Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP .
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security TargetVertiv Secure KVM Models SC845DP,SC945DP, SC945XP, SCM145DP, SCM185DP,SC885DP, SC985DP, SCM185 v33303-C6C6Security TargetRelease Date:March 1st 2019Document ID:HDC15954Revision:GPrepared By:Stan SlayPage 1
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security TargetContents1Introduction . 61.1Document Organization . 61.2ST and TOE Identification . 71.3PP Identification . 71.4Document Terminology . 71.4.1ST Specific Terminology . 81.4.2Acronyms . 91.51.5.1TOE Description. 111.5.2High Level TOE Architecture . 121.5.3KVMs TOE Details . 141.623Physical Scope and Boundary . 231.6.1Overview . 231.6.2Evaluated Environment . 231.7Guidance Documents . 241.8TOE Features Outside of Evaluation Scope . 241.9Document Conventions . 26Conformance Claims . 272.1Common Criteria Conformance Claims. 272.2Protection Profile (PP) Claims . 272.3Package Claims . 28Security Problem Definition . 293.1Secure Usage Assumptions . 293.2Threats . 293.2.1Threats Addressed by the TOE . 303.2.2Threats addressed by the IT Operating Environment . 313.34TOE Overview . 11Organizational Security Policies . 31Security Objectives . 324.1Security Objectives for the TOE . 32Page 2
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security Target4.2Security Objectives for the Operational Environment. 364.3Rationale . 384.3.1TOE Security Objectives Rationale . 414.3.2Security Objectives Rationale for the Operational Environment . 564.456Rationale for Organizational Policy Coverage. 57Extended Components Definition . 585.1Family FTA CIN EXT: Continuous Indications . 585.2Class FTA ATH EXT: User Authentication Device Reset and Termination . 59Security Requirements . 616.1Security Functional Requirements for the TOE. 616.1.1Overview . 616.1.2Class: User Data Protection (FDP) . 626.1.3Data Isolation Requirements . 656.1.4Class: Protection of the TSF (FPT) . 706.1.4.1Passive Detection . 706.1.5Resistance to Physical Attack . 706.1.6TOE Access (FTA CIN EXT) . 726.1.7F.1.2 Class: Security Audit (FAU) . 726.1.8F.1.3 Class: Identification and authentication (FIA) . 736.1.9F.2.1 Class: Security Management (FMT) . 736.1.10G.1 - Class FTA ATH EXT: User Authentication Device Reset and Termination . 756.2Rationale For TOE Security Requirements . 766.2.16.3Rationale for IT Security Requirement Dependencies . 866.4Dependencies Not Met . 876.4.1FMT MSA.3 - Static attribute initialization . 876.4.2FMT MSA.3(1) and FMT MSA.3(3) - Static attribute initialization . 876.57TOE Security Functional Requirements Tracing & Rationale . 76Security Assurance Requirements . 88TOE Summary Specification . 897.1TOE keyboard and mouse security functions . 897.2TOE external interface security functions. 91Page 3
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security Target7.3TOE Audio Subsystem security functions. 937.4TOE video subsystem security functions . 947.5TOE User authentication device subsystem security functions . 997.6TOE User control and monitoring security functions . 1017.7TOE Tampering protection . 1027.8TOE Self-testing and Log . 1037.9The TOE Administrator Access mechanism . 105Annex A – Vertiv Model Numbering . 106Annex B – Tests to Specific TOE models mapping . 107Annex C – Letter of Volatility . 109Annex D – Letter of Declaration – Spectre / Meltdown Vulnerability. 111Annex E – Tamper Evident Label . 112Table of FiguresFigure 1 – Simplified block-diagram of 2-Port KVM TOE . 12Figure 2 – Typical example of KVM TOE installation . 13Figure 3 - Secure KVM Switch TOE external interfaces diagram . 18Figure 4 – Dual-Head or Mini-Matrix Secure KVM Switch TOE external interfaces diagram . 20Figure 5 - FTA CIN EXT.1: Continuous Indications. 59Figure 6 - FTA ATH EXT: User authentication device reset and termination . 60Figure 7 – Simplified block diagram of 2-Port KVM TOE. 89Figure 8 – Block diagram of KVM TOE video sub-system during display EDID read . 96Figure 9 – Block diagram of KVM TOE video sub-system during display EDID write . 97Figure 10 – Block diagram of KVM TOE video sub-system during normal mode . 98Figure 11 – Vertiv Secure products model numbering . 106Page 4
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security TargetList of TablesTable 1 – ST identification. 7Table 2 - ST Specific Terminology . 9Table 3 - Acronyms. 11Table 4 – Secure KVM and Matrix TOE identification . 14Table 5 – Peripheral Devices supported by the KVM TOE . 15Table 6 – Protocols supported by the KVM TOE Console Ports . 16Table 7 – Protocols supported by the KVM TOE Computer Ports . 17Table 8 – KVM TOE features and services. 21Table 9 - Evaluated TOE and Environment Components . 24Table 10 – Secure usage assumptions . 29Table 11 – Threats addressed by the TOEs . 31Table 12 - TOE Security Objectives definitions (derived from the PP) . 36Table 13 - Operational Environment Security Objectives (from the PP) . 37Table 14 - Sufficiency of Security Objectives . 39Table 15 – TOE Security Objectives rationale . 55Table 16 – Operational Environment Security Objectives rationale . 57Table 17 - Extended SFR Components . 58Table 18 - TOE Security Functional Requirements summary. 62Table 19 - SFR and Security Objectives Mapping with TOE compliance requirements . 77Table 20 - Objective to SFRs Rationale . 85Table 21 - SFR Dependencies satisfied. 87Table 22 - SAR list . 88Table 23 - Authorized peripheral devices (derived from referenced PP table 12) . 93Table 24 - PP Tests to Test Setups . 108Page 5
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security Target1IntroductionThis section identifies the Security Target (ST), Target of Evaluation (TOE), conformance claims, STorganization, document conventions, and terminology. It also includes an overview of the evaluatedproduct.An ST principally defines: A security problem expressed as a set of assumptions about the security aspects of theenvironment; a list of threats which the product is intended to counter; and any known ruleswith which the product must comply (in Chapter 3, Security Problem Definition).A set of security objectives and a set of security requirements to address that problem (inChapters 4 and 5, Security Objectives and IT Security Requirements, respectively).The IT security functions provided by the Target of Evaluation (TOE) that meet the set ofrequirements (in Chapter 6, TOE Summary Specification).The structure and content of this ST complies with the requirements specified in the Common Criteria(CC), Part 1, Annex A, and Part 3, Chapter 6.1.1 Document OrganizationSecurity Target Introduction (Section 1)Section 1 provides identification of the TOE and ST, an overview of the TOE, an overview of the contentof the ST, document conventions, and relevant terminology. The introduction also provides a descriptionof the TOE security functions as well as the physical and logical boundaries for the TOE, the hardwareand software that make up the TOE, and the physical and logical boundaries of the TOE.Conformance Claims (Section 2)Section 2 provides applicable Common Criteria (CC) conformance claims, Protection Profile (PP)conformance claims and Assurance Package conformance claims.Security Problem Definition (Section 3)Section 3 describes the threats, organizational security policies, and assumptions pertaining to the TOEand the TOE environment.Security Objectives (Section 4)Section 4 identifies the security objectives for the TOE and its supporting environment as well as arationale describing how objectives are sufficient to counter the threats identified for the TOE.Extended Components Definition (Section 5)Page 6
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security TargetSection 5 presents the components needed for the ST but not present in Part II or Part III of theCommon Criteria Standard.Security Requirements (Section 6)Section 6 presents the Security Functional Requirements (SFRs) met by the TOE, and the securityfunctional requirements rationale. In addition, this section presents Security Assurance Requirements(SARs) met by the TOE, as well as the assurance requirements rationale.Summary Specification (Section 7)This section describes the security functions provided by the TOE and how they satisfy the securityfunctional requirements. It also describes the security assurance measures for the TOE and the rationalefor the assurance measures.1.2 ST and TOE IdentificationThis section provides information needed to identify and control this ST and its Target of Evaluation(TOE), the TOE Name.ST TitleVertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP,SCM185DP, SC885DP, SC985DP, SCM185 v33303-C6C6 Security TargetST Evaluation byEWA CanadaRevision NumberGST Publish DateMarch 1st 2019ST AuthorsStan SlayTOE IdentificationSee tables 2 belowKeywordsKVM, Secure, Vertiv, Protection Profile 3.0, Mini-Matrix, DisplayPortTable 1 – ST identification1.3 PP IdentificationValidated Protection Profile – NIAP Peripheral Sharing Switch for Human Interface Devices ProtectionProfile, Version 3.0, February 13, 2015.1.4 Document TerminologyPlease refer to CC Part 1 Section 4 for definitions of commonly used CC terms.Page 7
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security Target1.4.1 ST Specific TerminologyAdministratorA person who administers (e.g. installs, configures, updates, maintains) asystem of device(s) and connections.Configurable DeviceFiltration (CDF)PSS function that qualifies (accepts or rejects) peripheral devices based onfield configurable parameters.Connected ComputerA computing device (platform) connected to the PSS. May be a personalcomputer, server, tablet or any other computing device with userinteraction interfaces.ConnectionEnables devices to interact through respective interfaces. It may consist ofone or more physical (e.g. a cable) and/or logical (e.g. a protocol)components.DeviceAn information technology product with which actors (persons or devices)interact.DisplayA Human Interface Device (HID), such as a monitor or touchscreen, whichdisplays user data.External EntityAn entity outside the TOE evaluated system, its connected computers andits connected peripheral devices.Fixed DeviceFiltration (FDF)PSS function that qualifies (accepts or rejects) peripheral devices based onfixed parameters.Human InterfaceDevice (HID)A device that allows for user input. For example, keyboard and mouse.InterfaceEnables interactions between actors.IsolatorA PSS with a single connected computer.KeyboardA Human Interface Device (HID) such as a keyboard, keypad or other textentry device.KMA PSS that switches only the keyboard and pointing device.Non-SelectedComputerA connected computer not currently selected by the PSS user.PeripheralA device that exposes an actor’s interface to another actor.Peripheral GroupAn ordered set of peripherals.Page 8
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security TargetPointing DeviceA Human Interface Device (HID), such as a mouse, track ball or touchscreen (including multi-touch).Remote DesktopController (RDC)Device connected to the TOE with a cable that enables remote user tocontrol and monitor the TOE.Selected ComputerA connected computer currently selected by the PSS user.UserA person or device that interacts with devices and connections.User AuthenticationDeviceA peripheral device used to authenticate the identity of the user, such as asmart-card reader, biometric authentication device or proximity cardreader.Video WallConsists of multiple computer monitors, video projectors, or television setstiled together contiguously or overlapped in order to form one largedisplay.Table 2 - ST Specific Terminology1.4.2 AcronymsAcronymMeaningAUXDisplayPort Auxiliary ChannelCACCommon Access CardCCIDChip Card Interface Device (USB Organization standard)CCTLCommon Criteria Test LabCDCCommunication Device ClassCODECCoder-DecoderdBvA measurement of voltages ratio – decibel voltDCDirect CurrentDPDisplayPortDVIDigital Visual InterfaceEDIDExtended Display Identification DataPage 9
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security TargetFDFFixed Device FiltrationHDMIHigh Definition Multimedia InterfaceHEACHDMI Ethernet Audio ControlHIDHuman Interface DeviceIPInternet ProtocolUSB Keep-Alive NAKtransactionUSB 2.0 standard handshake PID (1010B) – Receiving device cannotaccept data or transmitting device cannot send data.KMKeyboard, MouseKVMKeyboard, Video and MouseLEDLight-Emitting DiodeLoSLine-of-SightMCCSMonitor Control Command SetMHLMobile High-Definition LinkMSCMass Storage ClassmVmillivoltOSDOn-Screen DisplayPCPersonal ComputerPINPersonal Identification NumberPSSPeripheral Sharing SwitchS/PDIFSony/Philips Digital Interface FormatSPSpecial PublicationSPFShared Peripheral FunctionsTMDSTransition-Minimized Differential SignalingUARTUniversal Asynchronous Receiver / TransmitterPage 10
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security TargetUSBUniversal Serial BusVVoltVESAVideo Electronics Standards AssociationVGAVideo Graphics ArrayTable 3 - Acronyms1.5 TOE Overview1.5.1 TOE DescriptionThis section provides context for the TOE evaluation by identifying the logical and physical scope of theTOE.The TOE is a KVM switch device classified as a “Peripheral Sharing Switch” for Common Criteria. The TOEincludes both hardware and firmware components.It should be noted that modern Secure KVM devices do not allow any electrical interface peripheralsharing in order to prevent certain attacks, and therefore they are no longer simple switching devices.The TOE is a peripheral sharing switch.The physical boundary of the TOE consists of: One Vertiv Secure KVM Switch or KVM Matrix Switch;The firmware embedded inside the TOE that is permanently programmed into the TOE multiplemicrocontrollers;The TOE COMPUTER interface cables that are shipped with the product;The accompanying User Guidance. Updated User Guidance can be downloaded from thehttps://www.vertivco.com website at any time.The evaluated TOE configuration does not include any peripherals or computer components but doinclude supplied computer interface cables.Page 11
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security Target1.5.2 High Level TOE ArchitectureThe Vertiv Secure Peripheral Sharing Switches (PSS) allows the secure sharing of a single set ofperipheral components such as keyboard, Video Display and Mouse/Pointing devices among multiplecomputers through standard USB, HDMI, and DisplayPort interfaces.The Vertiv third-generation Secure PSS product uses multiple isolated microcontrollers (onemicrocontroller per connected computer) to emulate the connected peripherals in order to preventvarious methods of attacks such as: display signaling, keyboard signaling, power signaling etc. Figure 1below show a simplified block diagram of the TOE keyboard and mouse data path. Full-time HostEmulator (HE) communicates with the user keyboard through bi-directional protocols such as USB. HostEmulator converts the user key-strokes into unidirectional serial data. That unidirectional serial data ispassed through the data switch that selects between computer A and computer B based on the userchannel selection. Isolated Device Emulators (DE) are connected to the data switch on one side and totheir respective computers on the other side. Each key-stroke is converted by the selected DE into a bidirectional stream such as USB to communicate with the computer.The products are also equipped with multiple unidirectional flow forcing devices to assure adherence tothe organizational confidentiality policy through strict isolation of connected computers.Figure 1 – Simplified block-diagram of 2-Port KVM TOEThe Vertiv Secure PSS product lines are available in 2, 4 or 8 ports models with single or dual-head(displays). Products include traditional KVM switching devices, as well as KVM matrix products.Page 12
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security TargetThe Vertiv Secure PSS works with standard Personal Computers, portable computers, servers or thinclients. Connected computers usually running operating systems such as Windows or Linux and haveports for USB keyboard, USB mouse, DVI video, HDMI video, DisplayPort video, audio (input and output),and USB Common Access Card (CAC) or Smart-Card reader.The TOE is intended to be used in a range of security settings (i.e. computers coupled to a single TOE canvary from non-classified Internet connected to those protected in accordance with national securitypolicy). Any data leakage across the TOE may cause severe damage to the organization and thereforemust be prevented.Unlike older Secure PSS security schemes that mostly protected user information transitioning throughthe TOE, the modern approach primarily addresses the risk of TOE compromise through remote attacksto coupled networks which could leak any user information across different networks.A summary of the Vertiv Secure PSS security features can be found below. A detailed description of theTOE security features and how it is mapped to the claimed PP SFRs, can be found in Section 7, TOESummary Specification.Figure 2 – Typical example of KVM TOE installationPage 13
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security Target1.5.3 KVMs TOE Details1.5.3.1Evaluated KVM iversal 4P SH DP to DP Video Secure 4K 60Hz w/DPPSC945DPCGA15491Universal 4P DH DP to DP Video Secure 4K 60Hz w/DPPSC945XPCGA15492Universal 4P DH DP to DP/ DVI to DVI Video Secure 4K 60Hzw/DPPSCM145DPCGA15497Universal 4P DP to DP Video Secure Matrix 4K 30HzSCM185DPCGA15498Universal 8P DP to DP Video Secure MatrixSC885DPCGA16032Universal 8P DP to DP Video Secure KVM SwitchSC985DPCGA16033Universal 8P DH DP to DP Video Secure KVM SwitchSCM185CGA16035Universal 8P DVI to DVI Video Secure MatrixEval. ort33303-C6C633303-C6C633303-C6C633303-C6C6Table 4 – Secure KVM and Matrix TOE identificationNotes:(1) DPP Dedicated Peripheral Port (having Configurable Device Filtration - CDF).(2) SH Single Head, DH Dual Head.(3) Mini-matrix and Dual-head TOE are considered KVM.(4) All products listed above are having USB 1.0 / 2.0 interfaces for peripheral devices. The USBinterfaces support Low speed, Fast and high-speed USB protocols.(5) See Appendix A for details about VERTIV model numbering.1.5.3.2Common Criteria Product typeThe KVM TOE is a device classified as a “Peripheral Sharing Switch” for Common Criteria. The TOEincludes both hardware and firmware components.VERTIV KVM TOE is satisfying the referenced PP Annex B Use Case 1.1.5.3.3Peripheral Device Supported by the KVM TOEThe peripheral devices that supported by the KVM TOE are listed in the following table.Console PortAuthorized DevicesKeyboard1. Any wired keyboard and keypad without internal USB hub or composite device functions;Page 14
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security Target2. USB to PS/2 adapter; and3. Barcode reader.Mouse /Pointing device1. Any wired mouse, or trackball without internal USB hub or composite device functions.Audio out1.2.3.Analog amplified speakers;Analog headphones;Digital audio icationdevice1.2.3.4.5.Smartcard, CAC reader;Token;Biometric reader;Any other qualified device if PSS supports configurable user authentication device filtering.PSS internal function listed above.2. Touch-screen;3. Multi-touch or digitizer;Table 5 – Peripheral Devices supported by the KVM TOEPage 15
Vertiv Secure KVM Models SC845DP, SC945DP, SC945XP, SCM145DP, SCM185DP, SC885DP, SC985DP,SCM185 v33303-C6C6 Security Target1.5.3.4Protocols supported by the KVM TOEThe following table maps the TOE covered by this ST to the protocols supported.First
Human Interface Device (HID) A device that allows for user input. For example, keyboard and mouse. Interface Enables interactions between actors. Isolator A PSS with a single connected computer. Keyboard A Human Interface Device (HID) such as a keyboard, keypad or other text entry device. KM A PSS that switches only the keyboard and pointing .
Sep 06, 2011 · 2. Install the KVM Switch unit into the rack cabinet. Figure 9. DKVM-440 Front Panel D. Plug in the power adapter for each level Slave KVM Switch and connect Slave KVM switch to computers. E. The power on sequence should be: 1. Master KVM Switch 2. Second level Slave KVM Switch (connec
6 PUBLIC USE #NXPFTF KVM/QEMU Multicore Hardware Linux KVM App Virtual Machine 1 QEMU App OS Virtual Machine 2 QEMU App OS KVM/QEMU-open source virtualization technology based on the Linux kernel KVM is a Linux kernel module QEMU is a user space emulator that uses KVM for acceleration Run virtual machines alongside Linux applications No or minimal OS changes required
Apr 30, 2009 · KVM over IP User Manual Page 6 of 109 1. Product Overview 1.1 Introduction Opengear’s KVM-over-IP switch (referred to generically in this manual as the IP-KVM) redirects local keyboard,
Nov 08, 2013 · KVM cable. VGA PS2 KVM cable. VGA USB PS/2 KVM switch USB KVM switchwith DVI/VGA Adapter Note: Cabling options include either a VGA/USB, a VGA/PS2, or a DVI USB cable. Note: Please check cable details with your dealer. Caution :The Rackview LCD console drawer is hot-pluggable, but components of connected
The SV1108IPEXT/POW 1 Port Remote Control IP KVM Switch with Virtual Media lets you control a USB or PS/2 server remotely over a LAN or the Internet. The 1 port KVM over IP includes all necessary KVM cables, and offers KVM control from the BIOS-level onward. Reboot
The XL1708 VGA 17” LCD KVM console is a control unit that allows access to multiple computers from an USB or PS/2 KVM console. An extra console port is provided on the rear panel to manage the LCD KVM switch from an external console. It allows to access and control up to 8 computers fro
KVM/ARM Optimization #2 VM Kernel EL0 App App EL1 EL2 Host App App Linux KVM Legacy KVM/ARM design enabled/disabled virtualization features on every transition Virtual/Physical interrupts Stage 2 memory translation KVM Lowvisor Disable traps Enable traps
Genes Sequence of bases in a DNA molecule Carries information necessary for producing a functional product, usually a protein molecule or RNA Average gene is 3000 bases long 31 . 32 . Genes Instruction set for producing one particular molecule, usually a protein Examples fibroin, the chief component of silk triacylglyceride lipase (enzyme that breaks down dietary fat) 33 .
