manualshive.com logo in svg

ATEN CS1142D4, Инструкция по эксплуатации, Страница: 6 / 54

Поделиться
Скачать
ATEN CS1142D4 Скачать руководство пользователя страница 6

Security Target 

Version 1.1

 

2022-03-08

 

1

 

Security Target Introduction 

This section identifies the Security Target (ST) and Target of Evaluation (TOE) identification, ST 
conventions, ST conformance claims, and the ST organization. The TOE is ATEN Secure KVM Switch 
Series (Non-CAC Models) provided by ATEN.  

The Security Target contains the following additional sections: 

 

TOE Description (Section 2) 

 

Security Problem Definition (Section 3) 

 

Security Objectives (Section 4) 

 

IT Security Requirements(Section 5) 

 

TOE Summary Specification (Section 6) 

 

Protection Profile Claims (Section 7) 

 

Rationale (Section 8)  

1.1

 

Security Target, Target of Evaluation, and Common Criteria Identification 

ST Title:

 ATEN Secure KVM Switch Series (Non-CAC Models) Security Target  

ST Version: 

Version 1.1 

ST Date: 

2022-03-08 

Target of Evaluation (TOE) Identification: 

ATEN Secure KVM Switch Series (Non-CAC Models) 

TOE Versions: 

The following table identifies the model numbers per configuration. The firmware version 

for all models is v1.1.101.

 

Table 1: ATEN Secure KVM Switch TOE Models 

Configuration  

2-Port 

4-Port 

8-Port 

DisplayPort 

Single Head 

CS1182DP4 

CS1184DP4 

CS1188DP4 

Dual Head 

CS1142DP4 

CS1144DP4 

CS1148DP4 

HDMI 

Single Head 

CS1182H4 

CS1184H4 

N/A 

Dual Head 

CS1142H4 

CS1144H4 

N/A 

DVI 

Single Head 

CS1182D4 

CS1184D4 

CS1188D4 

Dual Head 

CS1142D4 

CS1144D4 

CS1148D4 

The  TOE  includes  a  wired  remote  controller:  Remote  Peripheral  Selector  (RPS)  that  is  available  to 
customers as an additional purchase.  This device has the same firmware version as the models above. 

TOE Developer: 

ATEN 

Evaluation Sponsor: 

ATEN 

CC Identification: 

Common Criteria for Information Technology Security Evaluation, Version 3.1, 

Revision 5, April 2017. 

Содержание CS1142D4

Страница 1: ... Models Security Target Version 1 1 2022 03 08 Prepared for ATEN 3F No 125 Section 2 Datung Road Sijhih District New Taipei City 221 Taiwan Prepared by Common Criteria Testing Laboratory 6841 Benjamin Franklin Drive Columbia Maryland 21046 ...

Страница 2: ...istory Version Author Modifications 0 1 Leidos Initial Version 0 2 Leidos Minor update to add adapters 0 3 Leidos Updates for validator check in comments 1 0 Leidos Minor updates for evaluator comments 1 1 Leidos Updates for validator check out comments ...

Страница 3: ...ectives 16 4 1 Security Objectives for the Operational Environment 16 5 IT Security Requirements 17 5 1 Extended Requirements 17 5 2 TOE Security Functional Requirements PSD MOD_AO_V1 0 MOD_KM_V1 0 18 5 2 1 Security Audit FAU 19 5 2 2 User Data Protection FDP 20 5 2 3 Identification and Authentication FIA 24 5 2 4 Security Management FMT 25 5 2 5 Protection of the TSF FPT 25 5 2 6 TOE Access FTA 2...

Страница 4: ...I_EXT 2 PSD Switching Methods FDP_SWI_EXT 3 Tied Switching 36 6 2 9 TOE Video Security Function 36 6 3 Identification and Authentication FIA_UAU 2 FIA_UID 2 38 6 4 Security Management 38 6 4 1 FMT_MOF 1 Management of Security Functions Behavior 38 6 4 2 FMT_SMF 1 Specification of Management Functions 38 6 4 3 FMT_SMR 1 Security Roles 39 6 5 Protection of the TSF 39 6 5 1 FPT_FLS_EXT 1 Failure with...

Страница 5: ...urity Functional Components 18 Table 8 Audio Filtration Specifications 20 Table 9 TOE Security Functional Components DP Models 27 Table 10 TOE Security Functional Components H Models 28 Table 11 TOE Security Functional Components D Models 29 Table 12 Assurance Components 30 Table 13 Supported protocols by port 34 Table 14 DP Models 36 Table 15 H Models 37 Table 16 D Models 37 Table 17 SFR Protecti...

Страница 6: ... ST Version Version 1 1 ST Date 2022 03 08 Target of Evaluation TOE Identification ATEN Secure KVM Switch Series Non CAC Models TOE Versions The following table identifies the model numbers per configuration The firmware version for all models is v1 1 101 Table 1 ATEN Secure KVM Switch TOE Models Configuration 2 Port 4 Port 8 Port DisplayPort Single Head CS1182DP4 CS1184DP4 CS1188DP4 Dual Head CS1...

Страница 7: ...alog Audio Output Devices Version 1 0 19 July 2019 MOD_AO_V1 0 PP Module for Keyboard Mouse Devices Version 1 0 19 July 2019 MOD_KM_V1 0 o including the following optional and selection based SFRs FDP_FIL_EXT 1 KM FDP_RIP 1 KM and FDP_SWI_EXT 3 PP Module for Video Display Devices Version 1 0 19 July 2019 MOD_VI_V1 0 o including the following selection based SFRs FDP_CDS_EXT 1 FDP_IPC_EXT 1 FDP_SPR...

Страница 8: ...n is identified with a slash and an identifier e g KM Additional iterations made by the ST author are defined with a reference in parentheses to the specific TOE models they apply to e g DP indicates the SFR only applies to DisplayPort models Though technically not an iteration FDP_IPC_EXT 1 also uses this convention to clarify that this requirement only applies to certain models Extended SFRs are...

Страница 9: ...ity of a User to receive an indicator of the current Active Interface Non Selected Computer A Connected Computer that has no Active Interfaces with the PSD Peripheral Interface The PSD s physical receptacle or port for connecting to a Peripheral Device Peripheral Peripheral Device A Device with access that can be Shared or Filtered by a PSD Protection Profile PP An implementation independent set o...

Страница 10: ...o authenticate to a computer e g smart card reader biometric authentication device proximity card reader User Data Information that the User inputs to the Connected Computer or is output to the User from the Connected Computer and including user authentication and credential information 1 3 2 Acronyms Table 3 Acronyms Acronym Definition ARC Audio Return Channel AUX Display Port Auxiliary Channel C...

Страница 11: ...Security Target Version 1 1 2022 03 08 6 Acronym Definition PC Personal Computer PSD Peripheral Sharing Device RPS Remote Port Selector SFP Security Function Policy USB Universal Serial Bus ...

Страница 12: ...the connected computers is active such that the peripherals connected to the console can be used to interact with the selected computer The TOE s console ports support USB keyboard and mouse analog audio out speakers and depending on model DisplayPort HDMI or DVI I display The TOE s computer ports support USB keyboard and mouse analog audio and depending on model DisplayPort HDMI or DVI I display ...

Страница 13: ... DisplayPort video signal to HDMI The HDMI signal inside the KVM will be converted again to DisplayPort signal for output to the connected video display s and the AUX channel is monitored and converted to EDID The Secure KVM Switch products also support audio output connections from the computers to a connected audio output device Only speaker connections are supported and the use of an analog mic...

Страница 14: ... Each peripheral has its own dedicated data path USB keyboard and mouse peripherals are filtered and emulated DisplayPort video from the selected computer is converted internally to HDMI then back to DisplayPort for communication with the connected video display and the AUX channel is monitored and converted to EDID The Secure KVM Switch products are designed to enforce the allowed and disallowed ...

Страница 15: ...ility of data leakage from a user s peripheral output device to the input device ensures that no unauthorized data flows from the monitor to a connected computer and unidirectional buffers ensure that the audio data can travel only from the selected computer to the audio device There is no possibility of data leakage between computers or from a peripheral device connected to a console port to a no...

Страница 16: ...ing their own cable sets as long as the protocols are compatible but the vendor cable sets are recommended The TOE was tested using the cable sets mentioned above and the following adapters UC32381 USB C to HDMI converter UC3239 USB C to DP converter VC986 Active DP to HDMI adapter VC965 Active DP to DVI adapter While the cable sets and adapters were supplied they were not included in the evaluati...

Страница 17: ... Class A digital device pursuant to Part 15 of the Federal Communications Commission rules If not installed and used in accordance with the guidance instructions the device may cause harmful interference to radio communications This evaluation did not test for RFI leakage of information 2 4 Logical Boundary This section summarizes the security functions provided by the TOE Security Audit User Data...

Страница 18: ...as USB device whitelist blacklist Once the Reset to Factory Default function has been completed the Secure KVM will terminate the Administrator Logon mode purge keyboard mouse buffer and power cycle the Secure KVM automatically 2 4 3 Identification and Authentication The TOE provides an identification and authentication function for the administrative user to perform administrative functions such ...

Страница 19: ...TEN PSD PP v4 0 Secure KVM Switch Series 2 4 8 Port USB DVI HDMI DisplayPort Single Dual Display PP v4 0 Secure KVM Switch Administrator Guide Version 1 03 2021 1 25 ATEN PSD PP v4 0 Secure KVM Switch Series 2 4 8 Port USB DVI HDMI DisplayPort Single Dual Display PP v4 0 Secure KVM Switch User Manual Version 1 03 2021 1 25 ATEN PSD PP v4 0 Secure KVM Switch Series 2 4 8 Port USB DVI HDMI DisplayPo...

Страница 20: ... is expected to address and assumptions about the operational environment of the TOE In general the PSD has presented a Security Problem Definition appropriate for peripheral sharing devices The ATEN Secure KVM Switch Series supports KVM USB Keyboard Mouse analog audio out DisplayPort DVI I and HDMI video peripheral switch functionality by combining a 2 4 8 port KVM switch and an audio output port...

Страница 21: ...crophones are not plugged into the TOE audio output interfaces OE NO_SPECIAL_ANALOG_CAPABILITIES from MOD_VI_V1 0 The operational environment will not have special analog data collection cards or peripherals such as analog to digital interface high performance audio interface or a component with digital signal processing or analog video capture functions OE NO_TEMPEST from PSD The operational envi...

Страница 22: ...nd modules define the following extended SFRs and since they are not redefined in this ST the PSD and associated modules should be consulted for more information in regard to those CC extensions FDP_AFL_EXT 1 Audio Filtration FDP_APC_EXT 1 Active PSD Connections FDP_CDS_EXT 1 Connected Displays Supported FDP_FIL_EXT 1 KM Device Filtering Keyboard Mouse FDP_IPC_EXT 1 DP Internal Protocol Conversion...

Страница 23: ...nt Class Requirement Component FAU Security Audit FAU_GEN 1 Audit Data Generation FDP User Data Protection FDP_AFL_EXT 1 Audio Filtration FDP_APC_EXT 1 AO Active PSD Connections Audio Output FDP_APC_EXT 1 KM Active PSD Connections Keyboard Mouse FDP_APC_EXT 1 VI Active PSD Connections Video Display FDP_CDS_EXT 1 Connected Displays Supported FDP_FIL_EXT 1 KM Device Filtering Keyboard Mouse FDP_PDC_...

Страница 24: ...vation of Secure State FPT_NTA_EXT 1 No Access to TOE FPT_PHP 1 Passive Detection of Physical Attack FPT_PHP 3 Resistance to Physical Attack FPT_STM 1 Reliable Time Stamps FPT_TST 1 TSF Testing FPT_TST_EXT 1 TSF Testing FTA TOE Access FTA_CIN_EXT 1 Continuous Indications 5 2 1 Security Audit FAU 5 2 1 1 Audit Data Generation FAU_GEN 1 FAU_GEN 1 1 The TSF shall be able to generate an audit record o...

Страница 25: ... 8 22 96 mV 19 43 0 14 15 mV 20 46 0 10 02 mV 30 71 4 0 53 mV 40 71 4 0 53 mV 50 71 4 0 53 mV 60 71 4 0 53 mV 5 2 2 2 Active PSD Connections Audio Output FDP_APC_EXT 1 AO FDP_APC_EXT 1 1 AO The TSF shall route user data only from the interfaces selected by the user FDP_APC_EXT 1 2 AO The TSF shall ensure that no data or electrical signals flow between connected computers whether the TOE is powered...

Страница 26: ...a transits the TOE when the TOE is powered off FDP_APC_EXT 1 4 VI The TSF shall that no data transits the TOE when the TOE is in a failure state Application Note This SFR is originally defined in the Base PP but is refined and iterated to apply to the video interface per section 5 1 2 of the Video Display PP Module 5 2 2 5 Connected Displays Supported FDP_CDS_EXT 1 FDP_CDS_EXT 1 1 The TSF shall su...

Страница 27: ...TSF shall allow connections with authorized devices presenting authorized interface protocols as defined in Appendix E of the AO Module and authorized devices presenting authorized interface protocols as defined in the PP Module for Keyboard Mouse Devices authorized devices presenting authorized interface protocols as defined in the PP Module for Video Display Devices upon TOE power up and upon co...

Страница 28: ...n the PP Module for Audio Output Devices authorized devices presenting authorized interface protocols as defined in the PP Module for Keyboard Mouse Devices upon TOE power up and upon connection of a peripheral device to a powered on TOE 5 2 2 11 Authorized Connection Protocols Keyboard Mouse FDP_PDC_EXT 3 KM FDP_PDC_EXT 3 1 KM The TSF shall have interfaces for the USB keyboard USB mouse protocols...

Страница 29: ...mouse peripheral devices are always switched together to the same connected computer 5 2 2 19 Unidirectional Data Flow Audio Output FDP_UDF_EXT 1 AO FDP_UDF_EXT 1 1 AO The TSF shall ensure analog audio output data transits the TOE unidirectionally from the TOE analog audio output computer interface to the TOE analog audio output peripheral interface 5 2 2 20 Unidirectional Data Flow Keyboard Mouse...

Страница 30: ...The TSF shall maintain the roles administrators FMT_SMR 1 2 The TSF shall be able to associate users with roles 5 2 5 Protection of the TSF FPT 5 2 5 1 Failure with Preservation of Secure State FPT_FLS_EXT 1 FPT_FLS_EXT 1 1 The TSF shall preserve a secure state when the following types of failures occur failure of the power on self test and failure of the anti tamper function 5 2 5 2 No Access to ...

Страница 31: ...grity of TSF 5 2 5 7 TSF Testing FPT_TST_EXT 1 FPT_TST_EXT 1 1 The TSF shall respond to a self test failure by providing users with a visual indication of failure and by shutdown of normal TSF functions 5 2 6 TOE Access FTA 5 2 6 1 Continuous Indications FTA_CIN_EXT 1 FTA_CIN_EXT 1 1 The TSF shall display a visible indication of the selected computers at all times when the TOE is powered FTA_CIN_E...

Страница 32: ...hat are satisfied by DP Models which include the following CS1182DP4 CS1184DP4 CS1188DP4 CS1142DP4 CS1144DP4 and CS1148DP4 Table 9 TOE Security Functional Components DP Models Requirement Class Requirement Component FDP User Data Protection FDP_IPC_EXT 1 DP Internal Protocol Conversion FDP_PDC_EXT 3 VI DP Authorized Connection Protocols DP Models FDP_SPR_EXT 1 DP DP Sub Protocol Rules DisplayPort ...

Страница 33: ...ining 5 4 TOE Security Functional Requirements H Models The following table identifies the MOD_VI_V1 0 SFRs that are satisfied by H models which includes the following CS1182H4 CS1184H4 CS1142H4 and CS1144H4 Table 10 TOE Security Functional Components H Models Requirement Class Requirement Component FDP User Data Protection FDP_PDC_EXT 3 VI H Authorized Connection Protocols H Models FDP_SPR_EXT 1 ...

Страница 34: ...FRs that are satisfied by D models which includes the following CS1182D4 CS1184D4 CS1188D4 CS1142D4 CS1144D4 and CS1148D4 Table 11 TOE Security Functional Components D Models Requirement Class Requirement Component FDP User Data Protection FDP_PDC_EXT 3 VI D Authorized Connection Protocols D Models FDP_SPR_EXT 1 DVI I D Sub Protocol Rules DVI I Protocol D Models 5 5 1 User Data Protection FDP 5 5 ...

Страница 35: ...he TOE are included by reference from the PSD Table 12 Assurance Components Requirement Class Requirement Component Security Target ASE Conformance Claims ASE_CCL 1 Extended Components Definition ASE_ECD 1 ST Introduction ASE_INT 1 Security Objectives ASE_OBJ 2 Derived Security Requirements ASE_REQ 2 Security Problem Definition ASE_SPD 1 TOE Summary Specification ASE_TSS 1 Development ADV Basic Fu...

Страница 36: ... in the text editor by entering the command LIST The event logs are divided into two types critical and non critical The Log Data Area displays the critical and non critical Log data Each logged event is recorded with Date Time a code that indicates the type of event and the outcome success or failure of the event The critical audit events recorded and identified in the code include administrator ...

Страница 37: ...on 2 2 for details on TOE computer peripherals and connected computer port interfaces for each specific TOE model The TOE ensures that any previous information content of a resource is made unavailable upon the deallocation of the resource from the TOE computer interfaces immediately after a TOE switch to another selected computer and on start up of the TOE The Appendix A Letter of Volatility prov...

Страница 38: ...onnected displays at a time 6 2 4 FDP_FIL_EXT 1 KM Device Filtering Keyboard Mouse FDP_PDC_EXT 3 KM Authorized Connection Protocols Keyboard Mouse The TOE supports authorized USB keyboard and mouse peripherals as defined in Table 13 Supported protocols by port below Keyboard mouse peripherals are filtered and emulated Device filtering for keyboard mouse interfaces is configurable Keyboard mouse bl...

Страница 39: ...mbedded in DisplayPort Video will be kept with HDMI video DVI Secure KVM Models do not have the ability to embed digital audio into digital video data transmission The TOE does not allow any other user data transmission to or from any other external entities including wireless devices The TOE only recognizes those peripherals with an authorized interface type as described below and all other perip...

Страница 40: ...rocontroller Once the TOE is power cycled reset or port switching is detected the data in the console authorized keyboard mouse buffer will be deleted immediately and not processed for emulation Please refer to the Proprietary Isolation Document for more detail The TOE provides two functions to delete TOE stored configuration and settings After logging in authorized administrators can use the Rese...

Страница 41: ...auxiliary channel AUX path blocks information flows other than the minimal set required to establish the video link Unauthorized DisplayPort transactions are prevented by disassembling the DisplayPort AUX channel transactions to block all unauthorized transactions The TOE video function filters the AUX channel by converting it to EDID only DisplayPort video is converted into HDMI video stream Moni...

Страница 42: ... to read the connected display EDID information EDID from display to computer and HPD from display to computer are allowed for the HDMI interface The TOE blocks ARC CEC EDID from computer to display HDCP HEAC HEC and MCCS video display sub protocols The H Models satisfy the following SFRs FDP_PDC_EXT 3 VI H Authorized Connection Protocols Video Output H Model FDP_SPR_EXT 1 HDMI H Sub Protocol Rule...

Страница 43: ...in name parameter for the login function Customers are provided with a default password The administrator guide states that the administrator must change the password after the first successful logon The password is case sensitive and new passwords must contain at least 1 lower case letter at least 1 upper case letter at least 1 numeric character and at least 1 special character The supported spec...

Страница 44: ...s to the TOE firmware software or its memory via its accessible ports is prevented No access is available to modify the TOE or its memory To mitigate the risk that a potential attacker will tamper with a TOE and then reprogram it with altered functionality the TOE software is contained in one time programmable read only memory permanently attached non socketed to a circuit assembly The TOE s opera...

Страница 45: ...t RPS connected will be permanently disabled and all the front panel LEDs except the Power LED will flash continuously A mechanical intrusion is detected by a pressure switch that trips when the enclosure is opened If a mechanical intrusion is detected by the RPS connected with the switch and aligned this will permanently disable both the RPS itself and the switch and all LEDs on RPS and the front...

Страница 46: ...ailure the TOE does not shut down The anti tampering self tests include the correct operation and tampering of the internal KVM and RPS batteries A KVM detecting tampering during normal operation will trigger the KVM inoperable A connected and aligned RPS detecting tampering including damaged or exhausted battery during normal operation will trigger the RPS inoperable and also directly trigger the...

Страница 47: ...TOE by triggering a self test e g by powering on or rebooting the TOE and examining the front panel LEDs for self test failures as identified above The TOE performs self tests as described above to demonstrate the correct operation of active anti tamper functionality see also 6 5 3 FPT_PHP 6 6 TOE Access The TOE display a continuous visual indication of the computer to which the user is currently ...

Страница 48: ...Security Target Version 1 1 2022 03 08 43 The TOE has a reset button that resets the switch to the default settings when pressed The switch is then powered up and behaves as described above ...

Страница 49: ...ce As explained in Section 4 Security Objectives the Security Objectives of the PSD and modules have been included by reference in this ST The following table identifies all the Security Functional Requirements SFRs in this ST drawn from the PSD The only operations performed on the SFRs drawn from the PSD are assignment and selection operations Table 17 identifies the SFRs that are satisfied by th...

Страница 50: ... MOD_VI_V1 0 FDP_SWI_EXT 1 PSD Switching PSD FDP_SWI_EXT 2 PSD Switching Methods PSD FDP_SWI_EXT 3 Tied Switching MOD_KM_V1 0 FDP_UDF_EXT 1 AO Unidirectional Data Flow Audio Output MOD_AO_V1 0 FDP_UDF_EXT 1 KM Unidirectional Data Flow Keyboard Mouse MOD_KM_V1 0 FDP_UDF_EXT 1 VI Unidirectional Data Flow Video Output MOD_VI_V1 0 FIA Identification and Authentication FIA_UAU 2 User Authentication Bef...

Страница 51: ...fied by aspects of the corresponding security function The set of security functions work together to satisfy all of the security functions and assurance requirements Furthermore all of the security functions are necessary in order for the TSF to provide the required security functionality This Section in conjunction with Section 6 the TOE Summary Specification provides evidence that the security ...

Страница 52: ...XT 3 VI H X FDP_PDC_EXT 3 VI D X FDP_PUD_EXT 1 X FDP_RIP 1 KM X FDP_RIP_EXT 1 X FDP_RIP_EXT 2 X FDP_SPR_EXT 1 DP DP X FDP_SPR_EXT 1 DVI I D X FDP_SPR_EXT 1 HDMI H X FDP_SWI_EXT 1 X FDP_SWI_EXT 2 X FDP_UDF_EXT 1 AO X FDP_UDF_EXT 1 KM X FDP_UDF_EXT 1 VI X FIA_UAU 2 X FIA_UID 2 X FMT_SMF 1 X FMT_SMR 1 X FPT_FLS_EXT 1 X FPT_NTA_EXT 1 X FPT_PHP 1 X FPT_PHP 3 X FPT_STM 1 X FPT_TST 1 X FPT_TST_EXT 1 X FT...

Страница 53: ...data 2 Host Controller Device Emulators ATEN SICG8022A Embedded RAM 1 Undisclosed Volatile May contain user data 3 System EEPROM ATMEL AT24C512 EEPROM 2 512K bits Non volatile No user data 4 System Flash EON EN29LV040A Flash 3 512K Bytes Non volatile No user data 5 EDID Emulator ROHM BR24G02 3 EEPROM 4 256 Bytes Non volatile No user data 6 DP Video Controller Flash MXIC MX25L4006E Flash 5 4 Mbits ...

Страница 54: ...ctory Default KVM reset reboot or power cycle 3 The Flash does not contain user data Firmware code is stored in the Flash and cannot be updated or rewritten The firmware code remains unchanged after a Reset to Factory Default KVM reset reboot or power cycle 4 The EDID ROM does not contain user data It is for PC Read EDID ROM The EDID data will be cleared after a KVM reset reboot or power cycle 5 D...

Отзывы:

Нет отзывов