the challenge of the challenge of multilevel security
play

The Challenge of The Challenge of Multilevel Security Multilevel - PowerPoint PPT Presentation

Jun 03, 2023 •200 likes •448 views

The Challenge of The Challenge of Multilevel Security Multilevel Security Rick Smith, Ph.D., CISSP Rick Smith, Ph.D., CISSP Rick@cryptosmith cryptosmith.com .com Rick@ http://www.cryptosmith cryptosmith.com/ .com/ http://www. October

  1. The Challenge of The Challenge of Multilevel Security Multilevel Security Rick Smith, Ph.D., CISSP Rick Smith, Ph.D., CISSP Rick@cryptosmith cryptosmith.com .com Rick@ http://www.cryptosmith cryptosmith.com/ .com/ http://www. October 2003 October 2003 October 2003 Cryptosmith LLC 1

  2. Text-Only Outline Text-Only Outline Outline presented here Outline presented here • What is MLS? What is MLS? • • Why is MLS Hard? Why is MLS Hard? – – Accreditation Accreditation • • Building MLS Systems Building MLS Systems • • Selecting a Trusted OS Selecting a Trusted OS • Please see the BlackHat BlackHat CDROM for the complete CDROM for the complete Please see the copy of this presentation, or visit this web site: copy of this presentation, or visit this web site: http://www.cryptosmith cryptosmith.com .com http://www. October 2003 Cryptosmith LLC 2

  3. Multilevel Security Multilevel Security • An overloaded term An overloaded term • • Some vendors build Some vendors build “ “MLS Products MLS Products” ” • – Implement Implement “ “Bell Bell LaPadula LaPadula” ” security mechanism security mechanism – – Allows higher-classified processes to read data created by lower- Allows higher-classified processes to read data created by lower- – classified processes classified processes – Example: a Top Secret user Example: a Top Secret user’ ’s process can read Secret data s process can read Secret data – – Vice versa (downgrading) not directly permitted Vice versa (downgrading) not directly permitted – • Most Most requirements requirements for for “ “MLS Operating Mode MLS Operating Mode” ” • – Devices handle classified information with different classification Devices handle classified information with different classification – markings markings – Must Must never never release wrong level to wrong recipient release wrong level to wrong recipient – – Much Much more general than more general than “ “MLS Products MLS Products” ” – October 2003 Cryptosmith LLC 3

  4. An Example MLS Problem An Example MLS Problem Sensor to Shooter: Sensor to Shooter: SCI Data travels from Data travels from satellites to planners satellites to planners Top Secret at different levels, at different levels, and finally to the and finally to the Unclassified warrior who pulls the warrior who pulls the trigger. trigger. Secret Data is sanitized at Data is sanitized at each level and each level and passed to a lower passed to a lower classification. classification. October 2003 Cryptosmith LLC 4

  5. MILS versus MLS MILS versus MLS Achieves “ “MLS Operating Mode MLS Operating Mode” ” Achieves without “ “MLS Products MLS Products” ” without • MILS = Multiple Independent Levels of Security MILS = Multiple Independent Levels of Security • – Deals with multiple levels via separate, Deals with multiple levels via separate, “ “System High System High” ” elements elements – – Data sharing, if any, is via guards or one-way data transfers Data sharing, if any, is via guards or one-way data transfers – • Does not necessarily require Does not necessarily require “ “MLS Products MLS Products” ” • – Most or all elements may be standard COTS products Most or all elements may be standard COTS products – – Guard may use an MLS Product, but not necessarily Guard may use an MLS Product, but not necessarily – • Site networks usually operate in Site networks usually operate in “ “MILS MILS” ” mode mode • – Individual networks consist of COTS products Individual networks consist of COTS products – – Networks run at System High Networks run at System High – – Interconnections, if any, require a special-purpose Guard Interconnections, if any, require a special-purpose Guard – October 2003 Cryptosmith LLC 5

  6. Why is MLS Hard? Why is MLS Hard? • Short answer: Software is unreliable Short answer: Software is unreliable • – Nobody wants to trust the protection of their own, valuable Nobody wants to trust the protection of their own, valuable – classified information to a buggy OS or application classified information to a buggy OS or application – Felony Boxes Felony Boxes – – nobody wants to be personally liable for leaking nobody wants to be personally liable for leaking – classified information classified information • MLS accreditation tries to reduce/eliminate risk MLS accreditation tries to reduce/eliminate risk • – Accreditation Accreditation – – approval to operate by major command user approval to operate by major command user – – MLS accreditation seeks to eliminate risk of data leaks MLS accreditation seeks to eliminate risk of data leaks – – Confidence in software = confidence in safety of data Confidence in software = confidence in safety of data – • Modern software is too complex for confidence Modern software is too complex for confidence • – 16 million lines of code in modern Windows OS 16 million lines of code in modern Windows OS – October 2003 Cryptosmith LLC 6

  7. System Accreditation System Accreditation Required of all systems handling classified data • Required of all systems handling classified data • Regulations: DOD 5200.1, now DOD 8500 Regulations: DOD 5200.1, now DOD 8500 • • – Regulations establishing policies for DOD info systems Regulations establishing policies for DOD info systems – DITSCAP: Defense Information Technology Security • DITSCAP: Defense Information Technology Security • Certification and Accreditation Process Certification and Accreditation Process – Process to verify a system Process to verify a system’ ’s security features s security features – – “ “certification certification” ” – – Process to authorize its operation Process to authorize its operation – – “ “accreditation accreditation” ” – SSAA – – System Security Authorization Agreement System Security Authorization Agreement • SSAA • – Documents security requirements, features, and steps taken to assure Documents security requirements, features, and steps taken to assure – its correct and secure operation its correct and secure operation DAA – – Designated Approval Authority Designated Approval Authority • DAA • – General/Flag officer at major command General/Flag officer at major command – – Signs of on need and risk for using the accredited system Signs of on need and risk for using the accredited system – October 2003 Cryptosmith LLC 7

  8. Getting Into Operation Getting Into Operation • “ “Full Full” ” Accreditation Accreditation • – System goes through certification process System goes through certification process – • May be based on May be based on evaluations evaluations of products being used of products being used • • May be based on template of another successful site May be based on template of another successful site – – this is this is • how the SABI/TSABI SABI/TSABI processes work processes work how the • May involve a combination May involve a combination • – DAA approves system for operation DAA approves system for operation – • IATO IATO – – Interim Approval to Operate Interim Approval to Operate • – Certification is incomplete; DAA lacks basis to fully accredit Certification is incomplete; DAA lacks basis to fully accredit – – May occur in May occur in “ “emergency emergency” ” situations where system is needed situations where system is needed – regardless of the certification status and risks regardless of the certification status and risks – At the discretion of the major command At the discretion of the major command’ ’s DAA s DAA – – DAA may even make an IATO permanent ( DAA may even make an IATO permanent ( “ “back door back door” ” approval) approval) – October 2003 Cryptosmith LLC 8

  9. Evaluation: a product-oriented Evaluation: a product-oriented process process • Process established by data owner(s) Process established by data owner(s) • – Pioneered by NSA: Owner/producer of classified information Pioneered by NSA: Owner/producer of classified information – – Evaluated systems to serve as surrogates to enforce NSA policy Evaluated systems to serve as surrogates to enforce NSA policy – • Expects vendors to seek product evaluation Expects vendors to seek product evaluation • – Historically, this is the exception, not the rule Historically, this is the exception, not the rule – • Evaluation is supposed to Evaluation is supposed to “ “authorize authorize” ” use use • – Traditionally, MLS systems had to achieve a certain level of Traditionally, MLS systems had to achieve a certain level of – evaluation and incorporate certain features: “ “B1 B1” ” or or “ “EAL4 EAL4” ” evaluation and incorporate certain features: – In practice, the DAA is the final authority In practice, the DAA is the final authority – • In practice, evaluation becomes one more factor In practice, evaluation becomes one more factor • – Some MLS systems use evaluated products Some MLS systems use evaluated products – – Some MLS systems rely on other assurances Some MLS systems rely on other assurances – October 2003 Cryptosmith LLC 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Integration: a multilevel governance challenge New Forms of service delivery for municipalities,

Integration: a multilevel governance challenge New Forms of service delivery for municipalities,

Migration and Refugees Integration: a multilevel governance challenge New Forms of service delivery for municipalities, the contribution of social dialogue and good practice for well being at work Monday November 14 th 2016 Ramon Sanahuja

479 views • 29 slides
STEP CHALLENGE February 7 th March 8 th CHALLENGE OVERVIEW This Step Challenge is a fun

STEP CHALLENGE February 7 th March 8 th CHALLENGE OVERVIEW This Step Challenge is a fun

Marion County Public Schools STEP CHALLENGE February 7 th March 8 th CHALLENGE OVERVIEW This Step Challenge is a fun and effective 30-day walking challenge where your goal is to increase your daily average steps by 25% * ! *If you are not

466 views • 8 slides
VAST CHALLENGE 2017 Bianca Barnucz & Stephanie Wegscheidl OVERVIEW VAST Challenge

VAST CHALLENGE 2017 Bianca Barnucz & Stephanie Wegscheidl OVERVIEW VAST Challenge

VAST CHALLENGE 2017 Bianca Barnucz & Stephanie Wegscheidl OVERVIEW VAST Challenge User Challenge 1 Challenge 2 Challenge 3 Grand Challenge Implementation Project Management & Outlook VAST CHALLENGE 2017

270 views • 16 slides
THIS IS WHERE CHANGE BEGINS - Worlds Challenge Challenge February 12, 2018 1 AGENDA

THIS IS WHERE CHANGE BEGINS - Worlds Challenge Challenge February 12, 2018 1 AGENDA

THIS IS WHERE CHANGE BEGINS - Worlds Challenge Challenge February 12, 2018 1 AGENDA Introduction to the SDGs - Rules of the Worlds Challenge Challenge Sustainable Development Mixer 2 Triple Bottom Line An

789 views • 46 slides
www.bpho.org.uk Oxford 24 th June 2014 Physics Challenge AS Challenge A2 Challenge

www.bpho.org.uk Oxford 24 th June 2014 Physics Challenge AS Challenge A2 Challenge

www.bpho.org.uk Oxford 24 th June 2014 Physics Challenge AS Challenge A2 Challenge Experimental Project BPhO Round 1 Round 2 Training Camp IPhO Moreover a physics problem should be difficult in order to entice

720 views • 33 slides
Challenge: InMutaGene https://www.crackit.org.uk/challenge-21- inmutagene Launch Meeting 10

Challenge: InMutaGene https://www.crackit.org.uk/challenge-21- inmutagene Launch Meeting 10

Challenge: InMutaGene https://www.crackit.org.uk/challenge-21- inmutagene Launch Meeting 10 September 2015 The Challenge To develop in vitro / in silico assay(s) that can be used singly or in combination to improve risk assessment for GT

547 views • 17 slides
30 / 40 piece challenge presentation by Lizbeth Atkinson Where did the challenge begin? The idea

30 / 40 piece challenge presentation by Lizbeth Atkinson Where did the challenge begin? The idea

30 / 40 piece challenge presentation by Lizbeth Atkinson Where did the challenge begin? The idea of the 40 piece challenge began when Elissa Milne, an Australian born composer, musician and teacher discovered this statement in a book one day,

281 views • 7 slides
Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic Challenge V2.0 * Conclusions Introduction Why this forensic Challenge ? * To promote and impulse the Forensic Analysis in our Region -- Hispanoamerica--

558 views • 19 slides
Whither Challenge Question Authentication? 12 May 2009 Mike Just University of Edinburgh

Whither Challenge Question Authentication? 12 May 2009 Mike Just University of Edinburgh

University of Cambridge Security Seminar Series Whither Challenge Question Authentication? 12 May 2009 Mike Just University of Edinburgh Outline What are Challenge Questions? Challenge Question Research Our Research Collecting

765 views • 28 slides
Promoting Sustainability: A Challenge for All Our biggest challenge in this new century is to

Promoting Sustainability: A Challenge for All Our biggest challenge in this new century is to

Promoting Sustainability: A Challenge for All Our biggest challenge in this new century is to take an idea that seems abstract - sustainable development - and turn it into a daily reality for all the worlds people . Kofi Annan, UN

321 views • 15 slides
Arizona FAF$A Challenge Julie Sainz, M.Ed. Arizona FAF$A Challenge Project Manager Arizona

Arizona FAF$A Challenge Julie Sainz, M.Ed. Arizona FAF$A Challenge Project Manager Arizona

Arizona FAF$A Challenge Julie Sainz, M.Ed. Arizona FAF$A Challenge Project Manager Arizona Commission for Postsecondary Education Agenda Agenda What is the AZ FAF$A Challenge New State Goal Challenge Categories Incentives

666 views • 21 slides
The Challenge Avoiding the next GFC... The Challenge - Producing More with Less

The Challenge Avoiding the next GFC... The Challenge - Producing More with Less

Banking 4 Food Edwin van Raalte The Challenge Avoiding the next GFC... The Challenge - Producing More with Less today 2050 Natural Natural Resources Resources Every minute 158 & Footprint more mouths to feed Of

632 views • 41 slides
Climate-KIC 9 December 2015 t The Climate Challenge and opportunities Challenge Opportunities

Climate-KIC 9 December 2015 t The Climate Challenge and opportunities Challenge Opportunities

Climate-KIC 9 December 2015 t The Climate Challenge and opportunities Challenge Opportunities 2 o C is the guard rail for A unique opportunity: we must manageable climate address the biggest challenge change. facing mankind

489 views • 13 slides
@ International KEYSTONE Challenge Track Conference Challenge Track Koice 11 12 May 2015

@ International KEYSTONE Challenge Track Conference Challenge Track Koice 11 12 May 2015

@ International KEYSTONE Challenge Track Conference Challenge Track Koice 11 12 May 2015 Sanda Martini - Ipi University of Rijeka Challenge Track Any challenge in the scope of KEYSTONE project is welcome. What open

200 views • 19 slides
Personal Choice and Challenge Questions: A Security and Usability Assessment 16 July 2009 Mike

Personal Choice and Challenge Questions: A Security and Usability Assessment 16 July 2009 Mike

SOUPS 2009 Personal Choice and Challenge Questions: A Security and Usability Assessment 16 July 2009 Mike Just University of Edinburgh (joint work with David Aspinall) Challenge Question Authentication Authentication credential is answer

394 views • 20 slides
1. Introduction butterfillS@ceu.hu butterfillS@ceu.hu first challenge second challenge We

1. Introduction butterfillS@ceu.hu butterfillS@ceu.hu first challenge second challenge We

1. Introduction butterfillS@ceu.hu butterfillS@ceu.hu first challenge second challenge We are stuck with our two main ways of describing and explaining things, one which treats objects and events as mindless, and the other which treats

854 views • 82 slides
Virtual Pedigree Genealogy Without Borders Current Situation Lots of windows Context switching

Virtual Pedigree Genealogy Without Borders Current Situation Lots of windows Context switching

Virtual Pedigree Genealogy Without Borders Current Situation Lots of windows Context switching Dynamic Ascendancy http://youtu.be/I9FboVzmrBw Current Focus Dynamic Descendancy Descendancy Charts... Help find missing descendants.

384 views • 17 slides
Welcome! Please review your Annual Meeting Packet and help yourself to refreshments. The meeting

Welcome! Please review your Annual Meeting Packet and help yourself to refreshments. The meeting

Welcome! Please review your Annual Meeting Packet and help yourself to refreshments. The meeting will convene at 3:05. 2017 Annual Membership Meeting Agenda Call to Order ___________________________________ 3:05 Minutes

1.09k views • 91 slides
Punctuation is prosody Making historic transcriptions of Karuk accessible for revitalization and

Punctuation is prosody Making historic transcriptions of Karuk accessible for revitalization and

Punctuation is prosody Making historic transcriptions of Karuk accessible for revitalization and research Clare Sandy and Line Mikkelsen University of California, Berkeley ICLDC 4, Honolulu, Hawaii 28 February 2015 Intro Results

430 views • 27 slides
9:00 AM - 2:00 PM St. Anne's Maternity Home LOS ANGELES COUNTY COMMISSION ON HIV 3530 Wilshire

9:00 AM - 2:00 PM St. Anne's Maternity Home LOS ANGELES COUNTY COMMISSION ON HIV 3530 Wilshire

LOS ANGELES COUNTY COMMISSION ON HIV 3530 Wilshire Boulevard, Suite 1140 Los Angeles, CA 90010 TEL (213) 738-2816 FAX (213) 637-4748 www.hivcommission-1a.info COMMISSION ON HIV MEETING June 12,2008 9:00 AM - 2:00 PM St. Anne's Maternity Home

510 views • 30 slides
MySQL: An Ecosystem, Not Just a Company Michael Monty Widenius Chief Executive Officer,

MySQL: An Ecosystem, Not Just a Company Michael Monty Widenius Chief Executive Officer,

MySQL: An Ecosystem, Not Just a Company Michael Monty Widenius Chief Executive Officer, Monty Program Ab monty@askmonty.org Year in Review Recession Fuelled MySQL adoption Acquisition Pressure to cut costs will always

481 views • 24 slides
Systemtap FrOSCon (25. August 2013) Stefan Seyfried Linux Consultant & Trainer B1 Systems

Systemtap FrOSCon (25. August 2013) Stefan Seyfried Linux Consultant & Trainer B1 Systems

Systemtap FrOSCon (25. August 2013) Stefan Seyfried Linux Consultant & Trainer B1 Systems GmbH seife@b1-systems.de Systemtap B1 Systems GmbH Systemtap 2 / 46 What is Systemtap? systemtap is a scriptable monitoring and analysis

705 views • 56 slides
Investing in A Stronger Kentucky Cleaning Up, Rather than Piling On Tax Breaks for Powerful

Investing in A Stronger Kentucky Cleaning Up, Rather than Piling On Tax Breaks for Powerful

Investing in A Stronger Kentucky Cleaning Up, Rather than Piling On Tax Breaks for Powerful Interests September 10, 2016 False Choices Education Pensions Fiscal Investing in Responsibility Stronger KY Healthy Healthy Budget Communities

633 views • 25 slides
Grieg Seafood ASA

Grieg Seafood ASA

Grieg Seafood ASA griegseafood.com 1 Agenda

848 views • 35 slides

More recommend