NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Trend Micro Virtual Mobile Infrastructure (TMVMI), Version 6

Certificate Date:  2020.07.06

Validation Report Number:  CCEVS-VR-VID11083-2020

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Functional Package for TLS Version 1.1
  Protection Profile for Application Software Version 1.3

CC Testing Lab:  Gossamer Security Solutions


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is the Trend Micro Virtual Mobile Infrastructure (TMVMI), Version 6. The TOE is the Virtual Mobile Infrastructure Client application for Android and iOS platforms.  The TOE is a thin client providing access to a Trend Micro Virtual Mobile Infrastructure (VMI) server from a mobile device. A VMI client is a service that hosts independent workspaces for every user. A user workspace is based on the Android operating system, which is accessible via the VMI mobile client application installed on an Android or iOS mobile device. Using the VMI client application, users can access the same mobile environment that includes all their applications and data from any location, without being tied to a single mobile device.  The VMI client presents only the interface offered by the VMI server and ensures that communication with the server utilizes secured protocols.

The TOE when executed, connects to the specified Trend Micro Virtual Mobile Infrastructure (VMI) server, authenticating the server's certificate received while negotiating the HTTPS or TLS session.  The TOE is responsible only for protecting data-in-transit between the physical mobile device and the VMI server.


Evaluated Configuration

The Target of Evaluation (TOE) is the Trend Micro Virtual Mobile Infrastructure (TMVMI), Version 6. 

The TOE is the Virtual Mobile Infrastructure Client application for Android and iOS platforms.  The TOE is a thin client providing access to a Trend Micro Virtual Mobile Infrastructure (VMI) server from a mobile device.   The TOE was tested on the following mobile devices. 

 

Device Name

Processor

Operating System

Samsung Galaxy S10

Qualcomm Snapdragon 855 (SDM855)

Android 9.0

Apple iPhone 7

Apple A10

Apple iOS 13.1

 

The TOE runs on a Samsung Galaxy S10, Note 10, S9, Note 9, S8, and Note 8 devices running Android 9.  The TOE also runs on Apple iOS 13.1 on iPhone devices including iPhone X, 8, 7, and 6. The same application runs on all Android devices and the same application runs on all iPhone devices.  The S10 was used for Android testing and iPhone 7 was used for iOS testing. All other devices are claimed as equivalent.

Device Name

Processor

Operating System

Samsung Devices

Galaxy S10+

Qualcomm Snapdragon 855 (SDM855)

Android 9.0

Galaxy S10

Qualcomm Snapdragon 855 (SDM855)

Android 9.0

Galaxy Note10

Qualcomm Snapdragon 855 (SDM855)

Android 9.0

Galaxy Note10+

Qualcomm Snapdragon 855 (SDM855)

Android 9.0

Galaxy Note10+ 5G

Qualcomm Snapdragon 855 (SDM855)

Android 9.0

Galaxy S9+

Qualcomm Snapdragon 845 (SDM845)

Android 9.0

Galaxy S9

Qualcomm Snapdragon 845 (SDM845)

Android 9.0

Galaxy Note 9

Qualcomm Snapdragon 845 (SDM845)

Android 9.0

Galaxy S8+

Qualcomm Snapdragon 835 (SDM845)

Android 9.0

Galaxy S8

Qualcomm Snapdragon 835 (SDM845)

Android 9.0

Galaxy Note 8

Qualcomm Snapdragon 835 (SDM845)

Android 9.0

Apple Devices

iPhone XS

Apple A12 Bionic

iOS 13.1

iPhone XS Max

Apple A12 Bionic

iOS 13.1

iPhone XR

Apple A12 Bionic

iOS 13.1

iPhone X

Apple A11

iOS 13.1

iPhone 8 Plus

Apple A11

iOS 13.1

iPhone 8

Apple A11

iOS 13.1

iPhone 7 Plus

Apple A10

iOS 13.1

iPhone 7

Apple A10

iOS 13.1

iPhone 6 Plus

Apple A9

iOS 13.1

iPhone 6

Apple A9

iOS 13.1

Table 2 - Equivalent Devices


Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.  The product, when delivered and configured as identified in the Trend Micro Virtual Mobile Infrastructure (TMVMI) User’s Guide, Version 0.3, 06/29/2020   document, satisfies all of the security functional requirements stated in the Trend Micro Virtual Mobile Infrastructure (TMVMI), Version 6 (ASPP13) Security Target, Version 0.4, 06/29/2020.  The project underwent CCEVS Validator review.  The evaluation was completed in July 2020.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11083-2020) prepared by CCEVS.


Environmental Strengths

Environmental Strengths: 

The logical boundaries of the Trend Micro Virtual Mobile Infrastructure (TMVMI) are realized in the security functions that it implements. Each of these security functions is summarized below.

 

Cryptographic support:

The VMI client utilizes platform APIs to provide secure network communication using HTTPS. The client also uses its own cryptography to establish trusted TLS channels to transmit data to the VMI Server.

User data protection:

The VMI client informs a user of hardware and software resources the TOE accesses. It uses the platform’s permission mechanism to get a user’s approval for access. The user initiates a secure network connection to the VMI server using the TOE. In general, sensitive data resides on the VMI server and not the VMI Client, although the client does store encrypted credentials.

Identification and authentication:

The VMI client performs certificate validation checking for TLS connections.  Both Android and iOS applications support OCSP stapling when performing validity checks.

Security management:

The VMI client does not include any predefined or default credentials, and utilizes the platform recommended storage process for configuration options.

Privacy:

The VMI client does not collect any PII and does not transmit any PII over a network.

Protection of the TSF:

The VMI client relies on the physical boundary of the evaluated platform as well as the Android and iOS operating systems for the protection of the TOE’s application components.  All compiled VMI client code is designed to utilize compiler provided anti-exploitation capabilities.  The VMI client application is available through the Google Play store and the Apple store.

Trusted path/channels:

The VMI client utilizes platform APIs to establish HTTPS connections to a VMI server. The client also uses OpenSSL to establish TLS connections to a VMI server.


Vendor Information


Trend Micro, Inc.
Terry Park
817-569-8900
323-327-267
terry_park@trendmicro.com

www.trendmicro.com
Site Map              Contact Us              Home