DARPA Information Assurance OMG Comments 8 June 1998

1
DARPA Information AssuranceOMG Comments8 June
1998
Cyber-attack network protection using integrated
layers to mitigate risk 50

• O. Sami Saydjari, Project Manager
• http//www.darpa.mil/iso/ia/

2
NGII Security Services Architecture
3
Underlying Security Services Framework
Applications

• Limited security awareness, consistent
  abstraction
• Implementation independence
• Security interface standards
• Platform independence
• Crypto hardware/software/algorithm independence

Access Control, Audit, Delegation,
Non-repudiation, Secure Invocation
CORBA ORB with Security Service
Non-repudiation, Confidentiality, Integrity
Secure Invocation
GSS-API
IDUP GSS-API
Other APIs (?)
SPKM Kerberos
MSP S/MIME
Confidentiality, Authenticity, Integrity, IA,
Context Authorization
Crypto
Trust
Data
Microsoft CryptoAPI
Cert
Storage
Service
Model
Library
Providers
Library
Library
4
Encouraging OMG Developments

• Security framework provided by CORBASEC
  specification
• Some initial CORBASEC related implementations
• SSL implementations beginning to appear
• Vendor support of interceptor-like features
• Responses to Firewall RFP
• Plans to do worked examples of security
  architecture

5
CORBA Security Assessment

• Available CORBA security support better - but
  still inadequate
• CORBASEC specification is useful but not complete
  solution
• full implementations taking too long to appear
• interoperability between implementations will be
  a problem
• customization of security solutions must be
  supported
• certain areas are not addressed by specification

6
Specification Consistency, Interface Semantics,
and the Implementation Gap

• Specifications need to be consistent with Object
  Management Architecture (OMA) and other adopted
  specifications
• Example security service specification has
• an abstract security architecture
• a mapping onto the OMA
• interfaces to implement the mapping
• Initial mapping and interface definitions not
  consistent with OMA and previously adopted
  specifications
• Intended behavior of interfaces is often
  difficult to determine

Consistency and clear interface semantics improve
specification quality and help promote timely
implementation
7
What is Needed

• Near term priorities should be on
• Continued vendor support and development in key
  areas
• implementation of firewall RFP results to allow
  adequate boundary control of IIOP traffic
• implementation of SSL for network security and
  authentication
• with interfaces to allow certificate information
  to be extracted by application
• more flexible interceptor support
• Rapid development of security ready CORBASEC
  systems
• support CORBASEC interfaces but provide minimal
  or null implementations
• support ability for users to provide their own
  implementations of underlying security
  functionality

8
The Case for Replaceability

• Designed originally as part of CORBASEC to enable
  tailoring of ORB enforced security policies
• now the responsibility of the ORB core
• Need near term support for third party security
  implementations
• ORB invoked vs. application invoked security
  checks
• augment or replace ORB vendor provided
  mechanisms
• vendor could provide default mechanism(s), or an
  interface-only stub
• Provides means to
• ensure timely availability of security solutions
• allows for domain specific solutions and custom
  policies
• support for export controlled products

9
Additional Implementation Issues

• User friendly security administrative tools are a
  necessity
• for example, complexity of the rights mechanism
  should be hidden
• such tools could be provided by third parties
• Cost of security packages must not be
  prohibitive
• Performance of applications should not be
  significantly affected when using security
  features
• Component dependencies must be documented
• for example, if an interface indirectly requires
  access to the IR, a description of the type of
  access required should be included

10
Summary

• Encouraging progress is being made in certain
  areas but not at a quick enough pace
• To speed the development of secure CORBA
  distributed applications, implementation
  priorities should focus on
• SSL development and authentication support
• firewall RFP development
• security ready CORBASEC implementations that
  allow users to insert or augment security
  functionality

11
Backup
12
ISO Vision for the Warfighter
A future battlespace where every commander can .
. .

• Apply right force at right place and time
• Decisively dominate battlespace

Because every commander has . . .

• Shared Comprehensive battlespace view
• Rapid continuous joint planning and execution
• Synthetic battlespace to plan, train and rehearse
• Rapidly adaptable system

13
ISO Vision
ISR
Operations
Logistics
CINC
COA Eval.
Strategy to Task
DLA
Planning
National
Feasibility
Feasibility
Execution
TRANSCOM
JTF
Synchron.
Synchron.
Strategy to Task
Planning
Increasing Detail
Decreasing Time
Tasking
Tasking
Theater
Execution
Service Logistics
JFACC
Response
Response
Strategy to Task
Planning
Tactical
Execution
Platforms
Weapon Shooters
14
Information Assurance Background

• Technology Phase I
• BAA 97-11 Jan 97
• Contract Awards Jul 97
• Architecture and Integration Triage
• Quickstart began Mar 97
• Security Focus Group began Mar 97
• Security Architecture V1.0 Dec 97
• Architecture and Integration Mainstream
• BAA 97-11 Addendum Jul 97
• Jumpstart awarded BBN Dec 97
• Integrated Feasibility Demo Mar 98

15
Operational Problem Space

• Primary Concerns
• Confidentiality - can be compromised
• Releasability - JV2010 needs automatic capability
• Data Integrity - can be subverted
• Availability - networks can be flooded
• Some Weak Areas
• Close-in Attacks - hardware subversion
• Subverted Software - Java agents
• System Engineering - weak links attacked
• Security solutions stovepipe, after-fact

16
Integrity Attack
After Integrity Attack on Strike Point
in Targeting Database
Correct Strike Point Prior to Aircraft Attack
Sortie
17
Information Assurance Approach

• Risk-Balanced Optimizing Strategy

• Establish a common security framework services
• Provide semi-transparent security services using
  std APIs
• Solution Characteristic - Innovative Integration
• Integrate security in programs like JFACC,ALP...
• Mostly COTS plus limited custom components
• Higher assurance than commercial -cant insure
  country

18
Functionality - Performance - Security Tradeoff

• What does the cone look like?
• Where is the system located on the cone?

Performance
P2
2
P1
F1
F2
1
S1
Functionality
Security
S2
100 Secure
19
Information Assurance Architecture
Intelligence Enclaves
TS/SCI
Untrusted World
Command Control Enclaves
Secret
SBU
Logistics Enclaves
20
Key Components of the AITS RA
21
Program Organization
Manage System Security
- TIS - Open Group - BBN
Detect and Respond
Prevent Attack
-Boeing -NetSquared -SRI
- SCC - TIS - Naval Research Lab
Architecture and Integration
- BBN/TIS/Boeing - Teknowledge - Mitre
22
Information Assurance Team
Rome Lab
SCC
Boeing
Cambridge BBN Open Group Research Institute
Net Squared
TIS
Metro Washington, DC DARPA BBN NRL TIS Litton/PRC
Teknowledge
BBN San Diego
23
Challenges
05ss701
24
IA Technology Assessment
Immature High risk
More Mature High return
Commercial Application
Not Applicable
25
Information Assurance Transition
Warfighter
Operational Requirements
DISA
Integrated Testbed-Virtual Collaboratory
DII COE
Leading Edge Services (LES)
Advanced Prototype Information Infrastructure (API
I)
NSA
ITO Information Survivability Technology Developme
nt
Information Assurance Security Framework,
Technology Development and Integration
26
Information Assurance Schedule
FY97
FY98
FY99
FY00
Security Architecture
Develop defensible enclaves Prevent attack -
boundary control Detect and trace attacks -
80 Manage security services - Policy Compilers
Safe Collaboration Data Invocation Flow -
Rules Attack respond recover - 80 Manage
security services automatically
27
IA System Integration Roadmap
FY98
FY99
FY00
IFD 1.1
IFD 2.2
IFD 3.1
IFD 1.2
IFD 2.1
IFD 3.2

• ISTI 98
• Virtual Private Networking - Excludes Casual
  Hacker
• Boundary Control - C2 Guard, Pump, Proxying
  Firewalls
• Use of Starlight in MLS Collaboration Session
• Intrusion Detection and Isolation
• (Maybe) CORBA Security Level 1

• ISTI 99
• Security Service Desk - Remote Security
  Mgmt
• Visual Policy Specification
• Adaptive Security Policy - Security Server
• Intrusion Detection of Novel Attacks

• ISTI 2000
• Controlling Mobile Software Agents
• TS/SCI to the Internet - Two-way Flow
• Universal Authentication Using Certs

28
Summary

• Information Assurance problem set is large
• Innovative system engineering and integration is
  key to success
• Approach
• Balance risk - use complementary defenses
• Develop and refine information security
  technology
• Integrate infosec technology with COTS into
  common security architecture and NGII Reference
  Architecture
• Test in NGII RA testbed - evaluate system utility
  using practical measures such as Red Team
  excercises
• Transition to operational forces via DII LES