Upload
howard-osborne
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
Lecturer: Lynn Ackler Date:10/28/08 1
Information AssuranceIATF
IATF Information Assurance Technical Framework Security System Engineering methodology
Lecturer: Lynn Ackler Date:10/28/08 2
Information Systems Security Engineering
ISSEArt and science of discovering users' information
protection needs.Designing systems with economy and elegance,
so that safely resists the forces to which they will be subjected.
Building and testing such systems.
Lecturer: Lynn Ackler Date:10/28/08 3
SE versus ISSE
SE Activities ISSE Activities
Discover needs Discover information protection needsDefine system requirements Define system security requirementsDesign system architecture Design system security architectureDevelop detailed design Develop detailed security designImplement system Implement system securityAssess effectiveness Assess system security effectiveness
Lecturer: Lynn Ackler Date:10/28/08 4
Technical Security Countermeasures
Determination of the appropriate technical security measures to address attacks at all layers in the information system.
Lecturer: Lynn Ackler Date:10/28/08 5
Security Services
Services that safeguard information and information systems. Authentication Confidentiality Integrity Availability Non-repudiation Robustness Interoperability
Lecturer: Lynn Ackler Date:10/28/08 6
Potential Adversaries
Nation States Hackers Terrorists Organized crime Other criminal elements International press Industrial competitors Disgruntled employees Careless employees
Lecturer: Lynn Ackler Date:10/28/08 7
Motivations
Access to sensitive information Track operations Disrupt operations Steal money, products or services Free use Embarrassment Overcome technical challenge Compromise
Lecturer: Lynn Ackler Date:10/28/08 8
Classes of Attacks
Passive attacks Active attacks Close-in attacks Insider attacks Distribution attacks
Lecturer: Lynn Ackler Date:10/28/08 9
Passive Attacks
Monitoring open communication Ethernet sniffing
Decrypting weak encryption WEP
Password sniffing Traffic analysis
Lecturer: Lynn Ackler Date:10/28/08 10
Active Attacks
Modify data in transit Modify financial transactions
Replay Session hijacking
Privileges of established session Masquerading
Unauthorized access
Lecturer: Lynn Ackler Date:10/28/08 11
Active Attacks (cont'd)
Exploiting app's or OS Outlook Express
Exploit trust Transitive trust, e.g. PGP
Lecturer: Lynn Ackler Date:10/28/08 12
Active Attacks (cont'd)
Data execution Open an attachment that is a script
Inserting and exploiting code Trojan horse, back door
Denial of service
Lecturer: Lynn Ackler Date:10/28/08 13
Close-in Attacks
Access to comm's wires, RF, visual, etc. Information gathering
IP addresses, IDs, passwords System tampering
Bugging, keyboard sniffing SW Physical compromise
Lecturer: Lynn Ackler Date:10/28/08 14
Insider Attacks
Malicious Modify/destroy data and security mechanisms Establish unauthorized access Cover channels Physical damage/alteration
Non-malicious Modification of data/configuration Physical damage
Lecturer: Lynn Ackler Date:10/28/08 15
Distribution Attacks
Attacks on the distribution chain of products or services
Modification at vendor's facility Modification during distribution
Lecturer: Lynn Ackler Date:10/28/08 16
Primary Security Services
Access control Confidentiality Integrity Availability Nonrepudiation
Lecturer: Lynn Ackler Date:10/28/08 17
Access Control Limiting access to information, services and
communications Identity and authentication
You are who you say you are. Authorization
Access rights Decision
Rights match demand Enforcement
Grant/deny and log/notify
Lecturer: Lynn Ackler Date:10/28/08 18
Confidentiality
Information state Transmission, storage, proccessing
Data type Crypto keys, config files, text
Amounts or parts of data Value and life of data
Lecturer: Lynn Ackler Date:10/28/08 19
Elements of Confidentiality
Data protection Data separation Traffic flow protection
Lecturer: Lynn Ackler Date:10/28/08 20
Integrity
Prevention of unauthorized data modification
Detection and notification of unauthorized modification
Logging all modifications
Lecturer: Lynn Ackler Date:10/28/08 21
Availability
Protection from attack Protection from unauthorized use Resistance to routine failures
Lecturer: Lynn Ackler Date:10/28/08 22
Non-repudiation
Repudiation:Denial by one entity in a multi-entity exchange that it
participated. Non-repudiation:
Proof of origin, proof of identity, time of originationProof of delivery, time of deliveryAudit trail
Lecturer: Lynn Ackler Date:10/28/08 23
Security Technologies
APIs CryptoAPI Cryptographic Service Providers File Encryptors Hardware tokens Intrusion detectors IPSec IKE
Lecturer: Lynn Ackler Date:10/28/08 24
Security Technologies(cont'd)
Packet filter Stateful packet filter PKI SSL S/MIME Trusted Computing Base Virus detectors Tripwire
Lecturer: Lynn Ackler Date:10/28/08 25
Robustness Strategy
Determine the Degree of Robustness
Strength of Mechanism Levels of Assurance
Lecturer: Lynn Ackler Date:10/28/08 26
Purpose
Security engineering guidance Levels of security mechanisms Security services appropriate to mission Levels of assurance
Lecturer: Lynn Ackler Date:10/28/08 27
Robustness Strategy Functions
Assessment of strength mechanisms Definition of product requirements Subsequent risk assessments Recommend security requirements
Lecturer: Lynn Ackler Date:10/28/08 28
Robustness Strategy Process
1. Assess value2. Assess threat3. Determine strength level appropriate4. Determine implementation necessary
Lecturer: Lynn Ackler Date:10/28/08 29
Degree of Robustness
Lecturer: Lynn Ackler Date:10/28/08 30
Degree of Robustness Determination
Level of strength and assurance recommended for a potential security mechanism
Depends on:1. Value of information2. Perceived threat environment
Lecturer: Lynn Ackler Date:10/28/08 31
Information Value Levels
.VI. Violation of the information protection policy would have negligible adverse effectsor consequences..V2. Violation of the information protection policy would adversely affect and/or causeminimal damage to the security, safety, financial posture, or infrastructure of theorganization..V3. Violation of the information protection policy would cause some damage to thesecurity, safety, financial posture, or infrastructure of the organization..V 4. Violation of the information protection policy would cause serious damage to thesecurity, safety, financial posture, or infrastructure of the organization..V5. Violation of the information protection policy would cause exceptionally gravedamage to the security, safety, financial posture, or infrastructure of the organization.
Lecturer: Lynn Ackler Date:10/28/08 32
Threat Levels
.TI. Inadvertent or accidental events ( e.g., tripping over a power cord).
.T2. Passive, casual adversary with minimal resources who is willing to take little risk( e.g., listening)..T3. Adversary with minimal resources who is willing to take significant risk ( e.g.,unsophisticated hackers)..T4. Sophisticated adversary with moderate resources who is willing to take little risk(e.g., organized crime, sophisticated hackers, international corporations)..T5. Sophisticated adversary with moderate resources who is willing to take significantrisk (e.g., international terrorists)..T6. Extremely sophisticated adversary with abundant resources who is willing to takelittle risk (e.g., well-funded national laboratory, nation-state, international corporation).
.T7. Extremely sophisticated adversary with abundant resources who is willing to takeextreme risk (e.g., nation-states in time of crisis).
Lecturer: Lynn Ackler Date:10/28/08 33
Strength of Mechanism Levels
.SMLl is defined as basic strength or good commercial practice. It is resistant tounsophisticated threats (roughly comparable to TI to T3 threat levels) and is used toprotect low-value data. Examples of countered threats might be door rattlers, anklebiters, and inadvertent errors..SML2 is defined as medium strength. It is resistant to sophisticated threats (roughlycomparable to T4 to TS threat levels) and is used to protect medium-value data. It wouldtypically counter a threat from an organized effort (e.g., an organized group of hackers)..SML3 is defined as high strength or high grade. It is resistant to the national laboratoryor nation-state threat (roughly comparable to T6 to T7 threat levels) and is used to protecthigh-value data. Examples of the threats countered by this SML are an extremelysophisticated, well-funded technical laboratory and a nation-state adversary.
Lecturer: Lynn Ackler Date:10/28/08 34
Assurance Levels
EAL 1 Functionally TestedEAL 2 Structurally TestedEAL 3 Methodically Tested and CheckedEAL 4 Methodically Designed, Tested and ReviewedEAL 5 Semiformally Designed and TestedEAL 6 Semiformally Verified Design and TestedEAL 7 Formally Verified Design and Tested
Lecturer: Lynn Ackler Date:10/28/08 35
Security Mechanisms
1. Security Management2. Confidentiality3. Integrity4. Availability5. Identification & Authentication6. Access Control7. Accountability8. Non-repudiation
Lecturer: Lynn Ackler Date:10/28/08 36
Security Management Mechanisms
Lecturer: Lynn Ackler Date:10/28/08 37
Confidentiality Mechanisms
Lecturer: Lynn Ackler Date:10/28/08 38
Integrity Mechanisms
Lecturer: Lynn Ackler Date:10/28/08 39
Availability Mechanisms
Lecturer: Lynn Ackler Date:10/28/08 40
Identification & Authentication Mechanisms
Lecturer: Lynn Ackler Date:10/28/08 41
Access Control Mechanisms
Lecturer: Lynn Ackler Date:10/28/08 42
Accountability Mechanisms
Lecturer: Lynn Ackler Date:10/28/08 43
Non-Repudiation Mechanisms
Lecturer: Lynn Ackler Date:10/28/08 44
Interoperability
Contemporary Systems involve multiple networks as well as multiple heterogeneous computer systems
All systems depend on communication Security must be as transparent as
possible in such a compute environment
Lecturer: Lynn Ackler Date:10/28/08 45
Elements of Interoperability
1. Architecture2. Security Protocols3. Standards Compliance4. Interoperable Certificate Management5. Agreement on Security Policies
Lecturer: Lynn Ackler Date:10/28/08 46
Interoperability Strategy
1. Foster Standards2. Security Negotiation3. Support Open Standards