1 A Disciplined Security Specification for a High- Assurance Grid by Ning Zhu, Jussipekka Leiwo, and Stephen John Turner Parallel Computing Centre Distributed.

Slides:



Advertisements
Similar presentations
Security Requirements
Advertisements

Operating System Security
Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Software Quality Assurance Plan
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
Effective Design of Trusted Information Systems Luděk Novák,
IT Security Evaluation By Sandeep Joshi
1 norshahnizakamalbashah CEM v3.1: Chapter 10 Security Target Evaluation.
The Security Analysis Process University of Sunderland CIT304 Harry R. Erwin, PhD.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
OASIS Reference Model for Service Oriented Architecture 1.0
Security Controls – What Works
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Short Course on Introduction to Meteorological Instrumentation and Observations Techniques QA and QC Procedures Short Course on Introduction to Meteorological.
Purpose of the Standards
Cloud Usability Framework
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
SEC835 Database and Web application security Information Security Architecture.
1 Autumn 2008 TM8104 IT Security Evaluation Guide on the production of Protection Profiles Karin Sallhammar Q2S/NTNU 29/11/2003 Reference: ISO/IEC TR
Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD.
Security Architecture
Background. History TCSEC Issues non-standard inflexible not scalable.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
1 Introduction to Software Engineering Lecture 1.
CMSC : Common Criteria for Computer/IT Systems
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #
TM8104 IT Security EvaluationAutumn CC – Common Criteria (for IT Security Evaluation) The CC permits comparability between the results of independent.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
1 Common Evaluation Methodology for IT Security Part 2: Evaluation Methodology chapter 5-8 Marie Elisabeth Gaup Moe 06/12/04.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Database Administration
Requirement Engineering. Recap Elaboration Behavioral Modeling State Diagram Sequence Diagram Negotiation.
Copyright (C) 2007, Canon Inc. All rights reserved. P. 0 A Study on the Cryptographic Module Validation in the CC Evaluation from Vendors' point of view.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
The NIST Special Publications for Security Management By: Waylon Coulter.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
Security Functional Requirements Kashif Imran. Overview Common Criteria Protection Profiles Security Objectives Security Requirements Security Functional.
Dr. Ir. Yeffry Handoko Putra
The Common Criteria for Information Technology Security Evaluation
Ch.18 Evaluating Systems - Part 2 -
Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.
2006 Annual Research Review & Executive Forum
Security in SDR & cognitive radio
Access Control What’s New?
Presentation transcript:

1 A Disciplined Security Specification for a High- Assurance Grid by Ning Zhu, Jussipekka Leiwo, and Stephen John Turner Parallel Computing Centre Distributed Parallel and Distributed Computing Center, School of Computer Engineering, Nanyang Technological University, Singapore

2 0. Outline Introduction Background & Methodology A Common Criteria Compliant Generic Security Framework for the Grid Security Environment and Objectives for the Grid Security Requirements for the Grid Conclusions and Future Work

3 1. Introduction Grid Computing Overview Grid is a hardware and software infrastructure that provides dependable, consistent, pervasive and inexpensive access to heterogeneous high-end computing capabilities, knowledge bases and services. It aims to provide flexible, secure, coordinated resource sharing and problem solving among dynamic distributed collections of individuals, institutions, and resources. Security=Functionality + Assurance

4 1. Introduction Problems of Current Grid Security Solutions GSI, UNICORE, CAS, PERMIS Inadequate functionality Non-systematic implementation without considering security assurance Our work A disciplined security specification toward a generic security framework for the Grid Follow the generic framework to implement highly assured trustworthy Grid security solution

5 2. Background & Methodology Security Assurance Security can not be considered appropriate even if the security techniques used are known to be theoretically highly resistant to attacks. The extent of trustworthiness, the means of providing evidence of the appropriateness of security designs and for demonstrating that implementations meet the security objectives, must be considered.

6 2. Background & Methodology Assurance Methods Assessment of the TOE (Target of Evaluation) directly Assessment of the processes to develop the TOE Assessment of the environment where the TOE is developed ISO/IEC 15408, the Common Criteria An internationally recognized standard for specifying and evaluating security properties of IT products and systems Comparison with process assurance methods and environment assurance methods

7 2. Background & Methodology ClearingHouse Project A typical Grid platform providing a generic Grid-based application execution and information sharing engine Resource management, automatic resource discovery, and economy management of resources in a service-oriented environment are main issues addressed by ClearingHouse currently

8 3. A Common Criteria Compliant Generic Security Framework for the Grid Systematically devised and highly assured based on the Common Criteria Specific Grid security solutions are instantiated from the framework in a manner that preserves all dependencies between design artifacts and brings assurance that all relevant TOE and environmental elements are considered

9 4. Security Environment and Objectives for the Grid Security environment: It describes the security aspects of the environment in which the TOE is intended to be used and the manner in which it is expected to be employed. Security objectives: They reflect the stated intent to counter identified threats and/or comply with any organizational security policies and usage assumptions.

Security Environment for the Grid Assets to be protected Subjects within the set of interactions occurring with or within the TOE that causes operations to be performed Assumptions that cannot be enforced by technical means to be met by the environment in order for the TOE to be considered secure Organizational security policies Threats to security:

Security Environment for the Grid T.Hack_PhysAttackers interact with the TOE to exploit vulnerabilities in the physical environment. T.RED_InsecureAn attacker operates on AST.RED of the TOE without authorization. T.USD_InsecureSimilar to T.RED_Insecure but on AST.USD. T.USD_ForgeryAn attacker forges valid user identity, role/attributes, and/or usage quota. T.JOD_InsecureSimilar to T.RED_Insecure, but on AST.JOD. T.USD_JOD_CheatAn attacker forges a TOE interface to defraud the user of his useful AST.USD and AST.JOD. T.INR_MisuseAn attacker operates on the information resources without required privileges. T.CPR_MisuseAn attacker runs his programs on the computing resources without authorization. T.INR_CPR_UnsecuredAn attacker personates one trusted by the TOE and contributes insecure, potentially dangerous, and/or intrusive information/computing resource to the Grid. T.AUD_InsecureAttackers steal audit information of the TOE and even modify or delete the log file.

Security Objectives for the Grid Security objectives for the TOE: OT.Auth_TOEThe TOE should enable the user to trust it as the true TOE he wants to access. OT.AccessControlThe TOE can only be used by properly authenticated and authorized users, and the access control routine is non-bypassible. OT.RED_SecureResource data should be protected and only operated by authorized TOE users. OT.USD_SecureSensitive user data is confidential and tamperproof, and has integrity in the TOE. OT.JOD_SecureJob data can only be accessed by appropriately authorized users of the TOE. OT.INR_CPR_SecureThe information/computing resource can only be operated by authorized users. OT.INR_CPR_TrustedThe TOE only contains trusted, secure, and available resources. OT.AUD_SecureAudit data of the TOE can only be read and utilized by an authorized user. OT.TOE_SecureThe security and administrative mechanisms of the TOE are protected securely. OT.Lifecycle_SecurityThe TOE shall detect flaws during the initialization, personalization and operational usage.

Security Objectives for the Grid Security objectives for the IT-environment of the TOE Security objectives rationale Demonstrating that the security objectives address all of the environmental aspects identified and the objectives are effective and provide complete coverage Security environment to security objectives mapping for generating tracings:

Security Objectives for the Grid Threats-Assumptions-Policies/ Security Objectives OT.Auth_TOE OT.AccessControl OT.RED_SecureOT.USD_Secure OT.JOD_Secure OT.INR_CPR_Secure OT.INR_CPR_Trust ed OT.AUD_Secure OT.TOE_Secure OT.Lifecycle_Security OE.SecureComm OE.USD_Protect OE.Stand ardFormats T.Hack_Phys X X X X X T.RED_Insecure X X T.USD_Insecure X X T.USD_Forgery X X X X T.JOD_Insecure X X T.USD_JOD_Cheat X T.INR_Misuse X X T.CPR_Misuse X X T.INR_CPR_Unsecured X X X T.AUD_Insecure X X A.SecureKey X X P.LocalSecureRe X X P.CredStandards X X P.HWSecurity X X

15 5. Security Requirements for the Grid Security requirements are the refinement of the security objectives and if met, will ensure that the TOE can meet its security objectives. Security functional requirements are levied on those functions of the TOE that are specifically in support of IT security and define the desired security behavior. Security assurance requirements specify a minimum strength level consistent with the security objectives.

Security Functional Requirements for the Grid A systematically drawn set of Grid security functional requirements conforming to the Common Criteria: FAU (Security Audit) FDP (User Data Protection) FIA (Identification and Authentication) FMT (Security Management) FPR (Privacy) FPT (Protection of the TSF) FTA (TOE Access)

Security Functional Requirements for the Grid Each class consists of class introduction and functional families. Functional components plus family behavior, component leveling, management requirements and audit requirements constitute a family specification. Each component specification includes functional elements and the dependencies among functional components.

Security Functional Requirements for the Grid A sample security functional requirement: User Data Protection: This class specifies requirements for TOE security functions and TOE security function policies related to protecting user data. It includes six families: Access control policy (FDP_ACC), Access control functions (FDP_ACF), Data authentication (FDP_DAU), Import from outside TSF control (FDP_ITC), Residual information protection (FDP_RIP), and Stored data integrity (FDP_SDI). FDP_ACC identifies the access control SFPs and defines the scope of control of the policies that form the identified access control portion of the TSP. This family has only one component FDP_ACC.1 Subset access control. No management activities or auditable events are foreseen.

Security Functional Requirements for the Grid FDP_ACC.1 has only one element FDP_ACC.1.1: The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects, objects, and operations among subjects and objects covered by the SFP]. It has the dependency on FDP_ACF.1 Security attribute based access control.

Security Functional Requirements for the Grid We may make further operations on the security functional requirements including assignment, selection, refinement and iteration, to address different aspects of the security needs of the TOE in more detail. Security requirements for the IT environment of the TOE can also be defined such as those for communication, cryptographic support, resource utilization and trusted path/channels.

Security Assurance Requirements for the Grid Security assurance requirements are expressed as evaluation assurance levels (EALs). EAL 2 - structurally tested, EAL 3 - methodically tested and checked, and EAL 4 - methodically designed, tested, and reviewed can be adopted as a basis to guide implementing and evaluating assurance of a Grid system/application.

Security Requirements Rationale Demonstrating that the security requirements are suitable to meet and traceable to the IT security objectives Mapping table can still be utilized to help express the rationale intuitively and clearly:

Security Requirements Rationale Security Functional Requirements/ Security Objectives OT.Auth_TOE OT.AccessControl OT.RED_SecureOT.USD_Secure OT.JOD_Secure OT.INR_CPR_Secure OT.INR_CPR_Trusted OT.AUD_Secure OT.TOE_Secure OT.Lifecycle_Security …………………………… FDP_ACCXXXXXXXX FDP_ACFXXXXXXXXX FDP_DAUX FDP_ITCXX FDP_RIPXX FDP_SDIX ……………………………

Security Requirements Rationale Different subsets of the security functional requirements can be defined and tailored for different strengths of the security functionality. Different original or augmented EALs can also be imposed to ensure the achievement of such different level security respectively. Thus more flexible trustworthy Grid security solutions will be provided following the generic Grid security framework, to fulfill their specific security objectives correctly and effectively.

25 6. Conclusions and Future Work A disciplined approach to specify and model security for the high-assurance Grids A TOE summary specification to provide a high-level definition of the security functions and assurance measures Accomplish a specific TOE implementation for Grid security

26 Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.