The TOE is a device, hereinafter referred to as a Peripheral Sharing Switch (PSS), or simply switch, that permits a single set of human interface devices: DVI-I video, Audio (input and output), USB keyboard, and USB mouse to be shared among two or more computers. Users who access secure and unsecure networks from one set of peripherals can rely on the Avocent Cybex SwitchView SC series of switches’ architecture to keep their private data separate. There is no software to install or boards to configure.
\r\nThe Avocent Cybex SwitchView SC series of switches work with IBM PC and Sun systems and have ports for DVI-I video, Audio (input and output), USB keyboard, and USB mouse. Each switch has a “select” button associated with each specific port. For the convenience of the operator, these models have USB ports on the rear of the device.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the Avocent Cybex SwitchView SC620 Model 520-866-501, Avocent Cybex SwitchView SC640 Model 520-869-501, and Avocent Cybex SwitchView SC740 Model 520-868-501 were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 2. Computer Sciences Corporation determined that the evaluation assurance level (EAL) for the product is EAL 2+. The product satisfies all of the security functional requirements stated in the Security Target. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Computer Sciences Corporation. The evaluation was completed in May 2011. Results of the evaluation can be found in the Evaluation Technical Report for a Target of Evaluation for Avocent SwitchView SC620, SC640, and SC740 Switches prepared by Computer Sciences Corporation.
","environmental_strengths":"The TOE provides the following security features:
\r\nData Separation (TSF_DSP): The TOE implements the Data Separation Security Function Policy (SFP) as outlined in Section 2 of Peripheral Sharing Switch (PSS) for Human Interface Devices Protection Profile, Version 2.1, dated September 7, 2010.
\r\nSignals processed by the TOE are shared peripheral device data, Data Display Channel information, and video signals. Specific versions of the TOE accommodate subsets of the listed signals to support popular types of computers. In all cases, the TOE ensures data separation for all signal paths using both hardware and firmware.
\r\nThe basic arrangement of the microprocessors used for shared peripheral data ensures data separation in hardware by physical separation of the microprocessors connected to the user’s peripheral devices from the microprocessors connected to the attached computers. In operation, the main processor moves data received from the shared peripherals to the microprocessor corresponding to the selected computer. The processor dedicated to the selected computer sends data to the computer. Separation is ensured in hardware by use of separate microprocessors for each of the computers and for the shared user peripheral devices.
\r\nSeparation in firmware is ensured by firmware design consisting of dedicated functions and static memory assignment with no third-party library functions or multitasking executives.
\r\nIn operation the TOE is not concerned with the content of user information flowing between the shared peripherals and the switched computers. It only provides a single logical connection between the shared peripheral group and the one selected computer supporting the Data Separation Security Functional Policy – “the TOE shall allow peripheral data and state information to be transferred only between peripheral port groups with the same ID.” The TOE interfaces ensure that confidentiality of information is not violated by isolating signals electrically and through firmware modules that ensure that information is passed only between the user peripherals and the selected computer.
\r\nShared peripheral status for each computer is stored by the processor associated with each computer. The TOE does not have software to install, or boards to configure. The logic contained within the TOE is protected from unauthorized modification through the use of discrete components.
\r\nSecurity Management (TSF_MGT): The TOE allows for the connected computers to be powered-up all-at-once or one at a time. The green LEDs over each channel will light, indicating that the attached computer is powered on. To select or switch computers, the TOE provides port-specific switches, that allow(s) the human user to explicitly determine to which computer the shared set of peripherals is connected. This connection is visually displayed by an amber LED over the selected channel. The TOE also provides the TOE user with management function of modifying the PERIPHERAL PORT GROUP IDs.
\r\nInvalid USB Connection (TSF_IUC): The firmware in the TOE checks a USB device’s class when this device is connected to the TOE and ensures that the device is valid, i.e. is a pointing device or a keyboard. If the device is not valid, the TOE doesn’t allow further interaction to be performed by the non-valid device; thus non-valid USB devices connected to the switch by the users will not be connected to any of the target computers.
\r\nRead-only ROMs (TSF_ROM): TSF software embedded in TSF ROMs is contained in one-time-programmable read-only memory permanently attached (non-socketed) to a circuit assembly because the processors are soldered directly to the boards and utilize Code Read Protection level 3 (CRP3), which prevents the device’s flash memory from being modified, by an external entity. The processors corresponding to the computers attached and the main processor handling the shared peripherals do not use any external RAM/ROM. The firmware running on these processors does not contain any commands to update itself.
","features":[]}