Security: Enabling Collaboration

1
Security Enabling Collaboration

• Some issues arising from sharing information in a
  connected environment

2
Who am I?

• Vince Freeman
• Technical Security Manager
• Metropolitan Police Service

3
Agenda

• Need to share information
• Infrastructure to provide capability
• Security

4
The need to share information

• Crime and Disorder Act
• Child Protection issues
• Joined up stuff

5
Sharing Information Some Issues

• Integrity
• Source
• Who
• Trust

6
Infrastructure

• Physical Connection
• Networks
• Authentication
• Authorisation
• Security Architecture

7
Security Services

• Entity Authentication
• Access Control
• Data Confidentiality
• Data Integrity
• Non-repudiation

8
Security Mechanisms

• Cryptography
• Digital Signature
• Access Control
• Data Integrity
• Authentication Exchange
• Traffic Padding
• Routing Control
• Notarisation

9
Pervasive Security Mechanisms

• Trusted Functionality
• Security Labels
• Event Detection
• Audit Trail
• Recovery

10
Networks
11
(No Transcript)
12
(No Transcript)
13
Authentication Authorisation

• The Police Service security architecture is to
  enable employees and other stakeholders to access
  the services, when needed, according to their
  business need, whether access is via fixed,
  mobile or remote device, from either their home
  or other Force systems, whilst ensuring
  confidentiality, availability and integrity of
  information.
• Employees includes uniform and civilian staff and
  must be extendable to include partners and
  agencies

14
The Requirement

• Authentication and authorisation for an officer
  to
• Accessing the Home Agency from Home Agency
  infrastructure
• Accessing other Agency information from Home
  Agency Infrastructure
• Accessing the Home Agency from other Agency
  infrastructure

15
Current Policy Environment

• Existing ACPO Community Security Policy adopts
  best practice, ie
• Manual of Protective Security
• CESG
• Accreditation framework and Codes of Connection
• ITSEC/Common Criteria evaluations
• BS7799
• Local Security Policy

16
Services are accessed from within, by their own
subjects
17
Services are accessed externally, by their own
subjects
18
Services are accessed externally, by other
forcessubjects
19
Architectural conclusions

• Define standard subject types and their
  credentials, eg organisation, user, device or
  automated system
• Compliance with the Codes of Connection and
  associated policies and standards must be
  achieved throughout usage and maintenance of the
  system, eg
• Input of credentials will be in strict accordance
  with Accreditation policy and processes
• Define common interface standards for passing
  credentials and control data between logical
  elements

20
Architectural conclusions

• Requesting services outside of a subjects
  entitlement will be via an alternative manual
  channel.
• A Force specific extension to the Common
  Minimum Standard may thus be agreed
• Definition and agreement must be achieved
  concerning standardisation of roles and functions
  and the Common Minimum Standard for entitlement.
• Management and distribution of Common Minimum
  Standards shall be centrally managed.

21
Architectural Conclusions.

• Define trust levels for permitting levels of
  authorisation for each service.
• The architecture enables auditing around every
  component, and audit data across forces can be
  compared.
• There is a requirement for users to be able to
  access their home Force login from another Forces
  client terminal

22
Questions?

• vince.freeman_at_met.police.uk