ATEN/IOGear Secure KVM Switch Series Security Target
ATEN/IOGear Secure KVM Switch SeriesSecurity TargetFile Name: ATEN&IOGear Secure KVM Switch Series Security Target.DOCVersion: 1.5.1Date: 2011/06/28Author: ATEN
Contents1 ST Introduction . 21.1 ST and TOE Reference . 21.1.1 Document Conventions . 21.2 TOE Overview . 31.3 TOE Description . 41.4 TOE Boundaries. 42 Conformance Claims . 82.1 Common Criteria Conformance . 82.2 Protection Profile Conformance . 82.3 Evaluation Assurance Level . 83 Security Problem Definition . 93.1 Threats . 93.2 Organizational Security Policies . 93.3 Assumptions. 94 Security Objectives . 114.1 Security Objectives for the TOE . 114.2 Security Objectives for the Environment . 115 Extended Components Definition . 135.1 Class EXT: Extended. 136 Information Technology Security Requirements . 166.1 Target of Evaluation Security Requirements . 166.2 Target of Evaluation Security Assurance Requirements . 187 TOE Summary Specification . 207.1 TOE Security Functions . 208 Rationale . 238.1 Rationale for Security Objectives . 238.2 Rationale for Security Requirements . 238.3 TOE Summary Specification Rationale . 259 Acronyms & Reference. 269.1 Acronyms . 269.2 Reference . 26page 1
1 ST IntroductionThis Security Target (ST) defines the scope of the evaluation in terms of theassumptions made, the intended environment for the ATEN/IOGear Secure KVMSwitch, the Information Technology (IT) security functional and assurancerequirements to be met, and the level of confidence (evaluation assurance level) towhich it is asserted that the ATEN/IOGear Secure KVM Switch satisfies its ITsecurity requirements. This document forms the baseline for the Common Criteria(CC) evaluation.1.1 ST and TOE ReferenceST Title: ATEN/IOGear Secure KVM Switch Series Security TargetTOE Identification: ATEN Secure KVM Model CS1182 ATEN Secure KVM Model CS1184 IOGear Secure KVM Model GCS1212TAA IOGear Secure KVM Model GCS1214TAAST Version: Version 1.5.1Publication Date: 2011/06/28Assurance Level: EAL 2 augmented with ALC FLR.2ST Author: ATEN1.1.1 Document ConventionsThe CC permits four types of operations to be performed on security functionalrequirements: selection, assignment, refinement, and iteration. These operations areidentified in this ST in the following manner:a. Selection: Indicated by surrounding brackets and italicized text, e.g., [selecteditem].b. Assignment: Indicated by surrounding brackets and regular text, e.g., [assigneditem].c. Refinement: Indicated by underlined text, e.g., refined item for additions. Deleteditem for deletion.The functional security requirements beyond those defined in the claimed PP arepage 2
identified by italicized text, e.g. FMT SMF.1 (Specification of ManagementFunctions)1.2 TOE OverviewThis document addresses a DEVICE, hereinafter referred to as a “Peripheral SharingSwitch” (PSS) or simply “SWITCH”--the Target of Evaluation (TOE)--permitting asingle set of HUMAN INTERFACE DEVICES to be shared among two or moreCOMPUTERS.The TOE must not have, and in fact must specifically preclude, any features thatpermit USER information to be shared or transferred between COMPUTERS via theTOE.A PERIPHERAL PORT GROUP is a collection of DEVICE PORTS treated as asingle entity by the TOE. There is one GROUP for the set of SHAREDPERIPHERALS and one GROUP for each CONNECTED SWITCHED COMPUTER.Each SWITCHED COMPUTER GROUP has some unique associated logical ID (i.e.the SHARED PERIPHERALS PORT GROUPT include the console monitor, USBmouse, USB keyboard, analog audio input device (ex: microphone) and analog audiooutput device (ex: speaker), while the SWITCHED COMPUTER PERIPHERALPORT GROUP includes the DVI monitor connection, USB connection, and audioinput/output connection). The SHARED PERIPHERAL GROUP ID is considered tobe the same as that of the SWITCHED COMPUTER GROUP currently selected bythe TOE.1.2.1 TOE TypeThe TOE is with KVM (USB Keyboard, DVI-I Video, USB Mouse) switchfunctionality by combining a 2/4 port KVM switch and audio (input & output) ports.The TOE is normally installed in settings where a single USER with limited worksurface space needs to access two or more COMPUTERS, collectively termedSWITCHED COMPUTERS (which need not be physically distinct entities). TheUSER may have a KEYBOARD, a visual display (e.g., MONITOR), a POINTINGDEVICE (e.g., mouse) and audio input/output device. These are collectively referredto as the SHARED PERIPHERALS.In operation, the TOE will be CONNECTED to only one COMPUTER at a time. Touse a different COMPUTER, the USER must perform some specific action. The TOEpage 3
will then visually indicate which COMPUTER was selected by the USER. Suchindication is persistent and not transitory in nature.1.2.2 Non-TOE hardware/software/firmwareThere are no hardware/software/firmware components of the TOE that are outside ofthe scope of evaluation.1.3 TOE DescriptionThe TOE is with KVM (USB Keyboard, DVI-I Video, USB Mouse) switchfunctionality by combining a 2/4 port KVM switch and audio (input & output) ports.As a KVM switch, the TOE allows users to access two or four computers from asingle set USB keyboard, USB mouse, and DVI-I monitor console.In ATEN/IOGear Secure KVM Switch, keyboard/mouse, video, and audio areprocessed by different chipsets. The keyboard/mouse is processed by ATENdeveloped ASIC. The video signal is process by a video switch chipset and the audiois process by another analog switch (multiplexer). For video and audio, the chipsetsonly switch between different channels and let the video/audio signal pass through.Setup is fast and easy; simply plug cables into their appropriate ports. There is nosoftware to configure, no firmware to be upgraded, no boards to configure, noinstallation routines, and no incompatibility problems. The only one method to accessthe computers is by pushbuttons located on the unit’s front panel. Since the TOEintercepts keyboard input directly, it works on multiple computing platforms (PC(x86/x64), Macintosh PowerPC, and Sun Microsystems Sparc). The TOE is designedby its unique security architecture which the TOE itself doesn’t allow the private datashared among the connected computers. Thus users can access to connectedcomputers from a single set of console via TOE even the computers are located indifferent networks (classified/unclassified) since the private data are totally separated.1.4 TOE Boundaries1.4.1 Physical BoundaryThis following tables list the hardware/firmware components and its accompanyingguidance documents of the product and denotes which are in the TOE and which arein the environment.Hardware Componentspage 4
TOE ModelPortsInterfaceATEN CS11822Dual Link DVI-I, USB Keyboard, USB mouse,Analog Audio input (ex: Microphone) andAnalog Audio output (ex: Speaker), SwitchButtons, LED indicatorsATEN CS11844Dual Link DVI-I, USB Keyboard, USB mouse,Analog Audio input (ex: Microphone) andAnalog Audio output (ex: Speaker), SwitchButtons, LED indicatorsIOGearGCS1212TAA2Dual Link DVI-I, USB Keyboard, USB mouse,Analog Audio input (ex: Microphone) andAnalog Audio output (ex: Speaker), SwitchButtons, LED indicatorsIOGear4Dual Link DVI-I, USB Keyboard, USB mouse,GCS1214TAAAnalog Audio input (ex: Microphone) andAnalog Audio output (ex: Speaker), SwitchButtons, LED EN CS1182ATEN CS1184IOGear GCS1212TAAIOGear GCS1214TAATOE HardwareEnvironmentUSB KeyboardMember of PeripheralGroupEnvironmentUSB MouseMember of PeripheralGroupEnvironmentDVI MonitorMember of PeripheralGroupEnvironmentAudio Input/Output (eg: Speaker Member of Peripheraland Microphone)GroupEnvironmentHost ComputersComputer EnvironmentFirmware ComponentsTOE ModelFirmwareATEN CS1182ATEN CS1184FW v1.0.064IOGear GCS1212TAApage 5
IOGear GCS1214TAAGuidance DocumentsThe guidance documents that accompany the TOE are::TOE ModelAGD OPE/AGD PRE GuidanceATEN CS1182ATEN Secure KVM Switch Series Guidance v1.2.pdfATEN CS1184IOGear GCS1212TAA IOGear Secure KVM Switch Series Guidance v1.2.pdfIOGear GCS1214TAA1.4.2 Logical BoundariesThe Logical Scope and Boundary of the TOE consists of the security functions andfeatures provided by the TOE. The security functions include Information FlowControl (TSF IFC), Security Management (TSF MGT), and Self Protection(TSF SPT).1.4.2.1 Information Flow Control (TSF IFC)Per request of Peripheral Sharing Switch (PSS) for Human Interface DevicesProtection Profile, Version 2.1, dated September 07, 2010. Data Separation SecurityFunction Policy (SFP) is implemented in the TOE. The TOE shall allowPERIPHERAL DATA to be transferred only between PERIPHERAL PORTGROUPS with the same ID. The TOE processes mainly keyboard/mouse data,keyboard LED data, Data Display Channel information, video signals, audio data andUSB status. The TOE itself is neither concerned with the USER’S information in theshared computers nor the information flowing between the SHARED PERIPHERALSand the SWITCHED COMPUTERS. It is only providing a CONNECTION betweenthe HUMAN INTERFACE DEVICES and a selected COMPUTER at any giveninstant. As long as the guidance is followed by the Administrator while configuringand using the TOE, only valid USB devices are accepted by the TOE. Therefore theuser information flows are safe. A more detailed explanation of TSF IFCimplementation is described in Section 7.1.1.All USB devices connected to the USB keyboard/mouse ports of the Peripheral switchshall be interrogated to ensure that they are valid (pointing device, keyboard). Nofurther interaction with non-valid devices shall be performed.1.4.2.2 Security Management (TSF MGT)There are two (CS1182/GCS1212TAA) or four (CS1184/GCS1214TAA) pushbuttonspage 6
on the TOE front panel. The only one method to access the computers via TOE is bypushbuttons. By pressing the pushbutton, user can explicitly determine which port hewants to select or which computer he wants to switch to, which means user canexplicitly determine which computer is connected to the shared set of peripherals.There are also two LED indicators (one green, one orange) located above eachpushbutton. The green LED indicator of a specific port lights when there is acomputer connected on that port and powered on (the green LED indicator is lit whenthere is a powered-on USB connection between the TOE and any connectedcomputers). Once a specific computer is selected by the user, which means the shareset of peripherals switches to that port of computer, the orange LED indicator lights.An explanation of TSF MGT implementation is described in Section 7.1.21.4.2.3 Self Protection (TSF SPT)This function intends to protect the set of peripheral devices connected to the TOE.Any attempt to open the TOE will trigger a Tamper Detection switch. Once the TOEis physically tampered, The LED lights on the front panel flash to remind and alert theadministrator. All TOE functions are tainedinone-time-programmable ROM inside the ASIC which is permanently attached(non-socketed) to a circuit assembly. So there is no way to modify the firmware. Amore detailed explanation of TSF SPT implementation is described in Section 7.1.3page 7
2 Conformance Claims2.1 Common Criteria ConformanceThis ST has been prepared in accordance with and is conformant to: Common Criteria for Information Technology Security Evaluation (CC), Version3.1, Revision 3, July 2009 (CCMB-2009-07-001, CCMB-2009-07-002,CCMB-2009-07-003) Common Methodology for Information Technology Security Evaluation,Evaluation 3,July2009The ST claims the following CC conformance: Parts 2 extended and contain 4 extended security requirements EXT VIR.1 Visual Indication Rule EXT IUC.1 Invalid USB Connection EXT ROM.1 Read-Only ROMs EXT TMP.1 Physical Tampering Security Parts 3 conformant2.2 Protection Profile ConformanceThis ST claims demonstrable compliance to the Protection Profile:Peripheral Sharing Switch (PSS) for Human Interface Devices Protection Profile,Version 2.1 dated September 7, 20102.3 Evaluation Assurance LevelEAL 2 (augmented with ALC FLR.2 (Flaw reporting procedures)page 8
3 Security Problem DefinitionThe security problem definition shows the threats, Organizational security policies(OSPs) and assumptions that must be countered, enforced and upheld by the TOE andits operational environment.3.1 ThreatsA threat consists of a threat agent, an asset and an adverse action of that threat agenton that asset.T.INVALIDUSBThe AUTHORIZED USER will connect unauthorized USBdevices to the peripheral switch.T.RESIDUALRESIDUAL DATA may be transferred between PERIPHERALPORT GROUPS with different IDs.T.ROM PROGThe TSF may be modified by an attacker such that codeembedded in reprogrammable ROMs is overwritten, thus leadingto a compromise of the separation-enforcing components of thecode and subsequent compromise of the data flowing throughthe TOE.T.SPOOFVia intentional or unintentional actions, a USER may think theset of SHARED PERIPHERALS are CONNECTED to oneCOMPUTER when in fact they are connected to a different one.T.TRANSFERA CONNECTION, via the TOE, between COMPUTERS mayallow information transfer.3.2 Organizational Security PoliciesNone.3.3 AssumptionsThe following usage assumptions are made about the intended environment of theTOE.A.ACCESSAn AUTHORIZED USER possesses the necessary privileges toaccess the information transferred by the TOE. USERS areAUTHORIZED USERS.A.MANAGEThe TOE is installed and managed in accordance with themanufacturer’s directions.page 9
Application Note: The installed USB devices connected to theTOE do not buffer and transfer data to other COMPUTERSexcept the currently CONNECTED COMPUTER.A.NOEVILThe AUTHORIZED USER is non-hostile and follows all usageguidance.A.PHYSICALThe TOE is physically secure.page 10
4 Security Objectives4.1 Security Objectives for the TOEThe following security objectives are intended to be satisfied by the TOEO.CONFThe TOE shall not violate the confidentiality of informationwhich it processes. Information generated within anyPERIPHERAL GROUP COMPUTER CONNECTION shall notbe accessible by any other PERIPHERAL GROUP with adifferent GROUP ID.O.INDICATEThe AUTHORIZED USER shall receive an unambiguousindication of which SWITCHED COMPUTER has beenselected.O.ROMTOE software/firmware shall be protected against unauthorizedmodification. Embedded software must be contained inmask-programmed or one-time-programmable read-onlymemory permanently attached (non-socketed) to a circuitassembly.O.SELECTAn explicit action by the AUTHORIZED USER shall be used toselect the COMPUTER to which the shared set ofPERIPHERAL DEVICES is CONNECTED Single push button,multiple push button, or rotary selection methods are used bymost (if not all) current market products. Automatic switchingbased on scanning shall not be used as a selection mechanism.O.SWITCHAll DEVICES in a SHARED PERIPHERAL GROUP shall beCONNECTED to at most one SWITCHED COMPUTER at atime.O.USBDETECTThe TOE shall detect any USB connection that is not a pointingdevice, keyboard, or display and will perform no interaction withthat device after the initial identification.4.2 Security Objectives for the EnvironmentThe following security objectives for the environment of the TOE must be satisfied inorder for the TOE to fulfill its own security objectives.OE.ACCESSThe AUTHORIZED USER shall possess the necessary privilegespage 11
to access the information transferred by the TOE. USERS areAUTHORIZED USERS.OE.MANAGEThe TOE shall be installed and managed in accordance with themanufacturer’s directions.OE.NOEVILThe AUTHORIZED USER shall be non-hostile and follow allusage guidance.OE.PHYSICALThe TOE shall be physically secure.page 12
5 Extended Components DefinitionThis section specifies the extended SFRs for the TOE.5.1 Class EXT: ExtendedThis class provides four families specifically concerned with Part 2 of the CommonCriteria does not provide a component appropriate to express the requirement for EXT VIR.1 Visual Indication Rule EXT IUC.1 invalid USB ConnectionEXT ROM.1 Read-Only ROMsEXT TMP.1 Physical Tampering Security5.1.1 Visual Indication Rule (EXT VIR)Family BehaviourThis family defines requirements for the visual method of indicating whichCOMPUTER is CONNECTED to the shared set of PERIPHERAL DEVICES shall beprovided that is persistent for the duration of the CONNECTIONComponent levelingEXT VIR: Visual Indication Rule1Management: EXT VIR.1There are no management activities foreseen.Audit: EXT VIR.1There are no auditable events foreseen.EXT VIR.1Visual Indication RuleHierarchical to: No other componentsDependencies: NoneEXT VIR.1.1A visual method of indicating which COMPUTER isCONNECTED to the shared set of PERIPHERAL DEVICESshall be provided that is persistent for the duration of theCONNECTION.page 13
5.1.2 Invalid USB Connection (EXT IUC)Family BehaviourThis family defines requirements for the interrogation of all USB devices connectedto the Peripheral switch to ensure that they are valid (pointing device, keyboard,display).Component levelingEXT IUC: Invalid USB Connection1Management: EXT IUC.1There are no management activities foreseen.Audit: EXT IUC.1There are no auditable events foreseen.EXT IUC.1EXT IUC.1.1Invalid USB ConnectionHierarchical to: No other componentsDependencies: NoneAll USB devices connected to the Peripheral switch shall beinterrogated to ensure that they are valid (pointing device,keyboard, display). No further interaction with non-valid devicesshall be performed.5.1.3 Read-Only ROMs (E
functionality by combining a 2/4 port KVM switch and audio (input & output) ports. As a KVM switch, the TOE allows users to access two or four computers from a single set USB keyboard, USB mouse, and DVI-I monitor console. In ATEN/IOGear Secure KVM Switch, keyboard/mouse, video, and audio are processed by different chipsets.
Sep 06, 2011 · 2. Install the KVM Switch unit into the rack cabinet. Figure 9. DKVM-440 Front Panel D. Plug in the power adapter for each level Slave KVM Switch and connect Slave KVM switch to computers. E. The power on sequence should be: 1. Master KVM Switch 2. Second level Slave KVM Switch (connec
32-Port Cat 5 KVM over IP Switch with Virtual Media KVM over IP Switch / Extender ATEN Featured Products KN2116VA 16-Port Cat 5 KVM over IP Switch with Virtual Media High-resolution video – up to 1920 x 1200 @ 60Hz RB for both local and remote consoles Supports TLS 1.2 data encryption and RSA 2048-bit
6 PUBLIC USE #NXPFTF KVM/QEMU Multicore Hardware Linux KVM App Virtual Machine 1 QEMU App OS Virtual Machine 2 QEMU App OS KVM/QEMU-open source virtualization technology based on the Linux kernel KVM is a Linux kernel module QEMU is a user space emulator that uses KVM for acceleration Run virtual machines alongside Linux applications No or minimal OS changes required
Apr 30, 2009 · KVM over IP User Manual Page 6 of 109 1. Product Overview 1.1 Introduction Opengear’s KVM-over-IP switch (referred to generically in this manual as the IP-KVM) redirects local keyboard,
SWITCH KVM USB 4 PORTS Vérification du contenu de l'emballage Switch KVM USB DKVM-4U Guide d’installation rapide 2 jeux de câbles 2-en-1 KVM USB de 1,8 m Installation du switch DKVM-4U d’éteindre votre ordinateur pour pouvoir l’installer. Répétez les étapes ci-dessous pour chacun des
Nov 08, 2013 · KVM cable. VGA PS2 KVM cable. VGA USB PS/2 KVM switch USB KVM switchwith DVI/VGA Adapter Note: Cabling options include either a VGA/USB, a VGA/PS2, or a DVI USB cable. Note: Please check cable details with your dealer. Caution :The Rackview LCD console drawer is hot-pluggable, but components of connected
The SV1108IPEXT/POW 1 Port Remote Control IP KVM Switch with Virtual Media lets you control a USB or PS/2 server remotely over a LAN or the Internet. The 1 port KVM over IP includes all necessary KVM cables, and offers KVM control from the BIOS-level onward. Reboot
Short presentation on archaeological illustration generally. Introduction to pottery illustration, the equipment and the layout, presentation and conventions commonly used. Demonstration of how to draw a rim, followed by practical session Session 2 - 11th Oct. 1- 4.30pm. - Nadia Knudsen Presentation and demonstration of how to draw a pot base and a complete profile of a vessel followed by a .
