The Target of Evaluation (TOE), Sanctuary Device Control version 3.2, is a three-tiered client/server application that provides the capability to centrally control the I/O devices users are able to access on their client computers. The TOE controls authorization of I/O devices by maintaining a database of access permissions and associating the permissions with users or user groups. When a user logs on to a client that is protected by the TOE, the TOE client driver contacts the server and downloads the list of permissions for the user. Whenever the user attempts to access an I/O device on the client, the TOE client driver intercepts the operating system. If the TOE determines the user is authorized to access the I/O device, the TOE grants access; otherwise, access to the I/O device is blocked.
The three tiers of a Sanctuary Device Control (SDC) deployment comprise:
- An SQL database - the database management system (Microsoft SQL Server 7.0 or higher, or MSDE version 1.0 or 2000) and underlying operating system (Windows 2000 Server or Professional, Windows XP Professional, or Windows Server 2003) are in the TOE environment
- One or more servers - the Sanctuary Application Server (SXS) runs as a service on the underlying operating system: Windows 2000 (SP4 or later) Server, or Windows Server 2003
- A client kernel driver that is installed on each of the client computers to be protected. Client kernel drivers are available for the following operating systems: Windows 2000 (SP3 or later) Server or Professional; Windows XP Professional; or Windows Server 2003.
An administrative toolkit, comprising a GUI-based application (the Sanctuary Device Console) and various command-line tools, also operates in the client tier, and is supported on Windows 2000 (SP3 or later) Server or Professional, Windows XP Professional, or Windows Server 2003.