The TOE, SecureWave Sanctuary Device Control version 3.2, is a three-tiered client/server application that provides the capability to centrally control the I/O devices users are able to access on their client computers. The TOE controls authorization of I/O devices by maintaining a database of access permissions and associating the permissions with users or user groups. When a user logs on to a client that is protected by the TOE, the TOE client driver contacts the server and downloads the list of permissions for the user. Whenever the user attempts to access an I/O device on the client, the TOE client driver intercepts the operating system. If the TOE determines the user is authorized to access the I/O device, the TOE grants access; otherwise, access to the I/O device is blocked.
\r\nThe three tiers of a Sanctuary Device Control (SDC) deployment comprise:
\r\nAn administrative toolkit, comprising a GUI-based application (the Sanctuary Device Console) and various command-line tools, also operates in the client tier, and is supported on Windows 2000 (SP3 or later) Server or Professional, Windows XP Professional, or Windows Server 2003.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the SecureWave Sanctuary Device Control version 3.2 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and International Interpretations effective on 22 August 2003. The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL2 family of assurance requirements. The product, when configured as specified in “Sanctuary Suite Setup Guide”, satisfies all of the security functional requirements stated in the SecureWave Sanctuary Device Control Security Target. One validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in February 2007. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0057) prepared by CCEVS.
\r\nFor this evaluation, it was appropriate for the Security Target to claim compliance with the external standards for AES, RSA and SHA for the definition of the cryptographic algorithms. There are many ways of determining compliance with a standard. SecureWave Sanctuary Device Control has chosen to make a developer claim of compliance. This means that there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithms actually meets the claimed standards. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user's requirements.
","environmental_strengths":"SecureWave Sanctuary Device Control version 3.2 provides a low to moderate level of independently assured security in a conventional TOE and is suitable for both commercial and government IT environments that require control over the I/O devices users can access on their computer systems.
\r\n The primary security functionality of the TOE is to provide a centrally-managed capability for controlling the I/O devices users in a networked environment are authorized to access. This capability is provided through the combination of the following security functions:
\r\n
User Data Protection – The TOE stores the user identity, user groups, and I/O Device access control list (ACL), and the associated access rights. When a user logs onto a client computer, the access permissions for that user on the client computer are transmitted by the SecureWave Application Server to the client. When a user attempts to access an I/O device, the client component of the TOE intercepts the operating system call to the I/O device and the user-s access permissions are checked to determine if access is allowed, as well as the access right that was granted (Read Only or Read/Write).
\r\nIn addition to the basic granting or denying of access to I/O devices, the TOE provides the following capabilities:
\r\nTo support the capability to authorize the use of specific DVDs or CDs, the TOE uses the SHA-1 algorithm to calculate a secure hash of the complete contents of the DVD or CD and the associates the hash with the authorized user. The user can access any DVD or CD that matches the hash associated with the user.
\r\nTo support the capability to encrypt the contents of removable media, the TOE uses 256-bit AES.
\r\nSecurity Management – The TOE provides the tool sets that are used by the administrator to manage and configure the TOE security functions. These functions include: the management of the users, user groups, and permissions; the management of I/O devices; the ability to manage and review the audit records; and the ability to manage the shadow files.