Security Target SQL Server 2008 Team Author: Roger French Version: 1.2 Date: 2009-01-23 Abstract This document is the Security Target (ST) for the Common Criteria certification … database engine of Microsoft® SQL Server® 2008. Keywords CC, ST, Common Criteria, SQL, Security Target Security Target Microsoft SQL Server 2008 Database Engine Common Criteria Evaluation Page 2/56 This page intentionally left blank Security Target Microsoft SQL Server 2008 Database Engine Common Criteria ….
Security Target Microsoft SQL Server 2008 Database Engine Common Criteria Evaluation Page 9/56 Figure 1: TOE As seen in Figure 1 the TOE internally comprises the following logical units: The Communication part is the interface for programs accessing the TOE. It is the interface between the TOE and clients performing requests. All responses to user application requests return to the client through this part of the TOE. The Relational Engine is the core of the database engine and is responsible for all security relevant decisions. The relational engine establishes a user context, syntactically checks every Transact SQL (T-SQL) statement, compiles every statement, checks permissions to determine if the statement can be executed by the user associated with the request, optimizes the query request, builds and caches a query plan, and executes the statement. The Storage Engine is a resource provider. When the relational engine attempts to execute a T-SQL statement that accesses an object for the first time, it calls upon the storage engine to retrieve the object, put it into memory and return a pointer to the execution engine. To perform these tasks, the storage engine manages the physical resources for the TOE by using the Windows OS. The SQL-OS is a resource provider for all situations where the TOE uses functionality of the operating system. SQL-OS provides an abstraction layer over common OS functions and was designed to reduce the number of context switches within the TOE. SQL-OS especially contains functionality for Task Management and for Memory Management. For Task Management the TOE provides an OS-like environment for threads, including scheduling, and synchronization —all running in user mode, all (except for I/O) without calling the Windows Operating System….. Security Target Microsoft SQL Server 2008 Database Engine Common Criteria Evaluation Page 11/56 Table 1: Hardware and Software Requirements CPU ? Pentium III compatible at 1 GHz or faster (for the 32 bit edition) ? AMD Opteron, AMD Athlon 64, Intel Xeon with Intel EM64T support, Intel Pentium IV with EM64T support at 1.4 GHz or faster 1 RAM 512 MB Hard Disk Approx 1500 MB of free space Other DVD ROM drive, display at Super VGA resolution, Microsoft mouse compatible pointing device, keyboard Software Windows Server 2008 Enterprise Edition (in 64 or 32 bit) , English version, version 6.0.6001 .NET Framework 3.5 SP 1 Windows Installer 4.5 The following guidance documents and supportive information belong to the TOE: ? SQL Server 2008 Books Online: This is the general guidance documentation for the complete SQL Server 2008 platform ? SQL Server Guidance Addendum / Installation / Startup: This document contains the aspects of the guidance that are specific to the evaluated configuration of SQL Server 2008 The website https://www.microsoft.com/sql/commoncriteria/2008/EAL1/default.mspx contains additional information about the TOE and its evaluated configuration. Also the guidance addendum that describes the specific aspects of the certified version can be obtained via this website. The guidance addendum extends the general guidance of SQL Server 2008 that ships along with the product in form of Books Online. This website shall be visited before using the TOE. 1.3.3 Architecture of the TOE The TOE which is described in this ST comprises one instance of the SQL Server 2008 database engine but has the possibility to serve several clients simultaneously. 1.3.4 Logical Scope and Boundary of the TOE SQL Server 2008 is able to run multiple instances of the database engine on one machine. After installation one default instance exists. However the administrator is able to add more instances of SQL Server 2008 to the same machine. The TOE comprises one instance of SQL Server 2008. Within this ST it is referenced either as “the TOE” or as “instance”. The machine the instances are running on is referenced as “server” or “DBMS-server”.
No comments:
Post a Comment