Академический Документы
Профессиональный Документы
Культура Документы
messaging systems
Version
1.3
Date
Author (s)
ali ayoub
Certification ID
BSI-PP-0015
Sponsor
TNO-ITSEF BV
File name
Profile
No of pages
Document information
Date of issue
Author(s)
Version number report
Certification ID
Scheme
Sponsor
Sponsor address
Evaluation Lab
Evaluation Lab address
SRC
Project leader
Target of Evaluation (TOE)
TOE reference name
CC-EAL number
Classification
Report title
systems
Report reference name
Document history
Version
Date
Comment
0.1
0.2
0.3
0.4
1.0
27-Jan-04
01-Feb-04
27-Feb-04
8-Apr-04
13-Apr-04
Initial version
Initial review comments included
Strengthened compliance with CCv2.4
Added results from 6/7 April meeting
Added BSI comments
1.1
1.2
1.3
14-Apr-04
26 Apr 04
6 Apr 05
1. PP Introduction
1.1 PP Reference
This is the Low Assurance Protection Profile for an instant messaging systems 1.3, TNO-ITSEF
BV, 6th April 2015
The LDAP server provides user entries for authentication and lookup.
The clients download the Instant Messaging resources from either a
web server or Application Server
Clients always connect to the Instant Messaging server through an
Instant Messaging multiplexor.
End user accesses the Instant Messenger applet URL from a browser
and chooses a method to invoke the client.
2.
The browser invokes Java Web Start or the Java plugin.
3.
Java Web Start or the Java plugin downloads the necessary Instant
Messenger resource files and starts Instant Messenger.
4.
The login window appears and the end user enters the login name and
password. The login data is sent to the Instant Messaging server through the
multiplexor.
5.
The Instant Messaging server communicates with the LDAP server to
authenticate the end user and to request end-user information, such as
contact lists or subscriptions.
When the end-user authentication is complete, the Instant Messaging main
window appears, displaying the contact list for the end user. The end user
can now start and participate in Instant Messaging sessions with the other
.end users
The LDAP server provides user entries for authentication and lookup.
Here is some TOE systems that are designed to be used within a private corporate
network. These systems are generally client-server based (with one exception), have
various feature sets, and are priced by client, by server, both, or - in one case - free.
Bopup has many of the same features as BigAnt, but it stops short at voice and
video. It is capable of bulletin communications, Active Directory imports, file
transfer and distribution, and they advertise that the client software works well
with Citrix and Terminal Server environments. Again, message archiving is
available for regulatory purposes. Bopup costs $190 for the server and $12.90 for
each concurrent connection, with the client pricing reducing at certain quantities.
Bopup also has a special offer for small businesses purchasing 10-20 client
licenses: the server software is free
DBabble -3
DBabble has one of the smallest feature sets of the software on this list (one-onone and group chat) but it is also highly customizable and configurable. System
administrators are able to change nearly every piece of text on either the web or
Windows client and insert images in designated spots, such as logos and even
advertisement. DBabble has the capability of creating groups for IT support where
the user is randomly assigned to an available support person for one-on-one chat.
DBabble servers are capable of being configured in a master-slave architecture, but
with an alleged capability of 10 million user databases and 10,000+ concurrent
users per server, it's probably not something most admins will use. The DBabble
server is available for Windows, Mac, and many versions of Linux and UNIX, and
the web client only requires a browser with JavaScript 1.1. Pricing is per-server at
.$485
Winpopup LAN messenger is the only selection on this list where the server
software is optional; the client is capable of either client-server or peer-to-peer
communications. However, given the fact that the server software is free, there's
no reason to limit yourself to peer-to-peer communications unless you simply do
not have a machine to put it on. Because of this simplicity, Winpopup LAN
Messenger simply does not have a deep feature set either. It is limited to group and
one-on-one chat. Winpopup LAN Messenger is free for up to three users and then
.costs $14.95 per license - again, like the others, with diminishing cost breakpoints
Conformance claims .2
2.1 Conformance claim
This Protection
Profile:
Claims
conformance
to CC version
2.4 release
256 and
v2.4Draft
Interpretation1
#1-#17
Subjects 3.2
A human that uses S.IN_SERVER
S.HOST
S.ADMIN
S.IN_SERVER or S.OUT_SERVER
S.SERVER
S.IN_SERVER
S.OUT_SERVER
Operations 3.3
:The operations that are performed by the TOE are
S.SERVER connecting to S.HOST
R.CONNECT
R.GET_VMAIL
R.DEL_VMAIL
R.GET_RESOURCE
R.DEL_RESOURCE
Objects 3.4
TSF data: a relation representing the allowed
D.ALLOWLIST
OE.LDAP SERVER
OE.NETWORK
OE.NW_FEATURES
and SERVER
Security Requirements .5
Extended components definition 5.1
As this PP does not contain extended security requirements, there are no extended
.components
5.2 SFRs
The SFRs are grouped for easy understanding:
Storing and retrieving voicemail
Managing servers
Identifying users
Logging and auditing
Self-protection
5.2.5 Self-protection
FPT_SEP.1 TSF domain separation
FPT_SEP.1.1
The TSF shall maintain a security domain for its own execution that
protects it from interference and tampering by untrusted subjects.
FPT_SEP.1.2 The TSF shall enforce separation between the security
domains of
subjects in the TSC.
5.3 SARs
The SARs for this PP are the package EAL 1 with one refinement in
AGD_USR.1.3:
AGD_USR.1.3C