1 Security Policy Framework & CCSDS Common Criteria Use CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA +1-410-872-1515.

Slides:



Advertisements
Similar presentations
<<Date>><<SDLC Phase>>
Advertisements

The Common Criteria for Information Technology Security Evaluation
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
1 CCSDS Security Working Group Fall 2008 Meeting October 2008 Berlin Germany.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
11 Authentication Algorithm Trade Study CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA September.
Security Controls – What Works
Security Extensions to the DOD Architecture Framework Kevin Richardson Information Assurance Lab Auburn University Computer Science and Software Engineering.
1 Integrating Information Security Into the Procurement Process for Large Systems MITRE © 2003 The MITRE Corporation. All rights reserved.
0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/SPARTA (a Parsons Company) October.
Gurpreet Dhillon Virginia Commonwealth University
Security WG: Report of the Winter 2007 Meeting Colorado Springs, CO USA January 20, 2007 Howard Weiss NASA/JPL/SPARTA
CSSM Meeting Summary Fall 2012 Meetings 15 – 18 October E. Barkley Chair (NASA/JPL) C. Haddow Co-Chair (ESA/ESOC) Cleveland, Ohio, USA.
CCSDS Security WG Management Remarks Martin Pilgram - DLR RB-KOB > Management Remarks on Sec WG > www.DLR.de/rb Slide 1.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
Symmetric Key Management Books Development Plan Daniel Fischer (ESA) Ignacio Aguilar Sanchez (ESA) CCSDS Spring Meeting 2010 | Portsmouth, VA.
Security WG: Report of the Fall 2014 Meeting BSI, London UK 14 November 2014 Howard Weiss NASA/JPL/PARSONS
1 Common Criteria Discussions CCSDS Security Working Group Spring 2008 Meeting March 2008 Washington DC (Marriott Courtyard Crystal City, Virginia)
1 Space Communications Cross Support Architecture WG: Charter and Work Plan October 2010 London, UK Takahiro Yamada, JAXA/ISAS.
Security WG Status Review ESA European Space Operations Centre Darmstadt, Germany 16 April 2012 Howard Weiss NASA/JPL/SPARTA
Security WG: Report of the Fall 2005 Meeting Atlanta GA September 16, 2004 Howard Weiss NASA/JPL/SPARTA.
0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/SPARTA (a Parsons Company) April.
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
PS 1 12 June 2006 SEA Opening Plenary Rome, Italy, 12 June 2006.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
1 SecWG New Business Discussions CCSDS St-Hubert (Montreal) Canada Howard Weiss NASA/JPL/SPARTA May 2004.
1 CCSDS Security Working Group Fall 2010 Meeting October 2010 British Standards Institute London, UK Howard Weiss NASA/JPL.
Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.
CMSC : Common Criteria for Computer/IT Systems
Security WG: Report of the Fall 2008 Meeting DIN, Berlin Germany October 17, 2008 Howard Weiss NASA/JPL/SPARTA
0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/PARSONS November 2014 BSI, London.
1 CCSDS Threat Document Discussion CCSDS Security Working Group Fall 2004 Meeting CNES, Toulouse FR Howard Weiss NASA/JPL/SPARTA
1 15 November 2004 CCSDS Security Architecture 15 th November 2004 Toulouse.
1 CCSDS Security Working Group Spring Meeting Colorado Springs Security Architecture January 19 th 2007.
Security WG: Report of the Spring 2005 Meeting April 14, 2004 Howard Weiss.
1 SecWG New Business Discussions CCSDS CNES, Toulouse FR Howard Weiss NASA/JPL/SPARTA November 2004.
Security WG: Status Briefing Noordwijkerhout, The Netherlands) 31 March 2014 Howard Weiss NASA/JPL/PARSONS
1 Information Security Planning Guide CCSDS Security WG Spring 2005 Athens, GR Howard Weiss NASA/JPL/SPARTA April 2005.
CCSDS Security Working Group Program Space IT Security Standards Products Howard Weiss SPARTA, Inc. (a Parsons Company)
Security WG: Report of the Spring 2008 Meeting Marriott Courtyard Crystal City, VA March 14, 2008 Howard Weiss NASA/JPL/SPARTA
1 Common Criteria Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee, Heppenheim)
Security WG: Report of the Spring 2010 Meeting Renaissance Hotel Portsmouth, VA May 7, 2010 Howard Weiss NASA/JPL/Cobham
Security WG: Report of the Spring 2012 Meeting European Space Operations Centre Darmstadt, Germany 19 April, 2012 Howard Weiss NASA/JPL/SPARTA
11 Authentication Algorithms Discussions CCSDS Security WG Winter 2007 Colorado Springs, Colorado USA Howard Weiss NASA/JPL/SPARTA
November SECURITY WORKING GROUP REPORT November 2004.
1 CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Howard Weiss NASA/JPL/PARSONS* Identity crisis:
1 Document Status CCSDS Security Working Group March 2008.
1 CCSDS Security Working Group January 25 Telecon.
1 CCSDS Security Working Group Spring 2011 Meeting May 2011 Deutsches Institut für Normung (DIN) Berlin, Germany Howard Weiss NASA/JPL.
Security WG: Report of the Fall 2004 Meeting November 19, 2004 Howard Weiss.
1 CCSDS Security Working Group Fall 2011 Meeting 1-2 November 2011 University of Colorado Boulder, Colorado USA Howard Weiss NASA/JPL.
Security WG: Status Briefing BSI, London UK 10 November 2014 Howard Weiss NASA/JPL/PARSONS
11 Identity Management Spacecraft ID Security CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA September.
Security WG: Report of the Spring 2014 Meeting NH Hotel Leeuwenhorst Noordwijkerhout, The Netherlands 3 April 2014 Howard Weiss NASA/JPL/PARSONS
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Security WG: Report of the Fall 2003 Meeting October 28, 2003 Howard Weiss, NASA/JPL/SPARTA.
The NIST Special Publications for Security Management By: Waylon Coulter.
National Aeronautics and Space Administration 1 CCSDS Information Architecture Working Group Daniel J. Crichton NASA/JPL 24 March 2005.
0 CCSDS Systems Engineering Area: Security Working Group Howard Weiss NASA/JPL/Cobham (Parsons) October 2011.
Security WG: Report of the Spring 2013 Meeting Bordeaux, France 18 April, 2013 Howard Weiss NASA/JPL/PARSONS skype:
Security WG: Report of the Spring 2004 Meeting May 13, 2004 Howard Weiss, NASA/JPL/SPARTA.
Security WG: Report of the Spring 2006 Meeting Rome, Italy June 16, 2006 Howard Weiss NASA/JPL/SPARTA
The Common Criteria for Information Technology Security Evaluation
The CCSDS Security WG is chartered to:
Security WG: Report of the Fall 2005 Meeting
Common Criteria Discussions CCSDS Security Working Group Spring 2008 Meeting March 2008 Washington DC (Marriott Courtyard Crystal City, Virginia)
CCSDS Systems Engineering Area: Security Working Group
Security WG: Report of the Fall 2013 Meeting
IS4680 Security Auditing for Compliance
Presentation transcript:

1 Security Policy Framework & CCSDS Common Criteria Use CCSDS Security WG Fall 2005 Atlanta, GA USA Howard Weiss NASA/JPL/SPARTA September 2005

2 AGENDA 14 September 2005 – : Welcome, opening remarks, logistics, agenda bashing, : Review results of Spring 2005 SecWG meeting in Athens Mtg Notes Mtg Notes – : RASDS Review wrt Security Architecture (Kenny) – : coffee break – : Security Architecture Document Discussions (Kenny) – : Lunch – :Review CNES Mission Security Req Development using EDIOS (Pechmalbec/Belbus) – : Encryption Algorithm Trade Study (Weiss) – : coffee break – : Authentication/Integrity Algorithm Trade Study (Weiss) 15 September 2005 – : Key management discussion (Kenny) – : Coffee break – : Identity Management, Spacecraft IDs (Weiss) – : CNES Interconnection Rules (Pechmalbec/Belbus) – : Lunch – : CNES Security Development Process (Pechmalbec/Belbus) – : Security Policy Document/Common Criteria (Weiss)

3 Security Policy Framework – What is This? Connection agreements between space agencies have to be developed – often from scratch – to govern the security policies and enforcement between the connected networks. We agreed that it would make sense to develop a standard CCSDS policy framework for – developing trust agreements, – rules for operational engagement, – ensuring security compliance between legacy systems, and – standard, secure interfaces between systems and across security domains.

4 What Might It Contain? Sections might include: – System description – Interconnection partners reason for connecting – Description of networks to be connected » Security policies » Security administration – Interconnection demarcation rules – Mutual agreements and understanding – Etc.

5

6

7 Existing Document US National Institute of Standards and Technology (NIST) Special Publication – NIST NIST – This would appear to need to be re-written for CCSDS rather than adopting » Lots of US-centric references to documents, regulations, departments, etc. » But it contains a lot of the baseline information including a template for an agreement between parties.

8 Discussion Results Athens meeting: seemed to be in agreement that this is a good thing to do – Create a Green Book based on NIST ? – Action item assigned (Weiss) to investigate » Not completed – question is should we still contemplate doing this? » ……..

9 CCSDS Use of Common Criteria Background – In the past we’ve discussed the creation of an information security guide for the mission planner – We have discussed re-examining this in favor of using the Common Criteria to instead write a Space Mission Protection Profile

10 What Might It Contain? Sections might include: – Project mission roles and responsibilities – Security overview (a la Green Book) – Threat/risk analysis – Risk mitigation – Security planning (a la Security Architecture document) – Security mechanisms (a la Green Book) – Contingency and disaster mitigation – Etc.

11 Alternative: Common Criteria ISO 15408: Common Criteria for Information Technology Security Evaluation – Protection Profiles (PP) are produced as security “acquisition” documents » Collection of system security requirements that the system “user” wants to purchase – Security Targets (ST) are produced by vendors to describe the security characteristics of their system. Use the CC as the basis for describing the mission security requirements? – Use the existing CCToolbox? – Extend/modify the CCToolbox for space environments? – Write a (several) Protection Profiles to describe the security requirements for space missions? » E.g., Use illustrative mission categories from the Threat Green Book?

12 CC Protection Profiles Means by which security requirements for missions can be described in a way that is internationally understood. Threat Document mission types: – Manned – Meteorological (LEO, GEO) – Communications (LEO constellations, GEO) – Science missions: Near-earth, Lunar, Interplanetary/Deep-space – Navigation Develop a PP for each mission type?

13 Use CCToolbox? SPARTA-developed for US National Information Assurance Partnership (NIAP) Freely available (although no longer supported) – Written in Java – ftp://ftp.sparta.com/pub/columbia/cctb.zip ftp://ftp.sparta.com/pub/columbia/cctb.zip “Interviews” PP or ST developer to walk through the developer though the myriad mess of the CC. – Akin to TurboTax that walks folks in the US through their income tax preparation

14

15

16 Discussion Results