Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.

Published byHugh White Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration."— Presentation transcript:

1 Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration

2 References 1)Cynthia E.Irvine, David J. Shifflett, Paul C. Clark, Timothy, George “MYSEA Security Architecture” 2)Cynthia E. Irvine, David J. Shifflett, Paul C. Clark, Timothy, George “MYSEA Technology Demonstration” 3)Cynthia E. Irvine, David J. Shifflett, Paul C. Clark, Timothy, George “MYSEA: The Monetary Security Architecture” 4)http://cisr.nps.edu/projects/mysea.htmlhttp://cisr.nps.edu/projects/mysea.html

3 Contents Introduction MYSEA characteristics and capabilities MYSEA Domain Separation and Trusted Path Demo Quality of Security Service Demo Conclusion

4 Introduction Purpose- a) Trusted distributed operating environment for enforcing multi-domain security policies. b) To develop high assurance security services and integrated operating system mechanisms -protect distributed multi-domain computing environments from malicious code and other attacks. C) Capabilities- composing secure distributed systems using commercial off-the-shelf (COTS) components.

5 MYSEA characteristics and capabilities Use of add-on components in client-server systems which can magnify the impact of trusted open source systems. Protection of multiple protection domains, such that malicious code may neither ex-filtrate confidentially sensitive data, nor corrupt information of higher integrity(Malicious Software in PC- Multiple PC’s) Open source trusted path mechanism for assured and unambiguous user communication with the trusted computing base Vertical integration-dynamic security policy control functions in a QOSS framework

6 MYSEA Domain Separation and Trusted Path Demo MYSEA is a distributed client-server architecture, the major physical components 1) Security enhanced servers- For security policy enforcement and host various open source or commercial application protocol servers. 2) Security enhanced workstations-commercial-class PCs executing popular commercial software products(Trusted Path Extensions) thus permit server-enforced security policy to be distributed across the network.

7 MYSEA Server enforces the security policy and controls access to information. Its is a security enhanced version of the OpenBSD operating system (MYSEOS). MYSEOS + Untrusted Connection(Policy Constrained) = MYSEA MYSEOS is combined with untrusted, but policy constrained (and, in some instances, policy aware) application protocol servers, the result is the MYSEA Server MYSEOS Untrusted-3 rd Party Policy Contrained

8 MYSEA workstation each PC -Trusted Path Extension device that provides MYSEA policy support at the workstation. The MYSEA Server’s and the Trusted Path Extension’s connected directly to the physical network.

9 Demonstration of Concepts Trusted Path Extension- users can log on to the MYSEA system in a trusted path,Audit and Access controls- Invokes and establish Session Attributes like current sensitivity level. Similarly, the user can also log on to his own PC and use standard commercial client software (e.g., web browser or e-mail program) to access applications supported by the MYSEA Again to Modify any Session Attributes, again the Trusted Path Extension is invoked.(Sensitivity level, modify password, use name etc..)

10 Multi-Domain Policy Enforcement The MYSEOS kernel associates security attributes with active and passive. An important policy for the MYSEOS kernel to enforce is that malicious code may neither exfiltrate confidentially sensitive data nor corrupt information of higher integrity, to support this, the MYSEOS kernel provides multi-domain file system support,

11 Trusted path extension TPS Multiple Terminal PC’s Multiple Work Stations Maintains the State of User- MYSEA Interaction Ex: user may be logged in with default security attributes, but may not have started a session executing untrusted application code. Trusted Path Services provides an interface to the Security Support Services component to support identification and authentication

12

13 MYSEA SERVER Supports following services: Secure Attention Key Trusted Path Services Controlled LAN Access Communications and cryptographic services Negotiated Session Services Control of Security Critical Activities

14 MYSEA SERVER Supports following services: Secure Attention Key- Initiate unambiguous communication with MYSEOS, cause a state change in the Trusted Path Extension such that an unforgeable communications path (viz. a trusted path) to MYSEOS Trusted Path Services – When Invoked input security critical information(Password) Controlled LAN Access- Controlled access to the LAN. Malicious software cannot bypass the Trusted Path. Communications and cryptographic services- protected communication channels between Server and TPS(based upon protocols that supports establishment and maintenance TPS)

15 Negotiated Session Services- Ensure trusted object reuse, Change Domains(user), information associated with previous domain must be removed from the untrusted PC, Note: Previous session info cannot be reused by subsequent sessions(Violation of Distributed Security Policy). Control of Security Critical Activities- Controls client and resources at the time of boot and control security critical actions over the client session.

16 Quality of Security Service: MYSEA- Integrated with external resource or QoS manager to provide a means of dynamically managing its security and performance characteristics. MYSEA QoSS Manager -external QoSS interface to MYSEA, and governs security and performance factors of the various MYSEA components. QoSS manager on the MYSEA server- manages the QoSS security and connectivity database. MYSEA Component MYSEA QOSS Manager Security and Performa nce

17 Conclusion: MYSEA is a trusted distributed operating environment for enforcing multi-domain security policies. Supports critical applications: 1) A distributed trusted architecture that utilizes commercial and open source applications. 2) An open source trusted path mechanism. 3) Techniques for vertical integration of security policy control functions.

18 THANKS- ధన్యవాదాలు

Download ppt "Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
ICS 434 Advanced Database Systems

ICS 434 Advanced Database Systems
ITU-T SG13 futures session – July 25, 2003 - D1 Present document contains informations proprietary to France Telecom. Accepting this document means for.

ITU-T SG13 futures session – July 25, D1 Present document contains informations proprietary to France Telecom. Accepting this document means for.
Operating System Security

Operating System Security
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.

28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.

Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
Technical Architectures

Technical Architectures
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Distributed Information Systems - The Client server model

Distributed Information Systems - The Client server model
13-1 Chapter 13 - Objectives Define an information system’s architecture in terms of the KNOWLEDGE, PROCESSES, and COMMUNICATION building blocks. Differentiate.

13-1 Chapter 13 - Objectives Define an information system’s architecture in terms of the KNOWLEDGE, PROCESSES, and COMMUNICATION building blocks. Differentiate.
Analysis of Terminal Server Architectures for Thin Clients in a High Assurance Network Steven R. Balmer & Cynthia E. Irvine Department of Computer Science.

Analysis of Terminal Server Architectures for Thin Clients in a High Assurance Network Steven R. Balmer & Cynthia E. Irvine Department of Computer Science.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.

.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

Similar presentations

Ads by Google