PRODUCT DESCRIPTION

The TOE, called the Peripheral Sharing Switch (PSS), or simply switch, that permits a single set of human interface devices: USB keyboard, DVI-I video, USB mouse, audio (input and output), and Common Access Card (CAC) or SmartCard reader, to be shared among two or more computers.  Users who access secure and unsecure networks from one set of peripherals can rely on the SwitchView SC series of switches’ architecture to keep their private data completely separate and secure at all times.  There is no software to install or boards to configure.

The SwitchView SC series of switches work with IBM PC/AT and Sun systems and have ports for USB keyboard, USB mouse, DVI-I video, audio (input and output), and USB Common Access Card (CAC) or SmartCard reader.  Each switch has a “select” button associated with each specific port.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures.   The TOE (Avocent SwitchView SC420 Model 520-753-502; Avocent SwitchView SC440 Model 520-721-502; Avocent SwitchView SC540 Model 520-728-502) was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1R2.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1R2.  The evaluation demonstrated that the product meets the security requirements contained in the Security Target.  Computer Sciences Corporation determined that the evaluation assurance level (EAL) for the product is EAL 4+.  The Validators observed that the evaluation carried out by Computer Sciences Corporation and all of its activities were in accordance with the Common Criteria, the Common Evaluation Methodology, and the CCEVS.  The Validators therefore conclude that the evaluation team’s results are correct and complete. The evaluation was completed in March 2009. Results of the evaluation can be found in the non-proprietary Evaluation Technical Report for a Target of Evaluation for Avocent SwitchView SC Series: SC420, SC440, SC540 prepared by Computer Sciences Corporation.

ENVIRONMENTAL STRENGTHS

The TOE provides the following security features:

Data Separation (TSF_DSP):  Signals processed by the TOE are keyboard data, mouse data, keyboard LED data, Data Display Channel information, analog video signals, Common Access Card (CAC) or SmartCard reader data, audio data and USB status.  Specific versions of the TOE accommodate subsets of the listed signals to support popular types of computers.  In all cases, the TOE ensures data separation for all signal paths using both hardware and firmware.

The basic arrangement of the microprocessors used for shared peripheral data ensures data separation in hardware by physical separation of the microprocessors connected to the user’s peripheral devices from the microprocessors connected to the attached computers.  In operation, the main processor moves data received from the shared peripherals to the microprocessor corresponding to the selected computer.  The processor dedicated to the selected computer sends data to the computer.  Separation is ensured in hardware by use of separate microprocessors for each of the computers and for the shared user peripheral devices.

Separation in firmware is ensured by a firmware design consisting of dedicated functions and static memory assignment with no third-party library functions or multitasking executives.

In operation the TOE is not concerned with the content of user information flowing between the shared peripherals and the switched computers.  It only provides a single logical connection between the shared peripheral group and the one selected computer supporting the Data Separation Security Functional Policy – “the TOE shall allow peripheral data and state information to be transferred only between peripheral port groups with the same ID.”  The TOE interfaces ensure that confidentiality of information is not violated by isolating signals electrically and through firmware modules that ensure that information is passed only between the user peripherals and the selected computer.

Keyboard LED status for each computer is stored by the processor associated with each computer.  The TOE does not have software to install, or boards to configure.  The logic contained within the TOE is protected from unauthorized modification through the use of discrete components.

Security Management (TSF_MGT): The TOE allows for the connected computers to be powered-up all-at-once or one at a time.  The green LEDs over each channel will light, indicating that the attached computer is powered on.  To select or switch computers, the TOE provides port-specific switches, that allow(s) the human user to explicitly determine to which computer the shared set of peripherals is connected.  This connection is visually displayed by an amber LED over the selected channel.

Tamper Detection (TSF_TMP):  A switch inside the unit is activated when a screw used to fasten the top cover of the unit is removed.  The tamper switch is powered by the main power supply or a dedicated battery so that it can always detect intrusions.  After the switch is activated, TOE operation is disabled and the amber indicators on the front panel of the unit flash in unison.  When the amber indicators are flashing in unison, operation of the TOE cannot be restored; the TOE must be replaced.

Vendor Information

Avocent Corporation
Erica Gomez
256-261-6509
erica.gomez@avocent.com

http://www.avocent.com