CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Charles Sheehe NASA/Glenn.

Slides:

Advertisements

Similar presentations

ROWLBAC – Representing Role Based Access Control in OWL

Advertisements

Internet Protocol Security (IP Sec)

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

Chapter 14 – Authentication Applications

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

CIP Cyber Security – Security Management Controls

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

Applied Cryptography for Network Security

Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.

Computer Security: Principles and Practice

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Internet Protocol Security (IPSec)

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Electronic Customer Portal System. Reducing Risks – Increasing Efficiency – Lowering Costs Secure Internet based Communication Gateway direct to your.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Your Service The Security mechanisms designed into TETRA – a refresher

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

CCSDS Security Working Group Spring 2014 Meeting 10 November – 14 November 2014 London, England Charles Sheehe NASA/Glenn.

1 Role-Based Cascaded Delegation: A Decentralized Delegation Model for Roles Roberto Tamassia Danfeng Yao William H. Winsborough Brown University Brown.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

CSC8320. Outline Content from the book Recent Work Future Work.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Big Data Bijan Barikbin Denisa Teme Matthew Joseph.

1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Application Layer Security Mike Pajevski (NASA/JPL) April 2009.

Copyright © 2014 Rockwell Automation, Inc. All Rights Reserved. PUBLIC PUBLIC CO900G L03 - Design, Implement, and Manage FactoryTalk Security.

0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS November 2014 BSI, London.

1 CCSDS Security Working Group Spring Meeting Colorado Springs Security Architecture January 19 th 2007.

1 SecWG New Business Discussions CCSDS CNES, Toulouse FR Howard Weiss NASA/JPL/SPARTA November 2004.

Security WG: Status Briefing Noordwijkerhout, The Netherlands) 31 March 2014 Howard Weiss NASA/JPL/PARSONS

Computational Policies in a Need to Share Environment Tim Finin University of Maryland, Baltimore County SemGrail workshop, Redmond WA, 21 June 2007.

Jericho Commandments, Future Trends, & Positioning.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.

1 CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Howard Weiss NASA/JPL/PARSONS* Identity crisis:

Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.

Data-Centric Security and User Access Controls for Hadoop on Microsoft Azure MICROSOFT AZURE APP BUILDER PROFILE: BLUETALON BlueTalon provides data-centric.

NSF Cyber Trust Annual Principal Investigator Meeting September 2005 Newport Beach, California UMBC an Honors University in Maryland Trust and Security.

PROGRESS ON THE IMPLEMENTATION OF AUDIT RECOMMENDATIONS FOR 2014/15: INFORMATION AND COMMUNICATION TECHNOLOGY (ICT) 1 Briefing presentation to the Portfolio.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

FNHSO PANORAMA DATA GOVERNANCE FORUM Regular Forum Meeting April 12, 2016.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Anupam Joshi University of Maryland, Baltimore County Joint work with Tim Finin and several students Computational/Declarative Policies.

Talal H. Noor, Quan Z. Sheng, Lina Yao,

Lan Zhou, Vijay Varadharajan, and Michael Hitchens

Application Layer Security Mike Pajevski (NASA/JPL) April 2009

ASSET - Automotive Software cyber SEcuriTy

TCG’s Embedded System and IoT Focus

Security in ebXML Messaging

Model Contract for Health

Contact Center Security Strategies

Cryptography and Network Security

AMI Security Roadmap April 13, 2007.

IS4680 Security Auditing for Compliance

Appropriate Access InCommon Identity Assurance Profiles

Security Mechanisms Network Security.

Presentation transcript:

CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Charles Sheehe NASA/Glenn

Hosted Payloads / Disaggregated functions, Spacecraft's Security Risks Charles Sheehe

Objective of the risks discussion To recommend that the threat book be updated with the threats to these emergent threats and technologies. To recommend that a Green Book developed to provide guidance to the users of the emergent technologies.

Back Ground

Hosted items may become corrupted affecting the host. Disaggregated functions may become corrupted and infecting other functions. Distributed functions between crafts/payloads may propagate failures or viruses. What are the risks

Threats

Weakest link In distributed systems and functions the weakest function or system is the benchmark for the entire system Multiple platforms, supplied by different vendors, complicate the process of implementing different security policies, and in the absence of standards, proprietary security applications do not interoperate. The result is uneven, uncertain security.

CCSDS Relevance

Recovery Audit trails in a distributed computing environment are at best difficult.

WHAT IS DISTRIBUTED PROCESSING In security terms, one might think of distributed processing as dispersing where and how decisions are made. If all decisions are made at a single central location, that is central processing. If decisions are independently made at multiple locations, that is distributed processing.

Distributed Trust Trust is essentially the establishment of trust by interpreting policies to validate credentials

Trust Management How should proof of compliance shown? Should polices and credentials be partially or fully programmable? How are responsibilities be managed between the calling application and the trust engine?

BACK UP

Trust management approach, In order to protect sensitive parameters (i.e. attributes) in trust instances, trust instances should be encrypted and cryptographic protocols such as SSL/TLS should be employed to ensure sensitive trust instances are only exposed to the intended parties. Trust negotiation protocol / negotiation framework be a fully policy-driven approach, where each principal may define its own meta- policies that control the protocol behavior, which gives an increased flexibility.

References The Role of Trust Management in distributed System Security; Matt Blaze, Joan Feigenbaum, John Ioannidis and Angelos D. Keromytis Moving from Security to Distributed Trust in Ubiquitous Computing Environments; Lalana Kagal, Tim Finin and Anupam Joshi. Trust management for widely distributed systems; Walt Yao mse corporate security html html