Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Multilevel Secure Testbed to Support Coalition Operations 12 December 2005 Cynthia Irvine, PhD Department of Computer Science Naval Postgraduate School.

Published byMuriel Franklin Modified over 9 years ago

Similar presentations

Presentation on theme: "A Multilevel Secure Testbed to Support Coalition Operations 12 December 2005 Cynthia Irvine, PhD Department of Computer Science Naval Postgraduate School."— Presentation transcript:

1 A Multilevel Secure Testbed to Support Coalition Operations 12 December 2005 Cynthia Irvine, PhD Department of Computer Science Naval Postgraduate School

2 12 December 20052 Outline Technical Problem MYSEA Testbed Related Work

3 12 December 20053 General Taxonomy of Attacks Attack Motive Attack Strategy Attack Resources Threat Assurance Required Political- Military Long-Term Planning Well Funded System Subversion Highest Political- Military Mid-Term Planning Modest to High Funds Trojan HorseHigh Malicious Amusement Short-Term Planning Low to Modest Flaw Exploitation Moderate Malicious Amusement Ad HocLow Interface Exploitation Low

4 12 December 20054 Trojan Horse vs. Subversion Trojan Horse –Requires victim’s cooperation Adversary cannot choose time of activation –Constrained by security controls on the victim –Executes in an application Subversion –Does not require a cooperating victim –By-passes security controls –Usually triggered activation and deactivation Time chosen by adversary –May execute within the OS

5 12 December 20055 Trojan Horse: DAC Only System Tim’s Data UID1 --- UID2 rw-. UIDn rw- ACL Normal Conditions: No Access for Eve Tim Executes Software with Trojan Horse Software Modifies ACL  Eve rw- Eve Accesses Tim’s Data extract information modify information

6 12 December 20056 Trojan Horse: DAC Only System Tim’s Data UID1 --- UID2 rw-. UIDn rw- ACL Normal Conditions: No Access for Eve Tim Executes Software with Trojan Horse Trojan Horse writes Tim’s Data into Eve’s File. Eve accesses Tim’s Data, which has been put into her file Eve’s File

7 12 December 20057 Trojan Horse fails in MLS System Tim’s Data UID1 --- UID2 rw-. UIDn rw- ACL Normal Conditions: No Access for Eve Tim Executes Software with Trojan Horse Software Modifies ACL Eve --- => Eve rw- (Possible message to Enemy) Eve attempts to access Tim’s Data x HIGH Secrecy Mandatory Label Low Secrecy Mandatory Label MLS system prevents Eve from reading up

8 12 December 20058 Trojan Horse fails in MLS System Tim’s Data Normal Conditions: No Access for Eve Tim Executes Software with Trojan Horse Software attempts to write Tim’s data to Eve’s file x HIGH Secrecy Mandatory Label Low Secrecy Mandatory Label MLS system prevents Tim from writing down Eve’s File

9 12 December 20059 Attacks: Means, Motive, Opportunity Means –Skill in system design and artifice construction Motive –Clandestine access to critical information Opportunity –Join development team for target system –Modify system design, specifications, or code –Insert artifice during distribution, configuration, or maintenance

10 12 December 200510 Methods that Work To Address Subversion: Limit Opportunity –Lifecycle assurance - high assurance –Protection via rigorous security engineering No unspecified functionality Use of formal verification techniques –When Applied in MLS Context Bound information flow to prevent Trojan Horse damage Uses formal models –Supports implementation assessment

11 MYSEA Testbed

12 12 December 200512 Experimentation and Research Framework –High Assurance Solutions –Distributed Multilevel Functionality –Dynamic Security –Trusted Authentication –Open Architectures and Interfaces Currently Support: –MYSEA Research Project –Trusted Computing Exemplar Project –Dynamic Security Services Project –Basic GIG IA Architecture and Security Concepts Long Range Applicability –Additional GIG IA experiments –Other Complex Enterprise Networks MYSEA Testbed Objectives

13 12 December 200513 Near-Term Testbed Experiments Secure connections to classified networks Use COTS and legacy hardware and software components Use open standards Apply high assurance security technology to legacy elements Centralize security management Integrate high assurance multilevel security with existing sensitive networks Manage access to classified networks using high assurance trusted communication channel techniques Dynamic security services Open architectures to incorporate new technologies Use XML tags as security markings Secure single sign-on across multiple MLS servers Server cluster technologies

14 12 December 200514 Testbed Architecture

15 12 December 200515 Testbed Design

16 12 December 200516 Demonstrated MYSEA Features Distributed Security Architecture Multilevel Policy Enforcement Unmodified Commercial Desktop Applications Trusted Path for Security-Critical Operations Reach-back to Single Level Networks –Aggregated Information Services Dynamic Policy Modulation of Security Services

17 12 December 200517 Testbed Components Secure Server True Multilevel Security Policy Enforcement –Coherent View: Users at HIGH see Information at LOW –Label-based Policy Enforcement Hierarchical and Categories –Support for Integrity-Based Separation Isolate cyber-trash from reliable users and programs –Flexible Label Management Existing Commercial MLS Base –Digital Net XTS-400 –Evaluated at Class B3 under TCSEC (aka “Orange Book”) –Currently Under Evaluation under Common Criteria –Support for Certification and Accreditation Goals

18 12 December 200518 Server Network Enhancements Multilevel “inetd” Distributed High Assurance Authentication on MLS LAN –Trusted Path Services at Server –Distributed TCB to Client Locations Trusted Path Extensions (TPE) at Clients –Controls TPE Activities Secure Session Services –Launch Applications at Corrected Session Level Dynamic Security Services –Policy Management Initiator Dedicated and Multiplexed Connections to Single Level Networks

19 12 December 200519 Server Application Enhancements Ports of Popular Applications –All Made “Multilevel Aware” –HTTP: Apache-like Web Server Base – standard Apache – minor modifications WebDAV under development –SMTP: Sendmail –IMAP: University of Washington –NFS: User-level port –Secure Shell: OpenSSH (Single Level Only) Remote Client-Side Applications Support

20 12 December 200520 High Assurance Trusted Path/Channel Trusted Path Extension Device –Ensure Communication with Trusted Server –Based on EAL7 Trusted Computing Exemplar (TCX) Separation Kernel Remote Security Operations –Log-on, Session Level Negotiation, etc. Server Supports Session Suspension and Resumption Trusted Channel Module –Ensure Proper Security Level Assigned To Information From Legacy Networks Dynamic Security Services Responders

21 12 December 200521 Commodity-Based Client Meet User Requirements –Web Browsing –Mail –Document Production Stateless To Address Object Reuse Requirements –Depot-level Configuration to Start Up in Useful State –Volatile Memory Only –Store State at Server at Appropriate Session Level –Working Prototypes: Knoppix Linux Windows XP Embedded

22 12 December 200522 Web Portal Services Allow Reach-Back to Single Level Legacy Networks via Web Browser Part of MYSEA’s Stateless Client Strategy Tarantella/enView product suite –Allow Clients to Access Web-based Applications On Different Platforms (Windows, Linux, Unix) –Present Integrated Portal View To Users Support GCCS –Command and Control Personal Computer System (C2PC)

23 12 December 200523 Testbed Phase I

24 12 December 200524 Phase I Configuration (1 of 2) Hardware: 35 components –MLS Server, Handheld TPEs, Desktops, Laptops, VPN Appliances, Network Switches, TACLANE Encryptors Operating Systems: Heterogeneous –Trusted OS: DigitalNet STOP –COTS OS: RedHat Linux, Microsoft Windows 2000 server, Microsoft Windows XP, Microsoft Windows XP Embedded, OpenBSD, Knoppix Linux and Familiar Project Linux

25 12 December 200525 Custom MYSEA Trusted Software –Trusted Path Service, Secure Session Management Linux Applications: –PostgreSQL, Apache web server, Edge Technologies enPortal, Tarantella Enterprise 3, imapd and sendmail Windows Applications: –Microsoft Terminal Services, Microsoft Office, Microsoft Project, Internet Explorer, C2PC Gateway, C2PC Client, REPEAT 2004– RepeatWinXR and Creative WebCam PROeX Phase I Configuration (2 of 2)

26 12 December 200526 Trusted Path Extension (TPE) Reference application for the TCX project Operational Environment - MYSEA MLS LAN Architecture will use separation –Untrusted and Trusted processes

27 12 December 200527 TPE Form Factor PDA-like device Isolation from COTS processor Trusted Path functions control I/O to user –Device Screen –Device Keyboard Secure Attention Key design is simpler Encryption is on TPE Alternative: examine complex interactions between TPE and COTS system –Strong isolation is required for assurance

28 12 December 200528 Project Synergies Trusted Computing Exemplar Separation Kernel Protection Profile SecureCore RCSec CyberCIEGE

29 12 December 200529 Cynthia Irvine, Ph.D. Center for Information Systems Security Studies and Research Computer Science Department Naval Postgraduate School, Monterey, CA 93943 irvine@nps.edu, 831 656-2461 Questions and Contacts

Download ppt "A Multilevel Secure Testbed to Support Coalition Operations 12 December 2005 Cynthia Irvine, PhD Department of Computer Science Naval Postgraduate School."

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Operating System Security

Operating System Security
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.

Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Chapter 11 Firewalls.

Chapter 11 Firewalls.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Analysis of Terminal Server Architectures for Thin Clients in a High Assurance Network Steven R. Balmer & Cynthia E. Irvine Department of Computer Science.

Analysis of Terminal Server Architectures for Thin Clients in a High Assurance Network Steven R. Balmer & Cynthia E. Irvine Department of Computer Science.
Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.

Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Similar presentations

Ads by Google