs that are generated by system may include system data that might be abused; hence, it should be protected from all attack attempts.
Samsung MFP Security Kit Type_B V1.5 Security Target Telnet administrator The telnet administrator role manages the network configuration of the MFP by using the telnet interface. This role performs the network configuration (TCP/IP, WINS, LPD, Raw TCP/IP Printing) of the MFP. General User The general user accesses the Samsung MFP through the LUI or the user’s PC. From the local user interface, users can perform copy, fax, or scan jobs.
Samsung MFP Security Kit Type_B V1.5 Security Target 1.4 TOE Description This section provides detailed information for the TOE evaluator and potential customer about the TOE security functions. It includes descriptions of the physical scope and logical scope of the TOE. 1.4.
Samsung MFP Security Kit Type_B V1.5 Security Target The TOE is for general users and system administrators. The following three kinds of manuals are provided with this TOE through a CD or the Web: The user guide/troubleshooting guide describe how to install and how to use the MFP. It also provides examples of how to deal with exceptional cases. The security administrator’s guide describes how to use security functions that the TOE provides.
Samsung MFP Security Kit Type_B V1.5 Security Target The network software has a web server that can be an interface between system administrators and an MFP.
Samsung MFP Security Kit Type_B V1.5 Security Target Figure 3: Logical Scope of the TOE Data Access Control (TSF_DAC) The TOE prevents unauthorized use of the user-created data, which is called preserved file; the user-created data is divided into two categories, Public and Secured. When a user stores a document as Public, all users can access and use the file. A file stored as Secured can only be accessed by the user who stored the file.
Samsung MFP Security Kit Type_B V1.
Samsung MFP Security Kit Type_B V1.5 Security Target The TOE provides management functions about TSF data, security functions, and security configurations. Only authorized web, local, or telnet administrators can access the management functions related to security. Accessible functions for each user type are described in Table 5. Security functions for the web administrator are setting security audit functions, downloading audit logs, and managing the account for a web administrator.
Samsung MFP Security Kit Type_B V1.5 Security Target scan-to-email, or scan-to-server process. Immediately after the job has been completed, the files on the hard disk drive are overwritten using one to seven passes for the overwrite procedure.
Samsung MFP Security Kit Type_B V1.5 Security Target Network access control (TSF_NAC) The TOE can control access to the TOE resources through the network from outside TOE by changing the port number and enabling/disabling protocol. The administrator only allows access from the port configured by changing the protocol’s port number in the interface used to configure the network protocol. The administrator can also control service access from outside of TOE by enabling/disabling protocol.
Samsung MFP Security Kit Type_B V1.5 Security Target 1.6 Terms and definitions The terms in this security target basically follows the same terms used in common criteria. Assets Entities that the owner of the TOE presumably places value upon. Assignment The specification of an identified parameter in a component (of the CC) or requirement. Attack potential A measure of the effort to be expended in attacking a TOE, expressed in terms of an attacker's expertise, resources and motivation.
Samsung MFP Security Kit Type_B V1.5 Security Target Element An indivisible statement of security need. Evaluation assurance level (EAL) An assurance package, consisting of assurance requirements drawn from CC Part 3, representing a point on the CC predefined assurance scale. External entity Any entity (human or IT) outside the TOE that interacts (or may interact) with the TOE. Family A grouping of components that share a similar goal but may differ in emphasis or rigor. Identity A representation (e.g.
Samsung MFP Security Kit Type_B V1.5 Security Target A specific type of action performed by a subject on an object. Organizational security policy (OSP) A set of security rules, procedures, or guidelines imposed (or presumed to be imposed) now and/or in the future by an actual or hypothetical organization in the operational environment. Refinement The addition of details to a component. Role A predefined set of rules establishing the allowed interactions between a user and the TOE.
Samsung MFP Security Kit Type_B V1.5 Security Target TOE Security Functionality (TSF) A set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the SFRs. Trusted IT product An IT product other than the TOE which has its security functional requirements administratively coordinated with the TOE and which is assumed to enforce its security functional requirements correctly (e. g. by being separately evaluated).
Samsung MFP Security Kit Type_B V1.5 Security Target Fax-to-email This is a function that transmits received fax image to email through internal network. This function is enabled only when mail server and address are configured. Security printing (Secure Print, Secured printing, Security printing) When a user stores file in MFP from remote client PC, the user must set security printing configuration and assign a PIN on the file.
Samsung MFP Security Kit Type_B V1.5 Security Target This is a function that transmits scanned data to a remote server from local user interface. Only authorized network scan service users can use this function. Scan-to-email This is a function that transmits scanned data to a remote email server from local user interface. Only authorized network scan service users can use this function. System Administrator An authorized user who manages TOE-embedded MFP.
Samsung MFP Security Kit Type_B V1.5 Security Target Public Print A file that a user stored using the Public option. It is open to every user. Electronic Image Data Image data created through an MFP’s scanner. Image data can be printed out (copy function) or be stored on the MFP’s HDD. Automatic Image Overwrite The Automatic Image Overwrite automatically carries out overwriting operations on temporary image files at the end of each job such as copy/scan/Netscan, scan-to-email, or scan-to-server.
Samsung MFP Security Kit Type_B V1.5 Security Target Embedded FAX Fax job that transmits scanned data in the MFP through the fax line and receives fax data directly from the fax line on the MFP, and then prints the data. HIPAA (Health Insurance Portability and Accountability Act) Policy that creates and reviews the records about performed job in system using hardware, software, and procedural mechanism to monitor potential violation of security rules.
Samsung MFP Security Kit Type_B V1.5 Security Target Telnet interface for system administrators to manage MFP through the MFP’s telnet protocol. Telnet (system) administrator Telnet system administrator to manage Samsung MFP Security Kit Type_B V1.5 through telnet UI. The main roles are to inquire and change protocol and port. General user The user to use the MFP system through the LUI and user’s client PC. The main roles are to execute copy, fax, scan, and print jobs.
Samsung MFP Security Kit Type_B V1.5 Security Target Definition Acronyms SFR Security Functional Requirement ST Security Target TOE Target of Evaluation TSF Target Security Functionality UI User Interface Web UI Web User Interface MMR Modified modified READ coding MR Modified READ Coding MH Modified Huffman coding AES Advanced Encryption Standard CAC Common Access Card 1.
Samsung MFP Security Kit Type_B V1.5 Security Target 2 Conformance Claims Conformance Claims describe how this Security Target document complies with the common evaluation standard, the protective profile and package. 2.1 Common Criteria Conformance This ST claims conformance to the CC v3.1: Common Criteria Identification Common Criteria for information Technology Security Evaluation, Part 1: Introduction and general model, version 3.1r3, 2009.
Samsung MFP Security Kit Type_B V1.5 Security Target 3 Definition of Security Problems 3.1 Threats Threat agents are IT entities or users that can adversely access the internal asset or harm the internal asset in an abnormal way. The threat agents are assumed in this ST to have low-level of expertise, resources, and motivation. The threats that described in this chapter will be resolved by security objectives in chapter 4. T.
Samsung MFP Security Kit Type_B V1.5 Security Target 3.2 Organizational Security Policy This section describes the organizational security policies that the TOE or operational environment should follow. P.HIPAA_OPT In order to keep track of security-relevant actions according to HIPAA policy, the TOE should precisely leave the job history on record and safely maintain their related security events, and properly go over the recorded data. P.
Samsung MFP Security Kit Type_B V1.5 Security Target The environment of the TOE provides reliable time-stamps for accurate audit logs about the TOE. A.SSL SSL protocol is used to serve safe communication between the user’s client PC or web system administrator’s PC and TOE through a web interface. Therefore, it provides confidentiality and integrity of data transferred between TOE and the web system administrator. A.
Samsung MFP Security Kit Type_B V1.5 Security Target 4 Security Objectives The security objectives are categorized into two parts: the objectives for the TOE and for the operational environment. The purpose of the former is to meet the goal to resolve the definition of security problems/threats. The latter is to meet the goal to support technical/procedural ways that provide the functionality of security. 4.
Samsung MFP Security Kit Type_B V1.5 Security Target O.IMAGE_OVERWRITE The TOE provides an Image Overwrite function to enhance the security of the MFP. The Automatic Image Overwrite function overwrites temporary document image data at the completion of each copy, print, network scan, or scan-to-email job. The appropriate sections on the hard disk drive are overwritten one to seven times. O.
Samsung MFP Security Kit Type_B V1.5 Security Target The TOE environment must protect user data from disclosure, or modification, by establishing a firewall system between external and internal network systems. OE.TIME_STAMP The operational environment must provide a reliable time stamp to mark entries in the security log. OE. SSL In case that web system administrator’s PC communicates with TOE by using a web interface, data should be transferred by SSL protocol to guarantee confidentiality and integrity.
Samsung MFP Security Kit Type_B V1.5 Security Target X T.DATA_ACCESS X T. RECOVER T.CERTIFICATION_ TRIAL_IN_A_ROW X X T. INFAX T.UNAUTHORIZED_ ACCESS_ON_TOE X X T.CHANGE_AND_RE AD_STORAGE_DAT A X X T.TOE_ACCESS_ON _NETWORK X P.HIPAA_OPT P.SAFE_MANAGEME NT X A.PHYSICAL_SECUR ITY X X A.TRUSTED_ADMIN A.TRUSTED_NETW ORK X X A.TIMESTAMP A.SSL X A.IDENTIFICATION _AND_AUTHENTICA TION_ON_CAC 4.3.1 X Rationale for the TOE Security Objectives O.
Samsung MFP Security Kit Type_B V1.5 Security Target satisfies the T.UNAUTHORIZED_ACCESS_ON_TOE, and support A.TRUSTED_ADMINISTRATOR because the TOE is managed only by the system administrator in a safe management environment. O.NETWORK_ACCESS_CONTROL This security objective prevents the access of MFP from unauthorized network protocol service and port. Therefore, the TOE satisfies the T.TOE_ACCESS_ON_NETWORK. O.
Samsung MFP Security Kit Type_B V1.5 Security Target The security objective prevents the access of nonstandard fax data from fax modem. Therefore, the TOE satisfies the T.INFAX. 4.3.2 Rationale for Security Requirements for the Environment OE.PHYSICAL_SECURITY The IT environment provides the TOE with appropriate physical security that is placed in a manned office environment secured from unauthorized physical access, falsification, or interference. Therefore, it supports assumption of A.PHYSICAL_SECURITY.
Samsung MFP Security Kit Type_B V1.5 Security Target 5 Security Requirements 5.1 Security Functional Requirement (SFR) Table 8 : Security Functional Requirement Class Security Functional components Security Audit Cryptographic Support User Data Protection Identification and Authentication FAU_GEN.1 Audit data generation FAU_SAR.1 Audit review FAU_SAR.2 Restricted audit review FAU_STG.1 Protected audit trail storage FAU_STG.4 Prevention of audit data loss FCS_CKM.
Samsung MFP Security Kit Type_B V1.5 Security Target Class Security Functional components Action (2) Security Management TSF Protection 5.1.1 FIA_UAU.7 Protected Authentication Feedback FIA_UID.2 User identification before any action FMT_MOF.1 Management of Security Functions Behavior FMT_MTD.1 Management of TSF data FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security roles FPT_RCV.4 Function recovery Class FAU: Security Audit 5.1.1.1 FAU_GEN.
Samsung MFP Security Kit Type_B V1.5 Security Target Table 9 : Audit Event SFR Audit Event FDP_IFF.1(1) Decision to admit requested information flow. FMT_MOF.1 Configuration change of security audit function, or Start/stop image overwrite. FMT_MTD.1 Query/change of security audit function. 5.1.1.2 FAU_SAR.1 Audit review Hierarchical to: No other components. Dependencies: FAU_GEN.1 Audit data generation FAU_SAR.1.
Samsung MFP Security Kit Type_B V1.5 Security Target FAU_STG.4.1 5.1.2 The TSF shall overwrite the oldest stored audit records and [no other actions] if the audit trail is full. Class FCS: Cryptographic support 5.1.2.1 FCS_CKM.1 Cryptographic key generation Hierarchical to: No other components Dependencies: FCS_COP.1 Cryptographic operation FCS_CKM.4 Cryptographic key destruction FCS_CKM.1.1 5.1.2.2 FCS_CKM.
Samsung MFP Security Kit Type_B V1.5 Security Target 5.1.3 Class FDP: User data protection 5.1.3.1 FDP_IFC.2(1) Complete information flow control (1) Hierarchical to: FDP_IFC.1 Subset information flow control Dependencies: FDP_IFF.1 Simple security attributes FDP_IFC.2.1 The TSF shall enforce the [fax flow control policy] on [ Subject List - Fax image user Information List - Fax image ] and all operations that cause that information to flow to and from subjects covered by the SFP. FDP_IFC.
Samsung MFP Security Kit Type_B V1.5 Security Target FDP_IFF.1.2 The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: [ • When security properties of information received from a fax line is Standard fax image specification (MMR, MR, or MH of T.4 specification), information flow is permitted from fax memory to network memory.
Samsung MFP Security Kit Type_B V1.5 Security Target any subject in the TOE are covered by an information flow control SFP. 5.1.3.4 FDP_IFF.1(2) Simple security attributes (2) Hierarchical to: No other components Dependencies: FDP_IFC.1 Subset information flow control FMT_MSA.3 Static attribute initialization FDP_IFF.1.
Samsung MFP Security Kit Type_B V1.5 Security Target 5.1.3.5 FDP_RIP.1 Subset residual information protection Hierarchical to: No other components. Dependencies: No dependencies. FDP_RIP.1.1 5.1.4 The TSF shall ensure that any previous information content of a file is overwritten according to the number of times for Image Overwrite which is set upon the deallocation of the resource from the following objects: [Stored File on the hard disk drive]. Class FIA: Identification and authentication 5.1.
Samsung MFP Security Kit Type_B V1.5 Security Target FIA_AFL.1.1 The TSF shall detect when [3] unsuccessful authentication attempt occurs related to [authentication of the telnet administrator]. FIA_AFL.1.2 When the defined number of unsuccessful authentication attempts has been met, the TSF shall [lockout the telnet administrator’s login for a period of 1 minute on the telnet interface]. 5.1.4.4 FIA_UAU.2 (1) (1) User authentication before any action Hierarchical to: FIA_UAU.
Samsung MFP Security Kit Type_B V1.5 Security Target FIA_UID.2.1 The TSF shall require each System administrator to be successfully identified before allowing any other TSF-mediated actions on behalf of that System Administrator. Application note: Local administrator performs with authentication by PIN, without any identification function. 5.1.5 Class FMT: Security Management 5.1.5.1 FMT_MOF.1 Management of security functions behavior Hierarchical to: No other components. Dependencies: FMT_SMR.
Samsung MFP Security Kit Type_B V1.5 Security Target FMT_MTD.1.1 The TSF shall restrict the ability to delete, modify, query, [download] the [user’s role corresponding with TSF data listed on the Table 12 below and operation]. Table 11 : Operation and Role of each TSF Data List TSF Data Operation Role Authentication information of web administrator Modify Web administrator Query, Modify Web administrator Record security audit log.
Samsung MFP Security Kit Type_B V1.5 Security Target Table 12 : Management Functions of TOE Specification of security functions Management functions of TOE FAU_SAR.1 Maintain the user group who can read the security audit records. (add, modify, delete) FIA_UAU.2 a) Manage authentication data by system administrator. b) Manage authentication data related with secured data. FIA_UID.2 Manage the user’s identification. FDP_RIP.1 Manage when residual information is collected. FDP_IFF.
Samsung MFP Security Kit Type_B V1.5 Security Target - Power off (blackout) during image overwriting job ] have the property that the function either completes successfully, or for the indicated failure scenarios, recovers to a consistent and secure state. 5.2 Security Assurance Requirements (SAR) Security assurance requirements (SAR) defined in this document consists of assurance component in Common Evaluation Standard part 3. The Evaluation Assurance Levels (EALs) is EAL3.
Samsung MFP Security Kit Type_B V1.5 Security Target Assurance Class AVA: Vulnerability Assessment 5.2.1 Assurance components AVA_VAN.2 Vulnerability analysis Class ASE: Security Target evaluation 5.2.1.1 ASE_CCL.1 Dependencies: Conformance claims ASE_INT.1 ST introduction ASE_ECD.1 Extended components definition ASE_REQ.1 Stated security requirements Developer action elements: ASE_CCL.1.1D The developer shall provide a conformance claim. ASE_CCL.1.
Samsung MFP Security Kit Type_B V1.5 Security Target ASE_CCL.1.8C The conformance claim rationale shall demonstrate that the statement of the security problem definition is consistent with the statement of the security problem definition in the PPs for which conformance is being claimed. ASE_CCL.1.9C The conformance claim rationale shall demonstrate that the statement of security objectives is consistent with the statement of security objectives in the PPs for which conformance is being claimed.
Samsung MFP Security Kit Type_B V1.5 Security Target conformance or nonconformance to these elements can be demonstrated. Evaluator action elements: ASE_ECD.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ASE_ECD.1.2E The evaluator shall confirm that no extended component can be clearly expressed using existing components. 5.2.1.3 ASE_INT.1 Dependencies: ST Introduction No dependencies. Developer action elements: ASE_INT.
Samsung MFP Security Kit Type_B V1.5 Security Target Developer action elements: ASE_OBJ.2.1D The developer shall provide a statement of security objectives. ASE_OBJ.2.2D The developer shall provide security objectives’ rationale. Content and presentation elements: ASE_OBJ.2.1C The statement of security objectives shall describe the security objectives for the TOE and the security objectives for the operational environment. ASE_OBJ.2.
Samsung MFP Security Kit Type_B V1.5 Security Target ASE_REQ.2.2D The developer shall provide security requirements’ rationale. Content and presentation elements: ASE_REQ.2.1C The statement of security requirements shall describe the SFRs and the SARs. ASE_REQ.2.2C All subjects, objects, operations, security attributes, external entities and other terms that are used in the SFRs and the SARs shall be defined. ASE_REQ.2.
Samsung MFP Security Kit Type_B V1.5 Security Target ASE_SPD.1.1C The security problem definition shall describe the threats. ASE_SPD.1.2C All threats shall be described in terms of a threat agent, an asset, and an adverse action. ASE_SPD.1.3C The security problem definition shall describe the OSPs. ASE_SPD.1.4C The security problem definition shall describe the assumptions about the operational environment of the TOE. Evaluator action elements: ASE_SPD.1.1E 5.2.1.7 ASE_TSS.
Samsung MFP Security Kit Type_B V1.5 Security Target ADV_ARC.1.1D The developer shall design and implement the TOE so that the security features of the TSF cannot be bypassed. ADV_ARC.1.2D The developer shall design and implement the TSF so that it is able to protect itself from tampering by untrusted active entities. ADV_ARC.1.3D The developer shall provide a security architecture description of the TSF. Content and presentation elements: ADV_ARC.1.
Samsung MFP Security Kit Type_B V1.5 Security Target ADV_FSP.3.1C The functional specification shall completely represent the TSF. ADV_FSP.3.2C The functional specification shall describe the purpose and method of use for all TSFI. ADV_FSP.3.3C The functional specification shall identify and describe all parameters associated with each TSFI. ADV_FSP.3.4C For each SFR-enforcing TSFI, the functional specification shall describe the SFR-enforcing actions associated with the TSFI. ADV_FSP.3.
Samsung MFP Security Kit Type_B V1.5 Security Target ADV_TDS.2.3C The design shall describe the behavior of each SFR non-interfering subsystem of the TSF in detail sufficient to determine that it is SFR noninterfering. ADV_TDS.2.4C The design shall describe the SFR-enforcing behavior of the SFR-enforcing subsystems. ADV_TDS.2.5C The design shall summarize the SFR-supporting and SFR-non-interfering behavior of the SFRenforcing subsystems. ADV_TDS.2.
Samsung MFP Security Kit Type_B V1.5 Security Target AGD_OPE.1.3C The operational user guidance shall describe, for each user role, the available functions and interfaces, in particular all security parameters under the control of the user, indicating secure values as appropriate. AGD_OPE.1.
Samsung MFP Security Kit Type_B V1.5 Security Target environment in accordance with the security objectives for the operational environment as described in the ST. Evaluator action elements: AGD_PRE.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AGD_PRE.1.2E The evaluator shall apply the preparative procedures to confirm that the TOE can be prepared securely for operation. 5.2.4 Class ALC: Life-cycle support 5.2.4.
Samsung MFP Security Kit Type_B V1.5 Security Target ALC_CMC.3.7C The evidence shall demonstrate that all configuration items are being maintained under the CM system. ALC_CMC.3.8C The evidence shall demonstrate that the CM system is being operated in accordance with the CM plan. Evaluator action elements: ALC_CMC.3.1E 5.2.4.2 ALC_CMS.3 coverage Dependencies: The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
Samsung MFP Security Kit Type_B V1.5 Security Target ALC_DEL.1.1C The delivery documentation shall describe all procedures that are necessary to maintain security when distributing versions of the TOE to the consumer. Evaluator action elements: ALC_DEL.1.1E 5.2.4.4 ALC_DVS.1 Dependencies: The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.. Identification of security measures No dependencies. Developer action elements: ALC_DVS.1.
Samsung MFP Security Kit Type_B V1.5 Security Target ALC_LCD.1.1C The life-cycle definition documentation shall describe the model used to develop and maintain the TOE. ALC_LCD.1.2C The life-cycle model shall provide for the necessary control over the development and maintenance of the TOE. Evaluator action elements: ALC_LCD.1.1E 5.2.5 The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Class ATE: Tests 5.2.5.1 ATE_COV.
Samsung MFP Security Kit Type_B V1.5 Security Target ATE_DPT.1.1D The developer shall provide the analysis of the depth of testing. Content and presentation elements: ATE_DPT.1.1C The analysis of the depth of testing shall demonstrate the correspondence between the tests in the test documentation and the TSF subsystems in the TOE design. ATE_DPT.1.2C The analysis of the depth of testing shall demonstrate that all TSF subsystems in the TOE design have been tested. Evaluator action elements: ATE_DPT.1.
Samsung MFP Security Kit Type_B V1.5 Security Target 5.2.5.4 ATE_IND.2 Dependencies: Independent testing - sample ADV_FSP.2 Security-enforcing functional specification AGD_OPE.1 Operational user guidance AGD_PRE.1 Preparative procedures ATE_COV.1 Evidence of coverage ATE_FUN.1 Functional testing Developer action elements: ATE_IND.2.1D The developer shall provide the TOE for testing. Content and presentation elements: ATE_IND.2.1C The TOE shall be suitable for testing. ATE_IND.2.
Samsung MFP Security Kit Type_B V1.5 Security Target Evaluator action elements: 5.3 AVA_VAN.2.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AVA_VAN.2.2E The evaluator shall perform a search of public domain sources to identify potential vulnerabilities in the TOE. AVA_VAN.2.
Samsung MFP Security Kit Type_B V1.5 Security Target TOE Security Objectives FAU_STG.4 X FCS_CKM.1 X FCS_CKM.4 X FCS_COP.1 X O.FAXLINE X O. STORAGE_DATA_ENCR YPTION FAU_STG.1 O.NETWORK_ACCESS_ CONTROL X O.HANDLING_AUTHENT ICATION_FAILURE FAU_SAR.2 O.IMAGE_OVERWRITE X O.IDENTIFICATION_AN D_AUTHENTICATION_O N_ADMINISTRATOR FAU_SAR.1 O.CONTROL_DATA_AC CESS X O. MANAGE O. AUDITS FAU_GEN.1 FDP_IFC.2(1 ) X FDP_IFF.1(1 ) X FDP_IFC.2(2 ) X FDP_IFF.1(2 ) X FDP_RIP.1 X FIA_AFL.
Samsung MFP Security Kit Type_B V1.5 Security Target TOE Security Objectives O.FAXLINE O. STORAGE_DATA_ENCR YPTION O.NETWORK_ACCESS_ CONTROL O.HANDLING_AUTHENT ICATION_FAILURE O.IMAGE_OVERWRITE O.IDENTIFICATION_AN D_AUTHENTICATION_O N_ADMINISTRATOR O.CONTROL_DATA_AC CESS O. MANAGE O. AUDITS FIA_UAU.2(1 ) X FIA_UAU.2(2 ) X FIA_UAU.7 X FIA_UID.2 X X FMT_MOF.1 X FMT_MTD.1 X FMT_SMF.1 X FMT_SMR.1 X FPT_RCV.4 X FAU_GEN.
Samsung MFP Security Kit Type_B V1.5 Security Target This component is required to ensure the ability to protect the security audit log in storage from unauthorized users. Therefore, it satisfies security object O.AUDITS. FAU_STG.4 (Prevention of audit data loss) This component is required to ensure the ability to overwrite the security audit log when storage is full of log data, and also to prevent unauthorized changes to the audit log. Therefore, it satisfies security object O.AUDITS. FCS_CKM.
Samsung MFP Security Kit Type_B V1.5 Security Target This component is required to ensure the ability to define roles for fax flow control policy and enforce the fax flow control policy based on roles defined. Therefore, it satisfies security object O.NETWORK_ACCESS_CONTROL. FDP_RIP.1 (Subset Residual Information Protection) It is ensured that in case of deleting the stored file from the hard disk drive, this component completely deletes the stored file by the number of times for Image Overwrite.
Samsung MFP Security Kit Type_B V1.5 Security Target This component ensures that fake characters (e.g. asterisk [*]) are displayed for each digit entered to hide the value entered. Therefore, it satisfies security object O. CONTROL_DATA_ACCESS, and O. IDENTIFICATION_AND_AUTHENTICATION_ON_ADMINISTRATOR FIA_UID.2 (User identification before any action) This component ensures the identification of system administrators before granting access to the TOE. Therefore, it satisfies security object O.
Samsung MFP Security Kit Type_B V1.5 Security Target of independently assured security, and require a thorough investigation of the TOE and its development without substantial re-engineering. To understand security actions, EAL3 provides assurance using the specifications of function or interface, guidance, and structural explanation of the TOE structure by analyzing SFR included in a complete ST.
Samsung MFP Security Kit Type_B V1.5 Security Target FIA_UAU.2(2) has a subordinate relationship with FIA_UID.1, but because security printing supports authentication by the PIN number without identification, FIA_UID.1 is not required. Table 15 : Dependencies on the TOE Security Functional Components Nu mb er Functional Component ID Dependencies Reference Number 1 FAU_GEN.1 FPT_STM.1 * 2 FAU_SAR.1 FAU_GEN.1 1 3 FAU_SAR.2 FAU_SAR.1 2 4 FAU_STG.1 FAU_GEN.1 1 5 FAU_STG.4 FAU_STG.
Samsung MFP Security Kit Type_B V1.5 Security Target Nu mb er Functional Component ID Dependencies Reference Number 20 (Hierarchically by FIA_UID.2) 20 (Hierarchically by FIA_UID.2) 17, 18 (Hierarchically by FIA_UAU.2(1),(2)) 17 FIA_UAU.2(1) FIA_UID.1 18 FIA_UAU.2(2) FIA_UID.1 19 FIA_UAU.7 FIA_UAU.1 20 FIA_UID.2 22 FMT_MOF.1 FMT_SMF.1, FMT_SMR.1 24, 25 23 FMT_MTD.1 FMT_SMF.1, FMT_SMR.1 24, 25 24 FMT_SMF.1 25 FMT_SMR.1 26 FPT_RCV.4 - - - 20 (Hierarchically by FIA_UID.
Samsung MFP Security Kit Type_B V1.5 Security Target 6 TOE SUMMARY SPECIFICATION This section presents an overview of the security functions implemented by the TOE and the assurance measures applied to ensure their correct implementation. 6.1 TOE Security Functions This section presents the security functions performed by the TOE to satisfy the identified SFRs in Section 5.2.
Samsung MFP Security Kit Type_B V1.
Samsung MFP Security Kit Type_B V1.5 Security Target overwriting job. Because the audit records are only available to the authorized web administrators, unauthorized users cannot change or delete them. Audit records can be downloaded by using the Web interface for review and analysis. When storage is full of log data, the latest records overwrite the oldest audit records. Relevant SFR : FAU_STG.4, 6.1.3 FAU_GEN.1, FAU_SAR.1, FAU_SAR.2, FAU_STG.
Samsung MFP Security Kit Type_B V1.5 Security Target Protocol management Disable, Enable Administrator Image Overwrite Disable, Enable, Determine the behavior of, Modify the behavior of Local administrator Table 18 : Operation and Role of each TSF Data List TSF Data Operation Role Authentication information of web administrator Modify Web administrator Configurations on the security audit enabling/disabling. Query, Modify Web administrator Record security audit log.
Samsung MFP Security Kit Type_B V1.5 Security Target asterisk (*) for each digit entered, and just provides ambiguous feedback with success or fail information. This prevents users from acquiring any information during the trial. The authentication process will be delayed for 3 minutes if wrong passwords are entered 3 times in succession in a local user interface. If wrong passwords were entered 3 times in succession in the web user interface, the web browser displays an error message.
Samsung MFP Security Kit Type_B V1.5 Security Target malignant codes are discovered, the TOE destroys the fax image. Fax security functions follow the fax flow control policy. The fax flow control policy is as follows: Direct access to a received fax image from the fax modem to the user PC through the internal network is not possible. Communication can be made only through TOE. The fax image received from the fax line is inspected first.
Samsung MFP Security Kit Type_B V1.5 Security Target 6.1.7 Network Access Control (TSF_NAC) The MFP system including the TOE has a network interface card (network card) connected to an external network. The MFP system can send/receive data and MFP configuration information and, thus, is able to configure MFP settings.
Samsung MFP Security Kit Type_B V1.5 Security Target Table 19 : Component Relationship between the TOE Security Function and SFR Security Function TOE Security Function FAU_STG.1 X FAU_STG.4 X FCS_CKM.1 X FCS_CKM.4 X FCS_COP.1 X Information flow X Network Access Control FAU_SAR.2 Storage Data Encryption X Image overwrite FAU_SAR.1 System Authentication X Security Management Security Audit Data Access Control FAU_GEN.1 FDP_IFC.2(1) X FDP_IFF.1(1) X FDP_IFC.2(2) X FDP_IFF.
Samsung MFP Security Kit Type_B V1.5 Security Target TOE Security Function X FMT_MOF.1 X FMT_MTD.1 X FMT_SMF.1 X FMT_SMR.1 X FPT_RCV.4 X 92 Copyright 2010 Samsung Electronics Co., Ltd., All rights reserved Information flow Network Access Control Storage Data Encryption Image overwrite System Authentication Security Management Security Audit Data Access Control FIA_UID.
