NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - SecureIO

Certificate Date:  2018.03.14

Validation Report Number:  CCEVS-VR-VID10852-2018

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Application Software Version 1.2

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The SecureIO application provides a secure communication channel for Android applications to send and receive network traffic. The traffic will be protected in transit using TLS from the Android device to a TLS server.

The functionality of the SecureIO service is limited to (i) establishing and shutting down a TLS connection to the Transport Layer Gateway (TLG); (ii) sending and receiving messages to and from the TLG on behalf of Android apps via the TLS connection.

The TOE is a software application that resides entirely on its Android-based mobile platform. The TOE runs on Android versions 6.0, 7.0, and 7.1. All sub-versions (e.g. 6.0.1) of 6.0 and 7.0 are supported.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Vencore Secure IO was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Secure IO User Manual, satisfies all the security functional requirements stated in the Security Target (ST). The project underwent CCEVS Validator review.  The evaluation was completed in March 2018.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

The TOE provides the security functionality required by the Protection Profile for Application Software v1.2 [SWAPP].

Cryptographic Support

The TOE relies on underlying cryptographic functionality provided by the platform for all its cryptographic operations.

User Data Protection

The TOE is a TLS proxy that encrypts data sent by other applications on its host platform.

Security Management

The TOE does not come with any default credentials. It identifies itself to the TLS gateway that it connects to using a certificate and private key. These are provisioned onto the TOE by an administrator or end user.

Privacy

The TOE itself does not contain or transmit any Personally Identifiable Information (PII). It functions as a TLS proxy over which other applications on the platform may transmit whatever data they wish.

Protection of the TSF

The TOE employs several mechanisms to ensure that it is secure on the host platform. Only documented platform APIs are used by the TOE. The TOE never allocates memory with both write and execute permission. Evaluated platform functionality is used to verify the TOE version and perform updates, and no third-party libraries are used.

Trusted Path/Channels

TLS is used to protect all data transmitted to and from the TOE.


Vendor Information

Logo
Perspecta Labs Inc.
Vikram Kaul
908-748-2424
vkaul@perspectalabs.com

http://www.perspectalabs.com
Site Map              Contact Us              Home