Summary: The project provides a framework which will not export any out of the box protocols or open any network connections. The clients of the framework (such as iSCSI port provider) might open connections on the network and implement iSCSI protocols. The security of those clients will be addressed in their respective ARC cases. 1. Are there any security requirements documented for this project? [X] No a. What security issues are being addressed or potentially introduced by your project. None. The project will use RBAC to implement security. 2. For each service that is created, installed, used, or depended upon, describe, how it is compliant with the Install-Time Security Policy ( http://sac/cgi-bin/bp.cgi?NAME=ITS.bp and/or http://www.opensolaris.org/os/community/arc/policies/ITS/ a. Specifically, how does each outbound service meet the protection requirements using: SVC1, SVC2, or SVC[3,4] including how OUT[1-3] protection is enforced. Compliant with SVC2 b. Specifically, how does each inbound service meet the protection requirements using: SVC1, SVC2, or SVC[3,4] including how IN[1,2] protection is enforced. Compliant with SVC2 c. How are the other aspects of the policy met ( e.g., warning to the administration about install options which are non-compliant) N/A d. Also, list the service/application to which this project will communicate and the mechanism used (if external network interfaces are used, or the connection uses purely local interconnects, and if IP based list static/dynamic ports used) None 3. Describe how to disable each service from your project and the side effects (e.g. dependencies) of doing so. Service can be disabled using svcadm command. After the service is disabled, The initiators on the SAN will see the target ports going offline. 4. For each service, discuss how it protects its communications from: theft, replay, content change and user impersonation within the following sub-sections: a. Does your service make decisions based on user, host or service identities? [X] No b. Does your project make decisions about whether a requestor may access a particular resource? [X] No c. Does your project protect its communications from passive listeners on the network? [X] No Explain why not. These communications will be handled by individual port providers and not by the framework. d. Describe how host and network-based access control are provided (e.g., this could be provided through technologies such as host-based firewalls/IPsec or application-level controls such as TCP Wrappers). Same as answer 'c' above. e. Does your service protect the integrity of its communications over the network? [X] No Explain why not. Same as answer 'c' above. f. Describe how network communication is protected against replay attacks in which a partial record of an earlier network exchange is replayed N/A g. Describe how your network communications could be exploited by a denial of service (DoS) attack. (For instance, what resources are allocated during session setup before the requestor has been authenticated) N/A 5. For each network (e.g., RPC over IP, TCP/IP, Serial, etc.) used by a project describe the following: a. describe the protocol stack being used N/A b. describe what information will flow and/or be made available over this network connection N/A 6. Does this project use secret information (e.g. passwords, passphrases, PINs or equivalent authenticators) during authentication and/or authorization? [X] No 7. Describe how the project uses the file system in a way that is compliant with the FILE SYSTEM GUIDANCE section of the Install-Time Security Policy (see above) for cases other than storage of secret information (previous question). N/A 8. Does a non-privileged (e.g., not having access equivalent to uid 0 on pre-RBAC/Least Privilege OEs) user have access to all project functionality? [X] No a. Describe how/where authentication and authorization checks are done. The CLI and the library will use RBAC access control. b. List the roles, rights, and authorizations needed to access the functionality included in this project. TBD c. Does your project perform authorization checking itself or does it use another component? If itself, explain how this occurs and why this project has its own authorization system. See above. 9. Except for networking (discussed above), does this project use cryptography for any purpose? [X] No 10. Is any privileged user or group account (e.g., suid root, or other privileged setting mechanism) software part of your project? [X] No 11. Are any log, error, FMA, or audit events generated? Note - this question applies to all auditing mechanisms, whether implemented in Solaris auditing, J2SEs logging facility, or Windows event logging [X] Yes a. List all security error events that may be generated and their causes. The project will generate error and informative events, such as FMA events and events related to registration and deregistration of providers. The project will not grnerate any security error events. b. Will this project generate any audit records? [X] No 12. Will the project undergo a security evaluation/certification by itself or as part of a larger product (e.g. Solaris releases are certified against the Common Criteria's CAPP at EAL4)? [X] No 13. How does the project provide for failsafe defaults such that the security is not compromised? (For example, how does the project ensure that the security of the product isn't compromised by corrupted or missing configuration files) Service will not be enabled unless a valid configuration is loaded. If service is enabled with an empty configuration, nothing will get exported out of any target ports.