Federal PKI Architecture Update Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.
High Assurance Trusted e-Commerce & PKI S ervers · PDF fileHigh Assurance Trusted e-Commerce...
Transcript of High Assurance Trusted e-Commerce & PKI S ervers · PDF fileHigh Assurance Trusted e-Commerce...
secu
ring
the
futu
re™
High Assurance T rustede-Commerce & PKI S erversACSAC, December 9, 1999
Paul A. McNabbVice President and CTO
secu
ring
the
futu
re™
S ummary
� New commercial Internet architectures aredemanding new security technologies
� A new generation of trusted operatingsystems has come out of the commercialmarket
� TOS technology enables mission criticalarchitectures for e-commerce and PKI
secu
ring
the
futu
re™
Paradigm S hifts
� Collapsing Walls� Perimeters cannot easily be defined� Perimeters of networks are no longer defensible
� Internet as a Transaction Platform� Transaction servers will be attacked for their
financial assets and information� Transaction servers have become gateways to
backend systems and networks
secu
ring
the
futu
re™
T raditional Web S erver
Users interact with web server
Informationtransferredto backendseparately
Mainframe
Firewall
Internet
Web Server
secu
ring
the
futu
re™
Direct T ransaction S erver
Firewall
Internet
Mainframe
Web Server
Users interact directlywith backend system
secu
ring
the
futu
re™
Direct Connect Model
Security Challenge
� Opens a new high-speed, direct conduit tosensitive back-end systems
� Commercial, third party applications arerunning on critical “gateway” systems
secu
ring
the
futu
re™
E -Commerce S ystems Under Attack
In a 1999 Computer Security Institute/FBI study of521 large organizations—including banks andgovernment agencies—
� 62% of respondents had experienced securitybreaches over the past 12 months.
� 21% answered “don’t know”� 91% utilize firewalls
� 98% use anti-virus software
� 93% deploy access control� 42% have intrusion detection
As E-Commerce Grows So Does Crime
secu
ring
the
futu
re™
PKI Hacker T hreats
� “By 2002, 80% of businesses using a PKIto support e-commerce applications orextranets will experience hacking attacksagainst the PKI components....”
-Gartner Group Research Note “Network Security for Public Key Infrastructures” 6 August 1999
secu
ring
the
futu
re™
Certificate Authority Endorsement
� “The certificate authority and repositoryshould run on hardened OSs. For high-sensitivity environments, we recommenduse of OSs designed to meet B1principles....”
-Gartner Group Research Note “Network Security for Public Key Infrastructures” 6 August 1999
secu
ring
the
futu
re™
Unassailable S ecurity Fact
“The threats posed by the modern computingenvironment cannot be addressed withoutsecure operating systems. Any securityeffort which ignores this fact can only resultin a ‘fortress built upon sand.’”
-- The Inevitability of Failure: The Flawed Assumptionof Security in Modern Computing Environments
Loscocco, Smalley, Muckelbauer, Taylor, Turner, and FarrellNational Security Agency
secu
ring
the
futu
re™
T raditional S ecurity
� Firewalls
� Encryption� Network Encryption
� Public Key Infrastructure (PKI)
� Authentication� Digital Certificates
� Access Tokens
� Intrusion Detection
� Hardened Operating Systems
secu
ring
the
futu
re™
Where does a T rusted OS fit?
� A TOS doesn’t take the place of encryption,firewalls, intrusion detection, orauthentication mechanisms
� It adds extra layer of security that canstrengthen other security mechanisms
� It provides strong platform and networkinterface security for Internet-basedcommercial applications
� It prevents damage outside of a partition,and limits damage from buffer overflows
secu
ring
the
futu
re™
Capabilities Unique to the OS
� Stack overwrite bugs
� Administrator hijacking
� Multi-network communication
� Improper application interaction
� Other COTS/middleware software bugs
There are certain threats and risks that canonly be controlled via the operating system:
The OS can impose controls on all software.
secu
ring
the
futu
re™
T rusted OS Product Generations
Characteristic1st
Generation2nd
Generation3rd
Generation
Interface
Configurability
Networking
Installation
Feature Set
Emphasis
Criteria/Eval
Command Line
None
No MLS
Replace OS
Very Limited
AccessControl
TCSEC
Graphical
Limited
MLS
Replace OS
Moderate
Access +Admin
TCSEC / ITSEC
Browser
Extensive
MLS+
Upgrade OS
Very Rich
Access + Admin+ Integration
CC
secu
ring
the
futu
re™
T rusted OS T rend
� Losing image of old DoD systems
� Being designed to meet commercialstability and functionality requirements
� Becoming requirement for directtransaction servers
� Becoming part of the standard toolkit forsecurity professionals securing high riskenvironments.
secu
ring
the
futu
re™
Multiple Compartment Isolation
OutsideCompartment
SecurityGateway
Inte
rnet
Internet LAN
LAN
LAN
LANApplication 1
Compartment
Application 2Compartment
Application 3Compartment
secu
ring
the
futu
re™
Isolated S ystem Compartments
Shared SystemFiles (Read Only)
CGI Files
CGI Application
LANInterface
AdminServer
ProtectedAdmin Files
Web Pages
HTTPServer
InternetInterface
secu
ring
the
futu
re™
VPN SSL ProxyUser
T OS -based Webserver Architectures
TrustedAdministration
Server
Admin
Extranet AWeb Server
Extranet BWeb Server
Security Gate Auth. ModuleDefault
Web Server
UDE
Security Gate Application
SG App SG App SG
secu
ring
the
futu
re™
T OS -based PKI Architectures
FW
FW
DMZ
LAN
INET
RA
BE
FE
db
Admin
logstore
CA
FE
BE HSM
secu
ring
the
futu
re™
Internet
Local NI
LAN
Public NIVNI VNI VNI
Virtual MLS Machines for AS P/CS P
VM#1
VM#3
VM#2
shared resources
adminVM
secu
ring
the
futu
re™
High-End S ecure Environments
� Electronic Commerce� Internet Banking / Finance� Multilevel Intranet http Servers� Multi-National Commands� Multi-Disciplined Collection
Transaction Database Servers� Medical/Health Services� Secure Web Servers� PKI / Certificate Authorities� Trusted Firewalls
secu
ring
the
futu
re™
Argus Products
� PitBullA third generation trusted OS undergoing CCLSPP/EAL4 evaluation. Available on:
�Sun Solaris (2.5.1, 7, 8; SPARC & x86)�IBM AIX (4.3.2, 4.3.3)�SCO Unixware (7.1)
� GibraltarA complete e-platform architecture based onPitBull and running on the same platforms.
secu
ring
the
futu
re™
VPN SSL ProxyUser
Gibraltar Product Architecture
TrustedAdministration
Server
Admin
Extranet AWeb Server
Extranet BWeb Server
Security Gate Auth. ModuleDefault
Web Server
UDE
Security Gate Application
SG App SG App SG
secu
ring
the
futu
re™
S ummary
� New commercial Internet architectures aredemanding new security technologies
� A new generation of trusted operatingsystems has come out of the commercialmarket
� TOS technology enables mission criticalarchitectures for e-commerce and PKI
secu
ring
the
futu
re™
For More Information
www.argus-systems.com
1809 Woodfield DriveSavoy, IL 61874 USA
Tel: 217-355-6308Fax: 217-355-1433