Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency

2 Information Assurance at NSA Information Assurance Directorate (IAD) –Provides products and services critical to protecting U.S. National Security information and Information systems National Information Assurance Research Laboratory (NIARL) –Carries out research and design of technologies needed to enable IA solutions for the National Security Community Where SELinux was created and is currently maintained

3 IA Mission Drivers Rapid introduction of new technology & services –IA solutions must be available at the speed of the IT business and customer cycles Commercial IT dominates most systems; commercial IA growing –Leveraging/influencing commercial activity is vital Global communications and connectivity expanding National IA needs are growing while resources remain fairly constant

4 Government/Industry Partnerships To meet national IA needs requires cooperative partnerships Multi-layered approach –Define System-level Solutions Operational Capability Needs Appropriate IA for Operational Environment –Determine that System Components (COTS & GOTS) provide necessary capabilities and assurance Technology Guidance Evaluation –Develop and Provide User Guidance Configuration Guides Systems Security Engineering

5 Timing IA Integration IA Activities provide benefit all along the product/system life-cycle Early in the Development (maximum affect) –Microsoft Security Design Lifecycle (SDL) –Solution and Technology IA Design Guidance Near Product/System Completion –Vulnerability Analysis –Evaluation During Operation –Appropriate Usage Guidance –Configuration Guidance (e.g., Microsoft Windows)

6 Balanced IA Not all systems require equal security functionality and assurance Operational factors dictate necessary security functions –Data sensitivity and perishability –System connectivity –Criticality of operation –Operational environment

7 The Right Security Functionality Lessons learned from Multi-Level Security (MLS) systems SELinux embodies a sound architecture for flexible Mandatory Access Control Open Source Community has helped to shape the end result Continuing to work toward further advances

8 Achieving Higher Assurance Crucial to NSA and its clients and customers Getting the right functionality with medium assurance through current efforts EAL4 is not the end of the road, just a start –Higher levels of assurance (EAL4+ and beyond) critical to meeting the needs of the National Security Community

9 High Assurance Platform (HAP) NSA program fusing advanced commercial initiatives with NSA certified trusted applications into a customizable platform security architecture Leverage COTS to maximum extent possible –Hardware assisted virtualization and security Enable solution integrators to compose a high assurance platform instance from available components that can: –Isolate and separate security domains –Provide assured information sharing across security domains

10 IA Tools Automated tools needed to counter immense product and system complexity, particularly for high assurance Tools applied across the life-cycle –Development Risk and design analysis tools Threat modeling tools –Analysis Source and binary code analysis tools –Operation Patch management tools Configuration checking and consistency tools

11 Gaining Commercial Acceptance The technical challenges facing the National Security Community are the same, the stakes are quite different Unique perspective on threats and countermeasures to share with industry Our role is to not just tell industry what to do; we must also contribute to the solution space

12 Reaching the Goal Significant progress to date! Need to keep advancing in all areas: –Enhanced Security Functionality –Increased Assurance More Robust Tools –Improved Commercial Acceptance –Expanded Partnerships