Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GB/T 30284-2020 English PDF

Q: How long will the true-PDF of English version of GB/T 30284-2020 be delivered?

Upon your order, we will start to translate GB/T 30284-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.

Q: Can I share the purchased PDF of GB/T 30284-2020_English with my colleagues?

Yes. The purchased PDF of GB/T 30284-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Q: Does the price include tax/VAT?

Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries). Avoidance of Double Taxation Agreements (DTAs) between Singapore and 100+ Countries: https://www.iras.gov.sg/taxes/international-tax

Q: Do you accept my currency other than USD?

Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

Q: Should I purchase the latest version GB/T 30284-2020?

Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 30284-2020 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.

US$909.00 · In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 30284-2020: Information security techniques - Security technical requirements for operating system on smart mobile terminal
Status: Valid

GB/T 30284: Historical versions

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
GB/T 30284-2020	909	Add to Cart	7 days	Information security techniques - Security technical requirements for operating system on smart mobile terminal	Valid
GB/T 30284-2013	RFQ	ASK	7 days	Technical requirements of security for operating system in smart mobile terminal (EAL2)	Obsolete

Similar standards

GB/T 30276 GB/T 30279 GB/T 31168 GB/T 30278 GB/T 30282

Basic data

Standard ID: GB/T 30284-2020 (GB/T30284-2020)
Description (Translated English): Information security techniques - Security technical requirements for operating system on smart mobile terminal
Sector / Industry: National Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.040
Word Count Estimation: 49,479
Date of Issue: 2020-04-28
Date of Implementation: 2020-11-01
Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration

GB/T 30284-2020: Information security techniques - Security technical requirements for operating system on smart mobile terminal

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security techniques - Security technical requirements for operating system on smart mobile terminal ICS 35.040 L80 National Standards of People's Republic of China Replace GB/T 30284-2013 Information security technology mobile communication intelligent terminal Operating system security technical requirements 2020-04-28 released 2020-11-01 implementation State Administration for Market Regulation Issued by the National Standardization Management Committee

Preface Ⅲ 1 Scope 1 2 Normative references 1 3 Terms, definitions and abbreviations 1 3.1 Terms and definitions 1 3.2 Abbreviations 2 4 Overview 3 4.1 Description of mobile terminal operating system 3 4.2 Mobile terminal operating system security features 3 5 Definition of security issues 4 5.1 Asset 4 5.2 Security Threat 4 5.3 Organizational Security Strategy 5 5.4 Assumption 5 6 Security purpose 5 6.1 Security purpose of mobile terminal operating system 5 6.2 Environmental safety purpose 6 7 Safety requirements 7 7.1 Safety function requirements 7 7.2 Safety assurance requirements 19 8 Basic principles 34 8.1 Basic Principles for Security Purposes 34 8.2 Basic principles of safety requirements 37 8.3 Component dependencies 41 Reference 45 Information security technology mobile communication intelligent terminal Operating system security technical requirements

1 Scope

This standard specifies the security function requirements of the operating system of mobile communication smart terminals (hereinafter referred to as mobile terminals) and meets EAL2. EAL3 and EAL4 guarantee level security requirements. This standard applies to the design, development, testing and procurement of mobile terminal operating system products.

2 Normative references

The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article Pieces. For undated references, the latest version (including all amendments) applies to this document. GB/T 18336.1-2015 Information Technology Security Technology Information Technology Security Assessment Criteria Part 1.Introduction and General Model GB/T 18336.2-2015 Information Technology Security Technology Information Technology Security Evaluation Criteria Part 2.Security Function Components GB/T 18336.3-2015 Information Technology Security Technology Information Technology Security Evaluation Criteria Part 3.Security Assurance Components GB/T 25069-2010 Information Security Technical Terms 3 Terms, definitions and abbreviations 3.1 Terms and definitions The following terms and definitions defined in GB/T 18336.1-2015 and GB/T 25069-2010 apply to this document. 3.1.1 administrator An authorized user has the authority to manage some or all of the mobile terminal operating system security functions, and can also have the bypass part of the mobile The privilege of the terminal operating system security policy. 3.1.2 application In addition to the mobile terminal operating system, software that provides users with service functions. 3.1.3 Identification data Information used to verify the user's claimed identity. 3.1.4 Authorized user A user who can perform an operation according to a security policy.

4 overview

4.1 Description of mobile terminal operating system The mobile terminal operating system is the system software running on the smart mobile terminal. It is a component of the smart mobile terminal and is used for control, Manage the hardware, software and firmware on the mobile terminal, provide user operation interface and application software programming interface (API). The mobile terminal operating system should have the following characteristics. a) Run on a smart mobile terminal; b) Support multiple user roles; c) Support application software installation; d) Application software accesses data, sensors and wireless communication resources through the operating system; e) Support network communication based on Internet protocol; f) It can work with remote information system. 4.2 Security Features of Mobile Terminal Operating System The threats that mobile terminal operating systems need to resist mainly come from unauthorized users’ access, authorized users’ malicious access, and malicious application software. Access to files and access to unauthorized entities on the Internet, etc. When the mobile terminal loses physical protection, it may be maliciously accessed by unauthorized users. Therefore, the mobile terminal operating system should use session establishment, The functions of session locking, session unlocking, data backup, backup data protection, anti-loss and other functions deal with such threats and prevent the leakage and loss of user data. The operating system of the mobile terminal should be divided into security roles to give the mobile terminal the access authorization management function for user data and communication resources. End authorized user. Mobile terminal operating system can choose to assign complex security management functions to professional technology in remote trusted information systems Users, in order to realize the management of the mobile terminal by the remote trusted information system. Authorized users of mobile terminals may have bypass or partial bypass. The privileges of the security mechanism of the terminal operating system should be restricted by dividing the roles of authorized users, and the operation of authorized users should be audited. Record and track actions. The mobile terminal operating system should have security features such as data transmission protection and integrity verification to maintain the relationship with the application software liability guarantor The chain of trust delivery to resist the installation of malicious software. At the same time, mobile terminal operating systems should restrict application software by implementing access control strategies. The access authority of the software makes the application software's access to user data, communication resources, and sensors covered by the access control strategy. The mobile terminal operating system should implement information flow control strategies for IP network information, and filter unidentifiable and unauthorized IP network data The package protects the mobile terminal's bandwidth resources, call charges and power supply energy. The mobile terminal operating system and its security functions should also be protected, and the mobile terminal security architecture should ensure that the mobile terminal operating system Free from interference and destruction by untrusted users and untrusted subjects. The realization of some security functions of the mobile terminal operating system should also be supported by cryptographic services. These security functions include. identification and authentication Do not, trusted channel, etc. The security functions that the mobile terminal operating system should have are as follows. a) Uniquely identify users, applications, processes, etc.; b) Authenticate users and remote IT entities; c) Implement access control and network information flow control strategies; d) Implement application software restriction strategies; e) Implement equipment security management, that is, have configurable security and management strategies to realize the security of remote trusted information systems on mobile terminals Full management; f) Perform access authorization management, that is, the administrator can initialize, configure, and modify the access rights of the application software as needed; g) Auditing user behavior; h) Provide password support.

5 Definition of security issues

5.1 Assets Assets that should be protected. ---TSF data (such as authentication data, security attributes, access control lists, security configuration data, etc.); ---User data (such as user identification, location information, account information, communication records, address book, etc.); ---Sensitive resources (including communication resources, peripheral resources, such as cameras, position sensors, etc.). Note. ST authors should refine the description of assets according to specific application conditions. 5.2 Security threats 5.2.1 Data Transmission Eavesdropping (T.EAVESDROP) Malicious users or processes may monitor or modify mobile terminal operating systems or between mobile terminal operating systems and remote trusted IT products. User data or TSF data transferred between products. 5.2.2 Safety function failure (T.TSF_COMPROMISE) Malicious users or processes illegally browse, modify or delete TSF data or executable code through attack means. This may allow malicious use The user or process obtains the configuration information of the mobile terminal operating system, or it may cause the security function of the mobile terminal operating system to affect data assets. The protected security mechanism no longer works properly. 5.2.3 Malicious behavior of authorized users (T.ACCESS_MALICIOUS) Authorized users incorrectly configure the mobile terminal operating system due to weak security awareness or misuse, or authorized users maliciously use The authority carries out illegal operations, which threatens the safety of mobile terminals. 5.2.4 Unauthorized network traffic (T.UNAUTHORIZED_NETFLOW) Unauthorized external IT entities send network data to the mobile terminal operating system or receive network data transmitted via the mobile terminal operating system data. 5.2.5 Use of residual information (T.RESIDUAL_DATA) Malicious users or processes may take advantage of the flaws in the processing of residual information in the mobile terminal operating system, and in the execution process Information is used to obtain sensitive information or abuse the security functions of the mobile terminal operating system. 5.2.6 Malware (T.MALICIOUSAPP) Malware may access user data and sensitive system resources by disguising as an authorized application or process. 5.2.7 Unauthorized access (T.UNAUTHORIZED_ACCESS) Unauthorized users or processes access the safety function data and user data of the mobile terminal operating system, and The data is maliciously manipulated. 5.2.8 Replay Attack (T.REPLAY) Unauthorized users use the intercepted authorized user information and resubmit it to the mobile terminal operating system to impersonate authorized users to access mobile The functions and data of the terminal operating system. 5.2.9 Session fraud (T.UNATTENDED_SESSION) Unauthorized users can use unused sessions to impersonate authorized users to threaten the functions and data of the mobile terminal operating system. 5.2.10 Device lost (T.LOST) When the physical equipment running on the mobile terminal operating system is sold, exchanged, or lost, unauthorized users can attack Obtain authorized user data. 5.3 Organizational Security Policy The organization shall provide a password strategy for the encrypted storage of sensitive data and communication functions for the mobile terminal operating system. 5.4 Assumption 5.4.1 Physical Security (A.PHYSICAL) It is assumed that the operating environment on which the mobile terminal operating system depends can provide the physical security required for the safe operation of the mobile terminal operating system protection. 5.4.2 Personnel (A.PERSONNEL) Assuming that legitimate users of the mobile terminal operating system can manage the security functions of the mobile terminal operating system in accordance with the There is no malicious attempt to destroy the mobile terminal operating system. 5.4.3 Remote equipment security (A.REMOTE) It is assumed that the remote IT equipment and application equipment used to manage the mobile terminal operating system are safe.

6 Security purpose

6.1 Security purpose of mobile terminal operating system 6.1.1 Event Audit (O.AUDIT) The mobile terminal operating system should record security-related events, protect the recorded events and allow only authorized users to view them. The mobile terminal operating system should ensure that the audit trail is full without affecting the execution of the audit function and other security functions. 6.1.2 Identity Authentication (O.AUTH) The mobile terminal operating system should provide a mechanism for identifying the user’s identity, Identification and identification. The mobile terminal operating system should only provide limited authentication feedback information, and the authentication fails a certain number of times Limit the user's authentication behavior in a few hours. 6.1.3 Data encryption (O.ENCRYPT) The mobile terminal operating system should provide encryption and decryption mechanisms to ensure that the mobile terminal operating system can take encryption measures for the data it protects. 6.1.4 Clear residual information (O.RESIDUAL_INFO) The mobile terminal operating system should ensure that important data will be deleted or safely processed after use, and will not leave attackers Use residual data information. 6.1.5 Trusted channel (O.TRUSTED_CHANNEL) The mobile terminal operating system should provide the ability to submit data to remote trusted IT products through a protected channel, and also provide The protected network channel is used by the application. 6.1.6 Network data flow control (O.NETWORK_FLOW) The mobile terminal operating system should provide basic network protection capabilities to prevent known malicious network attacks. Mobile terminal operating system The system should control the IP network data and mobile communication network data transmission between the IT entity in the mobile terminal operating system and the external IT entity. lose. The rules governing the transmission of these data by the mobile terminal operating system can only be changed by authorized users. 6.1.7 Access Control (O.ACCESS_CONTROL) The mobile terminal operating system should provide an access control mechanism to prevent important data, processes and resources of the mobile terminal operating system from being unauthorized In case of being accessed, modified or deleted. 6.1.8 Session Management (O.SESSION_MANAGEMENT) The operating system of the mobile terminal should temporarily suspend user sessions that are not in use, and resume the temporary session only after re-authenticating the user identity. Stopped user sessions. 6.1.9 Resource Limit (O.RESOURCE_QUOTA) The mobile terminal operating system should provide a control mechanism for the use of mobile terminal operating system resources to prevent application errors or malicious actions. In order to consume resources without restriction, the system resources are exhausted. 6.1.10 Data rollback (O.ROLLBACK) The mobile terminal operating system should provide the function of backup and rollback of the user's key data to ensure that the user data can return to a backed up state. state. This behavior requires authorized users, and the security of user data should be guaranteed. 6.1.11 Security Management (O.MANAGE) The mobile terminal operating system should divide different user roles to manage the mobile terminal operating system, and restrict the permissions granted by the role. Prevent abuse of authorized users' permissions. 6.1.12 Trusted time (O.TIME) The mobile terminal operating system should provide the function of setting or obtaining trusted time, and ensure that the system time is set by authorized users or from Reliable clock source synchronization is obtained. 6.1.13 Loss Protection (O.LOST_PROTECT) The mobile terminal operating system should provide a loss protection mechanism. Ensure that authorized users are sensitive to user data in the case of physical terminal loss control. 6.2 Environmental safety purpose 6.2.1 Physical Security (OE.PHYSICAL) The operating environment of the mobile terminal operating system can provide the physical security protection required for operating the operating system. a) Turn on and turn off the audit function; b) All auditable events related to the minimum audit level; c) Auditable events include [assignment. other auditable events that affect the operating status of the mobile terminal operating system]. FAU_GEN.1.2 TSF shall record at least the following information in each audit record. a) The date and time of the event, the type of event, the identity of the subject, and the result of the event; b) For each audit event type, based on the auditable event definition of functional components in ST, [assignment. other audit-related information]. 7.1.2.2 User Identity Association (FAU_GEN.2) Subordinate. No other components. Dependency. FAU_GEN.1 audit data generation; FIA_UID.2 User ID before any action. FAU_GEN.2.1 For audit events generated by the actions of an identified user, TSF shall be able to associate each auditable event with The identity of the user who caused the event is associated. 7.1.2.3 Protected audit trail storage (FAU_STG.1) Subordinate. No other components. Dependency. FAU_GEN.1 audit data generation. FAU_STG.1.1 TSF should protect the stored audit records to avoid unauthorized deletion. FAU_STG.1.2 TSF should be able to prevent unauthorized modification of the audit records stored in the audit trail. 7.1.2.4 Prevent loss of audit data (FAU_STG.4) Subordinate to. FAU_STG.3 Behavior when audit data may be lost. Dependency. FAU_STG.1 protected audit trail storage. FAU_STG.4.1 If the audit trail is full, TSF should [Select, select one. Ignore auditable events, "Prevent auditable events, except Audit events generated by non-privileged authorized users", overwrite the earliest stored audit records] and [Assignment. Audit storage failure Other actions taken]. 7.1.3 Password support (FCS type) 7.1.3.1 Key generation (FCS_CKM.1) Subordinate. No other components. Dependency. FCS_COP.1 key operation; FCS_CKM.4 key destruction. FCS_CKM.1.1 TSF shall comply with the following standards [assignment. password management related standards or regulations required by the country, industry or organization Fan] a specific key generation algorithm [assignment. key generation algorithm] and a specified key length [assignment. key length] to generate the key. Note. If the key is generated by an external environment, this component may not be selected. This component is only applicable to the situation that is completed by the mobile terminal operating system itself. ST authors should assign relevant standards and parameters recognized by the competent department of the user unit of the evaluation object according to the specific conditions of the cryptographic algorithm. 7.1.3.2 Cryptographic operation (FCS_COP.1) Subordinate. No other components. Dependency. (FDP_ITC.1 User data input without security attributes, or FCS_CKM.1 key generation]; FCS_CKM.4 key destruction. FCS_COP.1.1 TSF shall comply with the following standards [assignment. password management related standards or regulations required by the country, industry or organization Fan] specific cryptographic algorithm [assignment. cryptographic algorithm] and key length [assignment. key length] to execute [assignment. cryptographic operation list]. Note. Cryptography can be used to support the security services of one or more mobile terminal operating systems. This component can be repeated......

Image

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 30284-2020_English be delivered?

Answer: Upon your order, we will start to translate GB/T 30284-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 30284-2020_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 30284-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

Question 5: Should I purchase the latest version GB/T 30284-2020?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 30284-2020 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.