Dr. Jeff Teo Class 4 July 2, 2009

Deliverables Lecture on Trusted Computing: Evolution and Direction Review of students’ blogs and assignments Summarize today’s lecture on Trusted Computing: Evolution and Direction and post at least one blog entry on your blog What is trust? What is time-sharing? Name prominent security researcher What is the Orange Book? What is the Trusted Computing Base Jeff Teo, Ph.D.

Trust in E-commerce Business and commerce depend on trust Trust is the foundation of e-commerce, Keen % of consumers did not want to provide their personal information to web sites and 63% stated that they did not trust the companies collecting the data, Hoffman 1999 Many researchers have conducted research in trust, especially as it relates to e-commerce TCG is actively promoting trust in e-commerce by helping deploy trusted computing using TPMs Jeff Teo, Ph.D.

Trusted Computing: Then and Now TC is not new- United States military conducted research and development in the late 1960s Hands-on assignment – review the history of mainframe computingreview the history of mainframe computing mainframe-computer-history.html Multiprogramming and multiprocessing capable mainframes enabled time-sharing computing. This increased efficiency (you have to wait with batch processing) and reduced costs (you can share computer across security levels – earlier, separate computers must be used for each security level) Jeff Teo, Ph.D.

Problems with time-sharing One program can override a memory location used by another program Users can read each other’s data – this created issues especially for the military Different levels of security used by the military Top secret Secret Confidential Restricted Public Jeff Teo, Ph.D.

National Security Agency, NSA As early as 1967, the NSA sponsored computer security research. Hands-on assignment: Who or what does this agency do? Hands-on assignment: Do other countries have a similar agency like the NSA? Name a European counterpart. Hands-on assignment: Name an Asian counterpart Hands-on assignment: Which agency in China is involved in the same activities as the NSA? Jeff Teo, Ph.D.

Prominent Computer Security Researchers Ware, 1967 Highlighted the security vulnerabilities of resource- sharing computer systems combination of hardware, software, physical, personnel, and administrative procedure safeguards as foundational to comprehensive security. Weissman, 1969 Built on the work of Ware resulting in the development of the Adept-50 operating system, built and operated to embody the mathematical model of security. Jeff Teo, Ph.D.

Prominent Computer Security Researchers Anderson, 1972 proposed the concept of a reference monitor to achieve execution control of users programs The function of the reference monitor is to validate all references (to programs, data, peripherals, etc.) made by programs in execution against those authorized for the subject (users, etc.). The Reference Monitor not only is responsible to assure that the references are authorized to share resource objects, but also to assure that the reference is the right kind (i.e., read, or read and write, etc) Jeff Teo, Ph.D.

Prominent Computer Security Researchers Karger and Schell, 1974 Build on the concept of Reference Monitor Developed MULTICS HIS 645 system to operate securely in a multi-level open environment. They supported the use of a reference monitor that was: 1) tamper proof, 2) invoked for every reference to data anywhere in the system, and 3) small enough to be proven correct (p. 7). They also stressed the critical component of certifiability in the development of multi-level secure systems. MULTICS HIS 645 software security control use the ring mechanism, a protection scheme, numbered from 0-7. These concentric rings denoted access protection privileges, with ring 0 admitting the ‘hardcore’ supervisor and ring 7 having the least privilege Jeff Teo, Ph.D.

Prominent Computer Security Researchers Bell and LaPadula, 1976, 1973, 1974, and 1976 Devise a formal mathematical description using access control to compare or match the subject’s cleared status (i.e. top-secret) with the object’s classification for proper authorization. Used mandatory access control mechanisms to facilitate the rule of ‘no write down” which states that if a user with read access to confidential objects has write access to confidential, secret, and top-secret objects, he should not have write access to unclassified objects. This prevent a malicious agent from using a Trojan horse to write classified data to an unclassified file. Jeff Teo, Ph.D.

Orange Book – Rainbow Series United States Department of Defense (DoD) promoted the used of trusted computer systems and Trusted Computing Base (TCB) Trusted computer systems defined by DoD must employ sufficient hardware and software integrity measures to allow its used in processing multiple levels of classified or sensitive information In 1985, it published the above standards stating the principle of Trusted Computing Base Jeff Teo, Ph.D.

Trusted Computing Base The heart of a trusted computer system is the Trusted Computing Base (TCB) which contains all of the elements of the system responsible for supporting the security policy and supporting the isolation of objects (code and data) on which the protection is based. The bounds of the TCB equate to the "security perimeter" referenced in some computer security literature. In the interest of understandable and maintainable protection, a TCB should be as simple as possible consistent with the functions it has to perform. Thus, the TCB includes hardware, firmware, and software critical to protection and must be designed and implemented such that system elements excluded from it need not be trusted to maintain protection. Jeff Teo, Ph.D.