CSCE 727CSCE 727
Awareness and Training Awareness and Training Secure System Development Secure System Development
and Monitoringand Monitoring
Information Warfare - Farkas 2
ReadingReadingReading for this lecture:Denning: Chapter 14
Recommended:•Rainbow Series Library, http://www.fas.org/irp/nsa/rainbow.htm Common Criteria, http://www.commoncriteriaportal.org/
SYSTEM CERTIFICATIONSYSTEM CERTIFICATION
Information Warfare - Farkas 3
Information Warfare - Farkas 4
Building It SecureBuilding It Secure
1960s: US Department of Defense (DoD) risk of unsecured information systems
1970s: – 1977: DoD Computer Security Initiative– US Government and private concerns – National Bureau of Standards (NBS – now NIST)
Responsible for stadards for acquisition and use of federal computing systems
Federal Information Processing Standards (FIPS PUBs)
Information Warfare - Farkas 5
NBSNBS Two initiatives for security:
– Cryptography standards 1973: invitation for technical proposals for ciphers 1977: Data Encryption Standard 2001: Advanced Encryption Standard (NIST)
– Development and evaluation processes for secure systems Conferences and workshops Involves researchers, constructors, vendors, software
developers, and users 1979: Mitre Corporation: entrusted to produce an initial set
of criteria to evaluate the security of a system handling classified data
Information Warfare - Farkas 6
National Computer Security CenterNational Computer Security Center
1981: National Computer Security Center (NCSC) was established within NSA– To provide technical support and reference for government
agencies– To define a set of criteria for the evaluation and assessment of
security– To encourage and perform research in the field of security– To develop verification and testing tools– To increase security awareness in both federal and private sector
1985: Trusted Computer System Evaluation Criteria (TCSEC) == Orange Book
Information Warfare - Farkas 7
Orange BookOrange Book
Orange Book objectives– Guidance of what security features to build into new
products– Provide measurement to evaluate security of systems– Basis for specifying security requirements
Security features and Assurances Trusted Computing Base (TCB) security
components of the system: hardware, software, and firmware + reference monitor
Information Warfare - Farkas 8
Orange BookOrange BookSupport Users: evaluation metrics to assess the reliability of the
security system for protection of classified or sensitive information when– Commercial product– Internally developed system
Developers/vendors: design guide showing security features to be included in commercial systems
Designers: guide for the specification of security requirements
Information Warfare - Farkas 9
Orange bookOrange book
Set of criteria and requirementsThree main categories:
– Security policy – protection level offered by the system
– Accountability – of the users and user operations
– Assurance – of the reliability of the system
Information Warfare - Farkas 10
Security PolicySecurity Policy
Concerns the definition of the policy regulation the access of users to information– Discretionary Access Control– Mandatory Access Control– Labels: for objects and subjects– Reuse of objects: basic storage elements must
be cleaned before released to a new user
Information Warfare - Farkas 11
AccountabilityAccountability
Identification/authenticationAuditTrusted path: no users are attempting to
access the system fraudulently
Information Warfare - Farkas 12
AssuranceAssurance
Reliable hardware/software/firmware components that can be evaluated separately
Operation reliabilityDevelopment reliability
Information Warfare - Farkas 13
Operation reliabilityOperation reliability
During system operation – System architecture: TCB isolated from user processes,
security kernel isolated from non-security critical portions of the TCB
– System integrity: correct operation (use diagnostic software)
– Covert channel analysis– Trusted facility management: separation of duties– Trusted recovery: recover security features after TCB
failures
Information Warfare - Farkas 14
Development reliabilityDevelopment reliability
System reliable during the development process. Formal methods.– System testing: security features tested and verified– Design specification and verification: correct design
and implementation wrt security policy. TCB formal specifications proved
– Configuration management: configuration of the system components and its documentation
– Trusted distribution: no unauthorized modifications
Information Warfare - Farkas 15
DocumentationDocumentation
Defined set of documents Minimal set:
– Trusted facility manual– Security features user’s guide– Test documentation– Design documentation– Personnel info: Operators, Users, Developers,
Maintainers
Information Warfare - Farkas 16
Orange Book LevelsOrange Book Levels
Highest Security– A1 Verified protection– B3 Security Domains– B2 Structured Protection– B1 Labeled Security Protections– C2 Controlled Access Protection– C1 Discretionary Security Protection– D Minimal Protection
No Security
Information Warfare - Farkas 17
Orange BookOrange Book C1, C2: simple enhancement of existing systems.
Does not break applications. B1: relatively simple enhancement of existing
system. May break some of the applications.
B2: major enhancement of existing systems. Will break many applications.
B3: failed A1 A1: top-down design and implementation of a new
system from scratch.
Information Warfare - Farkas 18
NCSC Rainbow SeriesNCSC Rainbow Series
Orange: Trusted Computer System Evaluation Criteria
Yellow: Guidance for applying the Orange Book
Red: Trusted Network InterpretationLavender: Trusted Database Interpretation
Information Warfare - Farkas 19
Evaluation ProcessEvaluation Process Preliminary technical review (PTR)
– Preliminary technical report: architecture potential for target rating Vendor assistance phase (VAP)
– Review of the documentation needed for the evaluation process, e.g., security features user’s guide, trusted facility manual, design documentation, test plan. For B or higher, additional documentations are needed, e.g., covert channel analysis, formal model, etc.
Design analysis phase (DAP)– Initial product assessment report (IPAR): 100-200 pages, detailed
info about the hardware, software architecture, security relevant features, team assessments, etc.
– Technical Review Board– Recommendation to the NCSC
Information Warfare - Farkas 20
Evaluation ProcessEvaluation Process Formal evaluation phase (FEP)
– Product Bulletin: formal and public announcement – Final Evaluation Report: information from IPAR and
testing results, additional tests, review code (B2 and up), formal policy model, proof.
– Recommends rating for the system– National Cyber Security Center (NCSC) decides final
rating Rating maintenance phase (RAMP)
– Minor changes and revisions– Reevaluated– Rating maintenance plan
Information Warfare - Farkas 21
European CriteriaEuropean Criteria German Information Security Agency: German Green
Book (1988) British Department of Trade and Industry and Ministry of
Defense: several volumes of criteria Canada, Australia, France: works on evaluation criteria 1991: Information Technology Security Evaluation
Criteria (ITSEC) – For European community– Decoupled features from assurance– Introduced new functionality requirement classes– Accommodated commercial security requirements
Information Warfare - Farkas 22
Common CriteriaCommon Criteria January 1996: Common Criteria
– Joint work with Canada and Europe– Separates functionality from assurance– Nine classes of functionality: audit, communications,
user data protection, identification and authentication, privacy, protection of trusted functions, resource utilization, establishing user sessions, and trusted path.
– Seven classes of assurance: configuration management, delivery and operation, development, guidance documents, life cycle support, tests, and vulnerability assessment.
Information Warfare - Farkas 23
Common CriteriaCommon Criteria Evaluation Assurance Levels (EAL)Lowest Security
– EAL1: functionally tested– EAL2: structurally tested– EAL3: methodologically tested and checked– EAL4: methodologically designed, tested and reviewed– EAL5: semi-formally designed and tested– EAL6: semi-formally verified and tested– EAL7: formally verified design and tested
Highest Security
Information Warfare - Farkas 24
National Information Assurance National Information Assurance Partnership (NIAP)Partnership (NIAP)
1997: National Institute of Standards and Technology (NIST), National Security Agency (NSA), and Industry
Aims to improve the efficiency of evaluation Transfer methodologies and techniques to private
sector laboratories Functions: developing tests, test methods, tools for
evaluating and improving security products, developing protection profiles and associated tests, establish formal and international schema for CC
National Security IssuesNational Security Issues
Information Warfare - Farkas 25
Interesting read:
B. Baer Arnold, Cyber war in Ukraine – business as usual for the Russian bear, Homeland Security News Wire, March 13, 2014, http://www.homelandsecuritynewswire.com/dr20140313-cyber-war-in-ukraine-business-as-usual-for-the-russian-bear Roger C. Molander, Peter A. Wilson, B. David Mussington, Richard Mesic: What is Strategic Information Warfare?, 1996, http://www.rand.org/content/dam/rand/pubs/monograph_reports/2005/MR661.pdf
Information Warfare - Farkas 26
National Security and IWNational Security and IW U.S. agencies responsible for national security:
large, complex information infrastructure 1990: defense information infrastructure (DOD).
Supports – Critical war-fighting functions– Peacetime defense planning– Information for logistical support– Defense support organizations
Need proper functioning of information infrastructure
“digitized battlefield”
Information Warfare - Farkas 27
National Security and IWNational Security and IWIncreased reliance on information
infrastructureHeavily connected to commercial
infrastructure– 95% of DOD’s unclassified communication via
public networkNo boundaries, cost effectiveness,
ambiguous
Information Warfare - Farkas 28
National Security and IWNational Security and IW Vital human services
– Law enforcement– Firefighters– Emergency telephone system– Federal Emergency Management Agency
Other Government Services and public utilities– Financial sector– Transportation– Communications– Power – Health system
Information Warfare - Farkas 29
Information WarfareInformation Warfare
Persian Gulf War: first “information war”After the war:
– U.S. concern about own vulnerability for IW– “strategic” level of information warfare
No clear understanding of objectives, actors, and types of activities
What is IW? – Academia, national security community, intelligence
community, etc.
Information Warfare - Farkas 30
Strategic WarfareStrategic Warfare Cold War: “single class of weapons delivered at a
specific range” (Rattray)– E.g., use of nuclear weapons with intercontinental
range Current: “variety of means … can create
“strategic” effects, independent of considerations of distance and range.”
Center of gravity: – Those characteristics, capabilities, or sources of power
from which a military force derives its freedom of action, physical strength, or will to fight (DOD)
Information Warfare - Farkas 31
Strategic IWStrategic IW
“…means for state and non-state actors to achieve objectives through digital attacks on an adversary’s center of gravity.” (Rattray)
Information Warfare - Farkas 32
SIW Operating EnvironmentSIW Operating Environment
Man-made environmentIncreased reliance on information
infrastructure new center of gravity
Information Warfare - Farkas 33
Strategic Warfare vs. SIWStrategic Warfare vs. SIW
Similar challengesHistorical observation: centers of gravity
are difficult to damage because of– Resistance– Adaptation
Information Warfare - Farkas 34
Dimensions of Strategic AnalysisDimensions of Strategic Analysis
Threads:– Need to engage in multiple related means to achieve
desired results– Interacting with opponent capable of independent action
Distinction between”– “grand strategy”: achievement of political object of the
war (includes economic strength and man power, financial pressure, etc.)
– “military strategy”: gain object of war (via battles as means)
Information Warfare - Farkas 35
Waging Strategic WarfareWaging Strategic Warfare
Creates new battlefields and realms of conflict
Need identification of center of gravity– WWI:
German submarines: strangle U.K. economy Airplanes: tactical use: reconnaissance and artillery
spotting. Strategic use: 1915: German zeppelin: striking cities in England
Information Warfare - Farkas 36
Strategic Air PowerStrategic Air Power Targets center of gravity WWI:
– Deliver devastating strikes– Civilian morale
WWII: – U.S. targets German economic targets– Massive bombing campaigns– Crushing civilian morale– Paralyzing economy
Problems:– Difficulty to achieve general industrial collapse– Grossly overestimated the damage
Information Warfare - Farkas 37
Other Weapons – Cold WarOther Weapons – Cold War
Military capacity as means to achieve political leverage through strategic attacks:– E.g., nuclear weapons, ballistic missile, satellite
capability, WMDMassive retaliation
– Ability to use is limited, e.g., 1956 Soviet invasion of Hungary
Information Warfare - Farkas 38
SW – PastSW – Past
Focused on offensive actions Largely ignored
– Interaction between adversaries difficult to determine utility of offensive action
– Defense capabilities, vulnerabilities, and commitment
Information Warfare - Farkas 39
Necessary conditions for SW Necessary conditions for SW
Offensive freedom of actionSignificant vulnerability to attackProspects for effective retaliation and
escalation are minimizedVulnerabilities can be identified, targeted,
and damage can be assessed
Information Warfare - Farkas 40
SIWSIW
Growing reliance new target of concernCommercial networks for crucial functionsRapid changeWidely available toolsSignificant uncertainties
– Determining political consequences– Predicting damage, including cascading effects
Information Warfare - Farkas 41
SIWSIWComplexity and openness
– Weakness– Strength
Difficult to distinguish offensive from defensive
Public information – Vulnerabilities– Incentives
Next classNext class
Midterm exam
Information Warfare - Farkas 42
Top Related