- Product Name :
- uCosminexus Application Server
- Version of TOE :
- 08-00
- Product Type :
- Application Server
- Certification No. :
- C0234
- Date :
- 2009-08-21
- Version of Common Criteria:
- 3.1
- Conformance Claim :
- EAL2 Augmented with ALC_FLR.1
- PP Identifier :
- None
- Vendor :
- Hitachi, Ltd.
-
- POC :
- Yoshitsugu Ueyama
- Division :
- Hitachi, Ltd., Software Division
Application Platform Software
Application Deployment Department
- Phone :
- +81-45-862-8571
- E-mail :
- Evaluation Facility :
- Mizuho Information & Research Institute, Inc.
Center for Evaluation of Information Security
PRODUCT DESCRIPTION
Description of TOE
TOE is a Web application server software product that is a J2EE(TM) (Java(TM) 2 Platform, Enterprise Edition)-compliant.
TOE provides runtime and management environments.
The product, that includes TOE, is mainly consist of Web container and EJB(TM) container that is Java 2 Platform, Enterprise Edition 1.4 compatible platform. And it also includes various software to execute and manage J2EE-compliant Java applications. It improves availability and reliability of the business application system, and provides several functions in order to manage business application system efficiently.
TOE security functionality
Security functions provided by TOE are as follows:
| - | User identification and authentication | |
| This function uses user ID and password for user identification and authentication. | ||
| - | Access control | |
| This function provides access control for both Web and EJB container objects by using authenticated user information. | ||
| - | Security management | |
| This function manages information of user identification and authentication, access control information, and access control permitted to an application. | ||
Security functional requirements
This TOE implements the following security functional requirements.
| Security audit | Non-repudiation of origin/receipt | Cryptographic functionality | Access control |
| Data authentication | Export data protection | Information flow control | Import data protection |
| Internal transfer data protection | Residual information protection | Rollback | Stored data integrity |
| Transfer data confidentiality | Transfer data integrity | Identification and authentication | Security management |
| Privacy Control | Security functionality protection | Resource utilisation management | TOE access control |
| Trusted path/channels |