Upload
lamkien
View
212
Download
0
Embed Size (px)
Citation preview
Form SF298 Citation Data
Report Date("DD MON YYYY") 11101993
Report TypeN/A
Dates Covered (from... to)("DD MON YYYY")
Title and Subtitle Rome Laboratory Computer Security
Contract or Grant Number
Program Element Number
Authors Project Number
Task Number
Work Unit Number
Performing Organization Name(s) and Address(es) Rome Laboratory
Performing Organization Number(s)
Sponsoring/Monitoring Agency Name(s) and Address(es) Monitoring Agency Acronym
Monitoring Agency Report Number(s)
Distribution/Availability Statement Approved for public release, distribution unlimited
Supplementary Notes
Abstract
Subject Terms "IATAC COLLECTION"
Document Classification unclassified
Classification of SF298 unclassified
Classification of Abstract unclassified
Limitation of Abstract unlimited
Number of Pages 21
REPORT DOCUMENTATION PAGEForm Approved
OMB No. 074-0188Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering andmaintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information,including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503
1. AGENCY USE ONLY (Leave blank) 2. REPORT DATE
10/1/953. REPORT TYPE AND DATES COVERED
Briefing4. TITLE AND SUBTITLE
Rome Laboratory Computer Security5. FUNDING NUMBERS
6. AUTHOR(S)
Joseph Giordano
7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT NUMBER
IATACInformation Assurance Technology AnalysisCenter3190 Fairview Park DriveFalls Church VA 220429. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING / MONITORING
AGENCY REPORT NUMBER
Defense Technical Information CenterDTIC-IA8725 John J. Kingman Rd, Suite 944Ft. Belvoir, VA 2206011. SUPPLEMENTARY NOTES
12a. DISTRIBUTION / AVAILABILITY STATEMENT
A
12b. DISTRIBUTION CODE
13. ABSTRACT (Maximum 200 Words)
The objective of this presentation is to develop & demonstrate theTools & technologynecessary to realize trusted c31 systems in Air Force & DoD applications, and to emphasizeuse of formal Verification to assure Securit/Trust Mechanism Satisfies FormalSecurity/Trust Policy Model.
14. SUBJECT TERMS
IA15. NUMBER OF PAGES
16. PRICE CODE
17. SECURITY CLASSIFICATION OF REPORT
Unclassified
18. SECURITY CLASSIFICATION OF THIS PAGE
UNCLASSIFIED
19. SECURITY CLASSIFICATION OF ABSTRACT
UNCLASSIFIED
20. LIMITATION OF ABSTRACT
None
COMPUTER SECURITY
OBJECTIVE: TO DEVELOP & DEMONSTRATE THETOOLS & TECHNOLOGY NECESSARY TOREALIZE TRUSTED C31 SYSTEMS IN AIRFORCE & DOD APPLICATIONS
APPROACH: EMPHASIZE USE OF FORMALVERIFICATION TO ASSURE SECURlfY/TRUST MECHANISM SATISFIES FORMALSECURITY/TRUST POLICY MODEL
wn. .c.4c”inI
--.Ir3PI--
COMPUTER SECURITYAREAS OF INTEREST
l SECURITY PROPERTIES WIODELING
l SECURE DISTRIBUTED SYSTEMS
a MULTILEVEL SECURE DBMS
l FORMAL VERIFICATION
l CERTIFICATION TECHNOLOGY
ROMULUS EXTENSIONS
a REQUIREMENTS TOOL INTEGRATION
Q ROlVlUl.US/PENELOPE 1NTEGRATCON
0 ENHANCED MODELING SUPPORT
z0
THETA PROGRAM-HISTORY
e ROME LAB SUPPORT FROM 1985l CONCEPT EXPLORATION PHASE (“PHASE I”):
- BBNfORA, 198547- STUDY DISTRIBUTED SECURlTY; FORMULATE POLlCY- DESIGN A SECURE DISTRIBUTED OS- CARRY OUT AI-LEVEL VERIFICATION FOR ASSURANCE
l DEMONSTRATlON~VALEDATION PHASE (“PHASE II”):- ORAIBBN, 1988-92- DETAILED DESIGN & POLICY BASED ON PHASE I WORK- IMPLEMENT PROTOTYPE- B3-LEVEL DESIGN & ASSURANCE
J?-.--
l-40
z0
00rd
NEXT-GENERATION DBlWStNTELllGENT DATABASESDATA t RULES t KNOWLEDGEOBJECT-ORIENTED PRCIGf?A!VliitNGSECURITY POLICY3 FORMAL MODEL
/ MLS
TAXONOMY OF ARWITECTURESDECISKIN ATTRIBUTES (QiJALlTATlUE)ALLOW PRIORITY OF DESIGN f ACTORSARGHITECTUF?E CHOICES,TRADE-OFFS
TARGETED TO AlTWO SECURITY POLICIES ADDRESS:
MANDATOWY~DISCRETIONARYINTfGRlT’(RULE43ASED CLASSIFICATOON CONSTRAIMTSPOLY IN§TANTfATiQN
FORMAL MODELS, FTLS, & DEMQNSTRATLONSCTC LOCK il GEMINI GEMSOS
ED HOMOGENEOUSDISTRIBUTED HETEROGENEOUSFEDERATED
EXPERT SYSTEMSMATHEIWATICA L MODELSINTEGRATKIM OF AUDIT & INTRUSION DETECTION
TRUSTED DATABASE FRONTmEND
OBJECTIVE:
4 DEVELOP & DEMONSTRATE TRUSTED DBMSFRONT-END CAPABILITIES TO SUPPORT
- MULTILEVEL WORKSTATION INTERFACE
- MULTILEVEL OUTPUT TECHNOLOGY- PRESENTATION TECHNOLOGY- WINDOWING- TRUSTED DATA LABELS
PROGRAM REQUIREMENTS:+ BUILD TO AT LEAST CLASS 82l TRUSTED SUBJECT APPROACH+ CLlENTmSERVER ARCHITECTURE
SUN 3160 WORKSTATION WITH TEMPLATE BASEDSCREEN EDITOR
~aE~FI;AT#lN LANGUAGE BASED ON LARCH
f’HASE1 (FV89j; PASCAL-LIKE F EATUAESWITH EXCEPTIONS
PHASE II v92): REUSABLE LIBRAFIlESPHASE III (Fy95): CONCURRENCY
EMPHASCS TO DATE:TRUSTED COMPILER81% PROCESSOR VERIFICAIION
APPLICATION:TRUSTED ADA COMPILERSD1 CHIP VERfFICATlON {RH32)
ESTABUSH TtiEORETlCAL FOUNRATIQNSIMPLEMENT PROTOTYPE ENVIRON. TO ESTABLISH
FEASIBILITY {BASED ON ClDEMO)IISTRATE VIA SD1 WEAPONS ASSIGNMENT
ALGBRfMlI;NOQRPORATE INTO ADA VEFtLfWATKX4 ENVIRONMENT
EVALUATE EXISTING METHOMllOG!ESOEVELOP MIDTERM REQUIREMENTSRESEARCH LONG TERM VERtF1CATlON ISSUES
CERTIFICATION TECHNOLOGY
06 JECTIVE:DEVELOP A METHODOLOGY & PROVIDE A SET OF TOOLS & TECHNIQUESTO SUPPORT THE SECURE SYSTEM ACCREDlTATlONlEVALUATlONPROCESS & TO AID THE DETERMINATION OF THE DEGREE OF SECURITY
!2PROVIDED BY AUTOMATED INFORMATION SYSTEMS
do-APPROACH:* DEFINITIZE EXISTING CERTIFICATION PROCESS* TAILOR PROCESS TO AIR FORCE NEEDSl IDENTIFY AREAS AMENAEILE TO AUTOMATIONl SURVEY EXISTING TOOLS/TECHNIQUES TO DETERMINE APPLICABILITY
TO AIR FORCE SECURITY CERTIFICATION PROCESS+ DEVELOP A METHODOLOGY & NEW TOOLS & TECHIUIQUES TO SUPPORT
SYSTEM CERTIFICATION % LIFE CYCLE MANAGEMENT