High Assurance Security For Embedded, Distributed Systems



Similar documents
QoS and Communication Performance Management

Security Model and Enforcement for Data-Centric Pub/Sub with High Information Assurance Requirements

Certification Report

OSI Seven Layers Model Explained with Examples

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Orbiter Series Service Oriented Architecture Applications

CAPP-Compliant Security Event Audit System for Mac OS X and FreeBSD

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

What can DDS do for You? Learn how dynamic publish-subscribe messaging can improve the flexibility and scalability of your applications.

Applications of Formal Methods in Building High-Assurance Secure Systems

Adyen PCI DSS 3.0 Compliance Guide

Security Architecture and Design

Alliance Key Manager A Solution Brief for Technical Implementers

Credit Card Security

Bluetooth 4.0 Solutions for Apple ios Devices. Bluegiga Technologies

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

Software as a Service (SaaS) Requirements

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

Vendor Audit Questionnaire

ISO Information Security Management Systems Professional

White Paper. BD Assurity Linc Software Security. Overview

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Live Guide System Architecture and Security TECHNICAL ARTICLE

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Big Data Encryption for Privacy and Compliance

GE Measurement & Control. Cyber Security for NEI 08-09

Compliance and Security Challenges with Remote Administration

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

How To Write A Request For Information (Rfi)

Controlling Remote Access to IBM i

CRYPTOGRAPHY IN NETWORK SECURITY

SUSE Linux Enterprise 12 Security Certifications

A brief on Two-Factor Authentication

EECatalog SPECIAL FEATURE

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Electronic Prescribing of Controlled Substances Technical Framework Panel. Mark Gingrich, RxHub LLC July 11, 2006

How To Achieve Pca Compliance With Redhat Enterprise Linux

Complying with PCI Data Security

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

Developing reliable Multi-Core Embedded-Systems with NI Linux Real-Time

Putting it on the NIC: A Case Study on application offloading to a Network Interface Card (NIC)

Goals. Understanding security testing

Easy and secure application access from anywhere

OracleAS Identity Management Solving Real World Problems

CHAPTER 1: OPERATING SYSTEM FUNDAMENTALS

319 MANAGED HOSTING TECHNICAL DETAILS

Trusted Network Connect (TNC)

Project Title: Judicial Branch Enterprise Document Management System RFP Number: FIN122210CK DMS TECHNICAL REQUIREMENTS

Generic Aspects and Special Issues for High Speed Networks. Carsten Benecke, DFN-FWL, University of Hamburg

Thingsquare Technology

Using Red Hat Network Satellite Server to Manage Dell PowerEdge Servers

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5

PCI Data Security Standard Overview and observations from the field. Andrea Del Miglio Practice Manager 28 March 2007

Cloud Security and Managing Use Risks

Siebel Security Guide. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

An Overview of the SaskTel Hosted Contact Centre Solution Design and Delivery Principles, and Core Architecture

EPICenter Network Management Software

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET

SGFS: Secure, Flexible, and Policy-based Global File Sharing

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Hang Seng HSBCnet Security. May 2016

PrintFleet Enterprise Security Overview

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

Security Solutions. Concerned about information security? You should be!

G Cloud 6 CDG Service Definition for Forgerock Software Services

Patterns for Secure Boot and Secure Storage in Computer Systems

The Next Generation of Security Leaders

NETWORK SECURITY HACKS *

PCI and EMV Compliance Checkup

Reminders. Lab opens from today. Many students want to use the extra I/O pins on

Cloud Security Overview

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus

owncloud Architecture Overview

Oracle Identity Analytics Architecture. An Oracle White Paper July 2010

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

WI-FI VS. BLUETOOTH TWO OUTSTANDING RADIO TECHNOLOGIES FOR DEDICATED PAYMENT APPLICATION

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation

High-performance VoIP Traffic Optimizer Client Solution

Cisco VPN Concentrator Implementation Guide

DCML - The Standard that Enables ITIL Compliance

Famly ApS: Overview of Security Processes

New CICS support for Secure Sockets Layer

Meet The Family. Payment Security Standards

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

GSM and UMTS security

Secure Network Communications FIPS Non Proprietary Security Policy

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Long Term Record Retention and XAM

Security in Space: Intelsat Information Assurance

Steelcape Product Overview and Functional Description

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

How to Install SSL Certificates on Microsoft Servers

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

ODP Application proof point: OpenFastPath. ODP mini-summit

BANKING SECURITY and COMPLIANCE

REDUCE RISK WITH ORACLE SOLARIS 11

Transcription:

High Assurance Security For Embedded, Distributed Systems Bill Beckwith Objective Interface Systems, Inc. +1 703 295 6500 bill.beckwith@ois.com http://www.ois.com OMG Real-time and Embedded Workshop July 2002 Embedded Security Initiative Terms Motivations Issues Trust Model Proposed Solution Space 1

Terms Authentication Verifying that the accessor of data or sender of a message is authentic Access Validation Providing application developers with APIs to validate that an accessor can access information Confidentiality Third parties cannot access information Encryption commonly used Encryption Scrambling data Allows transmission of information through untrusted areas More Terms Integrity Assurance that third parties have not modified information MAC - Mandatory Access Control Access controls that prevent a user from making information available arbitrarily As opposed to discretionary access controls like the ACL mechanism Typically implemented with information labeling TCB - Trusted Computing Base The totality of protection mechanisms within a computer system -- including hardware, firmware, and software -- the combination of which is responsible for enforcing a security policy. TCS Eval Criteria 2

Viewpoint: Why are we doing this? Address customer need for a security architecture that is: Standards-based High-performance Lightweight Economical MAC-capable Cross-platform Distributed With minimal trusting model Motivations Existing O/S security architectures + Don t require trusting the application code Inconsistent support across O/Ses Don t distribute Creates huge hole in TCB when IP is used Most don t support MAC (Mandatory Access Control) Aren t extensible Existing distribution security architectures CORBA Security + Independent standard + Distributes well (delegation) Requires trust of ORB, application, and transport (i.e. ORB, application, and transport are part of TCB) No MAC 3

Motivations 2 Existing distribution security architectures (cont.) Banking/ATM Visa Security Module Crytoprocessor Protect PINs transmitted over ATM networks Requires specialized, proprietary hardware High performance was not a design goal??? Trusted RDBMS? Motivations 3 Budding applications & security architectures Information enabled warfighter DoD: Joint Tactical Radio System, connected intel, Air Force: JSF, F-22, UAVs, Army: Objective Force, Land Information Warfare Activity, Navy: Aegis, DD-21, Digital entertainment content protection 5C Home automation security Honeywell GHS TV set top boxes AOL TV TiVo 4

Embedded Security Issues Performance Concerns Slower kernel operations Potential source of jitter Footprint Concerns Larger kernels Authentication Authorization Encryption Auditing Larger applications Access checks Error handling Maintaining levels Trust Model Application Trusting Model Applications part of TCB Scope of trust includes: Application programmer Tools vendors O/S vendors Hardware vendors Kernel Trusting Model Applications must obey security system Existing kernel based trust models are ignorant of distribution Hardware Trusting Model Kernel and applications must obey security system 5

Distributed Security General standards CORBA Security + Independent standard + Multiple implementations exist + Robust model for building trusted applications Requires trust of ORB, application, and utility libraries Trust is transitive Large implementations Existing implementations introduce large overhead to ORB SSL, SSH, RSA, Triple-DES + Content protection Large implementations Heavy computational requirements Incomplete security model No provision for Mandatory Access Control (MAC) Proposed Solution Space Extensible security architecture Security system is pluggable Kernel security hooks Application access validation API Labeled messaging protocol and API 6

Kernel security hooks Allow third-party installation of Access validation Auditing Authentication Authorization Encryption Information Labeling Application access validation API Used by application developers Consistent API between Security system and Application 7

Labeled, messaging protocol and API Below-the-middleware technology Integral with kernel security plug-ins Potential uses: Intersystem communications Not limited to just IP Provides for assurance, authentication, identification, confidentiality, integrity, etc. of messages Peripheral communications Disk storage of secure data Venue for specification Options Open Group? OMG? ISO, ANSI, Chose Open Group More O/S vendor involvement 8

Further Information Open Group Real-Time and Embedded Systems Forum, Security Working Group http://www.opengroup.org/rtforum/ Real-time and embedded CORBA discussion forum, security discussion http://www.realtime-corba.com/ultimatebb.cgi?ubb=get_topic&f=6&t=000001 Information about CORBA for Real-Time, Embedded, and High Performance Applications http://www.ois.com/resources/corb-1.asp 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information