The Data Diode network interface card (NIC) is designed and manufactured by Owl Computing Technologies Incorporated. This Data Diode NIC was developed to support higher-level application software packages to provide secure one-way network communications. Owl markets and sells application programs that utilize the Data Diode Technology for specific data transfers.
\r\nThe TOE is a pair of Owl Data Diode NIC network interface cards. Each card has two external interfaces. One external interface is the Peripheral Component Interface which connects to the PCI Bus of the host in which the DDNIC is installed. The other interface is the fiber optic network connection physically located on the card. The purpose of the Data Diode NIC is to provide assurance that one-way operation occurs at the physical interface between a network sender and receiver.
\r\nThis Data Diode NIC was developed to support higher-level application software packages to provide secure one-way network communications. Owl markets and sells application programs that utilize the Data Diode Technology for specific data transfers; however the TOE is only the Data Diode NIC. The information flow policy enforced by the Data Diode NIC does not rely on passwords, authentication, or encryption to protect host data. Rather the physics of a photo-detector and light emitting diode enforce the TSP.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Owl Data Diode TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4. The product satisfies all of the security functional requirements stated in Owl Computing Technologies Data Diode Network Interface Card Security Target (Version 1.0), when configured as specified in the Owl Computing Technologies, Inc. OEM Installation Manual and Common Criteria Evaluation Release Notes as contained in one of the following:
\r\nThe evaluation was completed in August 2005. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-05-0120a, dated September 28, 2005) prepared by CCEVS.
","environmental_strengths":"The Data Diode modifies a bi-directional Commercial-Off-The-Shelf (COTS) product into a unidirectional optical fiber connection between two networks. The physically modified Asynchronous Transfer Mode (ATM) network interface cards and connecting optical fiber is termed the Data Diode TOE. Each of the ATM adapter network cards has been physically modified, and color-coded red and blue, such that the red card can only receive data, while the blue card can only send data. The Data Diode supports two security functions:
\r\nInformation Flow: Given the assumption that all relevant data must pass through the TOE, and all information received by the TOE is unconditionally subject to its unidirectional information flow policy, there is no possibility to bypass this security mechanism. There is only one path for information flow through each Owl Data Diode Network Interface Card, and that path only allows unidirectional information flow across the card. As there is physically only one path available for information flow, that path cannot be bypassed.
\r\nFor the unidirectional flow to occur across a given DDNIC, the DDNIC must function correctly. If a DDNIC is not functioning or is malfunctioning, only unidirectional information flow is permitted, or no information flow occurs. The Send-Only DDNIC only allows information to flow from the host system across the card to the external optical interface. The Receive-Only DDNIC only allows information to flow from the external optical interface across the card to the host system.
TOE Self Protection: The Data Diode NIC protects itself by not exporting any interface that can be used to modify the TOE. The only interfaces exported are the PCI Bus interface and the network fiber optic interface. Each DDNIC protects itself by not exporting any interface that can be used to modify the TOE and thereby the Target Security Functions (TSF) of the TOE. The only interfaces exported are the PCI and the optical interface of the DDNIC, which are not relevant to the TSF. Furthermore, no interface is exported which can alter the operation of the TOE since the TOE has been manufactured to physically enforce its policies and would have to be physically modified to change its behavior and violate the TSF. Since the TOE environment is assumed to provide adequate physical protection it is essentially impossible to modify the TOE.
\r\nLogically, the Data Diode NIC is protected largely by virtue of the fact that its interface is limited to primarily only support network traffic. The TOE operates at the physical level which is below the level of protocols or binary logic, so it is unaffected by buffer content or network traffic.","features":[]}