Title: Trusted Systems in an Outsourced Environment
1Trusted Systems in an Outsourced
Environment Professor William J (Bill) Caelli,
AO Assistant Dean Strategy
Innovation Faculty of Information
Technology Queensland University of
Technology Brisbane, Qld. 4000 Australia
2Trusted Systems in an Outsourced Environment
Research for this presentation has been supported
by a grant (DP0449644) from the Australian
Research Council (ARC)
3Trusted Systems in an Outsourced Environment
- Emerging Requirements for Security
- Differing nature of requirements
- Trusted systems background
- B means Business Mapping the need
- Deploying trusted systems
- Future trends.
4Trusted Systems in an Outsourced Environment
- Emerging Requirements for Security
- Differing nature of requirements
- Trusted systems background
- B means Business Mapping the need
- Deploying trusted systems
- Future trends.
5Survey, 5 weeks ending 12 Sept 2004/USA
6Survey, 5 weeks ending 12 Sept 2004/USA
Nature of Data Security Breaches
69
7Trusted Systems in an Outsourced Environment
- Emerging Requirements for Security
- Differing nature of requirements
- Trusted systems background
- B means Business Mapping the need
- Deploying trusted systems
- Future trends.
8Trusted Systems in an Outsourced Environment
DEPARTMENT OF DEFENSE STANDARD DEPARTMENT OF
DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION
CRITERIA, DECEMBER 1985
DoD 5200.28-STD December 26, 1985
In general, secure systems will control, through
use of specific security features, access to
information such that only properly authorized
individuals, or processes operating on their
behalf, will have access to read, write, create,
or delete information.
9- POLICY
- Security policy
- Marking
- ACCOUNTABILITY
- 3. Identification
- 4. Accountability
- ASSURANCE
- 5. Assurance
- 6. Continuous protection
TCSEC 1983 / 1985
10ASSURANCE 5. Assurance 6. Continuous protection
hardware/software mechanisms that can be
independently evaluated to provide sufficient
assurance that system enforces security
requirements continuously protected against
tampering and/or unauthorized changes
11TRUSTED SYSTEMS - AN EMERGING OUTSOURCING
REQUIREMENT
TCSEC DIVISION C DISCRETIONARY
PROTECTION Classes in this division provide for
discretionary (need-to-know) protection and,
through the inclusion of audit capabilities, for
accountability of subjects and the actions they
initiate. The class (C1) environment is
expected to be one of cooperating users
processing data at the same level(s) of
sensitivity.
12TRUSTED SYSTEMS - AN EMERGING OUTSOURCING
REQUIREMENT
TCSEC DIVISION B MANDATORY PROTECTION The notion
of a TCB that preserves the integrity of
sensitivity labels and uses them to enforce a set
of mandatory access control rules is a major
requirement in this division. Systems in this
division must carry the sensitivity labels with
major data structures in the system. CLASS
(B1) LABELED SECURITY PROTECTION Class (B1)
systems require all the features required for
class (C2). an informal statement of the
security policy model, data labeling, and
mandatory access control over named subjects and
objects must be present.
13TRUSTED SYSTEMS - AN EMERGING OUTSOURCING
REQUIREMENT
- CLASS (B2) STRUCTURED PROTECTION
- TCB ( Trusted Computing Base)
- clearly defined and documented formal security
policy model - discretionary and mandatory access control
enforcement (B1) extended to all subjects and
objects in the ADP system. - defined policy model, labelling
- protection-critical / non-protection-critical
elements - interface well-defined
- more thorough testing and review.
14TRUSTED SYSTEMS - AN EMERGING OUTSOURCING
REQUIREMENT
- CLASS (B2) STRUCTURED PROTECTION
- General
- authentication mechanisms strengthened,
- trusted facility management provided
- support for system administrator and operator
functions - stringent configuration management controls
- covert channels are addressed
- relatively resistant to penetration.
15COMMON CRITERIA
Protection Profiles Labeled Security (LSPP)
Role Based Access Control (RBACPP) Controlled
Access (CAPP) Assurance Level EAL4
THE EMERGING MINIMUM FOR OUTSOURCING
ICT SYSTEMS AND SERVICES
16- Windows 2000 .. once in kernel mode,
- operating system and
- device driver code
- has complete access to system space memory and
- can bypass Windows 2000 security..
- the bulk of the Windows 2000 operating system
code runs in kernel mode
D Solomon M Russinovich Inside Microsoft
Windows 2000 (Third Edition)
1715 March 2004
18Trusted Systems in an Outsourced Environment
- Emerging Requirements for Security
- Differing nature of requirements
- Trusted systems background
- B means Business Mapping the need
- Deploying trusted systems
- Future trends.
19COMPLIANCE WITH LEGAL REQUIREMENTS
- USA
- Sarbanes-Oxley Act 2002 (Sect 404),
- Gramm-Leach-Bliley Act
- HIPAA
- FISMA
- AUSTRALIA / EUROPE
- IS 17799 (outsourcing contracts)
- Privacy Act 1988 (Aust)
- AS 18152005 (Aust) ICT Governance
- ASX Principle 7 (Aust)
COBIT Methodology
20USA NISTFISMA Implementation Project
Protecting the Nations Critical Information
Infrastructure
Computer Security Division Information Technology
Laboratory
21Risk Management Framework
22Trusted Systems in an Outsourced Environment
- Emerging Requirements for Security
- Differing nature of requirements
- Trusted systems background
- B means Business Mapping the need
- Deploying trusted systems
- Future trends.
23DEPLOYING TRUSTED SYSTEMS
MARKETPLACE
SUN Microsystems Trusted Solaris 8 LINUX / NSA
Project Onwards SELinux (Basic Kernel) RedHat
Fedora 3/ES 4 Novell SUSE 9
etc. Microsoft Beyond Longhorn
24Trusted Systems in an Outsourced Environment
- Emerging Requirements for Security
- Differing nature of requirements
- Trusted systems background
- B means Business Mapping the need
- Deploying trusted systems
- Future trends.
25FUTURE
- Mapping real business/commercial government
needs to mandatory security systems - Manager friendly MAC/DAC mapping systems
- Education training for management and
ICT professionals - Market development NIIP needs
- R D next generation OS / middleware structu
res
26THANK YOU