CS662 System Security Certification - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

CS662 System Security Certification

Description:

Certification performed by DISA for Sun, HP, and Windows NT. Kernel components: ... The segment must install/de-install using the Segment Installer. ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 23
Provided by: randolph8
Category:

less

Transcript and Presenter's Notes

Title: CS662 System Security Certification


1
CS662 System Security Certification
Accreditation
  • DII COE
  • Overview
  • by
  • Randy Johnston

2
What is DII COE?
  • Defense Information Infrastructure Common
    Operating Environment (DII COE).
  • Administered by the Defense Information System
    Agency (DISA), the DII COE
  • is a multifaceted framework for interoperability
    that encompasses
  • guidelines for software construction, packaging,
    and behavior
  • guidelines for the operating environment
  • guidelines for the accompanying documentation
  • several compatible reference implementations of
    the operating environment for representative
    platforms, in the form of kernel and
    infrastructure support software
  • guidelines for the reuse and sharing of software
    and data
  • a repository of shareable software and data and
  • tools and procedures for registering, verifying,
    submitting, and certifying mission applications
    as being DII COE compliant.

3
The DII COE Mandate
  • All UNIX-based C4I legacy systems other
    than mainframes shall be Level 5 DII COE
    complaint. All new C4I emerging systems and
    upgrades shall be Level 6 complaint with the goal
    of achieving Level 7. For those systems not
    achieving the goal, waivers must be requested.
  • The DII COE will evolve as necessary to
    maintain compliance with the Joint Technical
    Architecture, which mandates the DII COE
    compliance levels stipulated above.
  • (Memorandum from the Assistant Secretary of
  • Defense - May 23, 1997)

4
The DII COE Challenge
  • Position the system architecture to take
    advantage of technological advances. At the same
    time, the system must not sacrifice quality,
    stability, or functionality. In keeping with
    current DoD trends, the COE emphasizes the use of
    commercial products and standards to take
    advantage of investments made by industry.
  • (From the DII COE Version 3.1 Baseline
  • Specifications - April 3, 1997)

5
The Scope of the DII COE
  • The DII COE is not a system it is a foundation
    for building systems
  • The DII COE is a network-centric plug-and-play
    open architecture, presently designed and
    implemented around a client/server model.
  • The DII COE includes an implementation of the
    components defined to be in the COE. The
    reference implementation is the key to
    reusability and interoperability. Use of the
    reference implementation provided is required to
    assure interoperability and is therefore a
    fundamental requirement for DII COE compliance.
    The reference implementation may change over time
    to take advantage of new technologies or to fix
    problems.
  • The DII COE is an evolutionary acquisition and
    implementation strategy. It emphasizes
    incremental development and fielding to reduce
    the time required to put new functionality into
    the hands of the warrior, while not sacrificing
    quality nor incurring unreasonable program risk
    or cost.
  • (DII COE Integration Runtime Specification
    Version 4.1 - Oct. 3, 2000)

6
The DII COE and Developers
  • Architecture
  • A precisely defined JTA-compliant architecture
    specifying how system components will interact
    and fit together, and definition of the
    system-level interface to COE components.
  • Runtime Environment
  • A standard operating environment that includes
    the look and feel, operating systems, and
    windowing environment.
  • Data Environment
  • A standard data environment that prescribes the
    rules whereby applications can share data with
    other applications.
  • Reference Implementation
  • A defined set of already implemented reusable
    functions and data.ext

7
The DII COE and Developers (continued)
  • APIs
  • A collection of interfaces for accessing COE
    components.
  • Standards and Specifications
  • A set of principles that describe what the COE
    is, and a set of rules regarding how to use the
    COE, how to construct software segments, how to
    create a GUI, etc...
  • Development Methodology
  • A process for developing, integrating, and
    distributing the system and a process for sharing
    components among developers. The COE is intended
    to emphasize and encourage incremental
    development.

8
DII COE Program Objectives
  • Common software foundation
  • Software reusability
  • Standardization
  • Interoperability
  • Scalability
  • Portability
  • Security
  • Improved time-to-delivery

9
The Pragmatic Reasons for DII COE
  • To simplify the problem of integration.
  • To standardize the software installation process.
  • To address security concerns.
  • To reduce hardware/software costs.
  • To share data among applications (and users).
  • To reduce the likelihood of developing
    functionally equivalent code over and over again,
    for different projects.

10
DII COE Compliance Categories
  • Category 1
  • Runtime Environment
  • Levels 1 through 8, inclusive
  • Category 2
  • Style Guide
  • How the system appears to the user
  • Category 3
  • Architecture Compatibility
  • How the software fits into the COEs
    client-server architecture
  • Category 4
  • Software Quality
  • Metrics to assess program risk and software
    maturity

11
Current DII COE standards
  • Operating Systems UNIX with full
    support for POSIX.1 and .2
    Windows NT 4.0 Win2K (partial POSIX.1)
  • User interfaces Common Desktop
    Environment (Unix)
  • Windows GUI (NT 4.0)
  • Networking Ethernet LANs WAN (DISN
    SIPRNET)
  • TCP/IP, SMTP, SNMP, HTML, BSD
    Sockets
  • Data Management COTS RDBMS - Oracle,
    Sybase, Informix
  • Microsoft SQL Server for
    Windows NT
  • gt The Shared Data
    Environment (SHADE)
  • Security Orange Book C2, and lots
    of other stuff
  • Kerberos key encryption (full
    DCE is gone)
  • User productivity Netscape Navigator
    with email newsgroups Core
    Windows applications (Microsoft Office)
  • Programming Neutral, but ANSI C/C
    Suns Java 2
  • Languages Win32 MFC ( Java 2) for
    Windows NT

12
The DII COE Kernel
  • Runs on a set of certified COTS hardware/software
    platforms.
  • Certification performed by DISA for Sun, HP, and
    Windows NT.
  • Kernel components
  • Operating system patches (Y2K, security, and
    vendor bug fixes).
  • Common Desktop Environment (CDE) for UNIX.
  • Security enhancements (gt system security
    lockdown).
  • System administrator security manager
    functional separation.
  • Segment (software package) installation/de-install
    ation utility.
  • Common printing facility.
  • Common account management interface for UNIX and
    NT.

13
DII COE Authorized Platforms
  • UNIX-based systems
  • The COE Kernel is directly implemented and
    supported by DISA (for the COE 3.x, 4.x and 5.x
    release families).
  • Sun Solaris 7 8 (with full COTS/GOTS
    application suite).
  • HP-UX 10.20 11.0 (with full COTS/GOTS
    application suite).
  • Kernel Platform Compliance Program
  • DISA makes available the Kernel source code (COE
    4.2 now available).
  • Platform vendor signs up to port the Kernel to
    the proposed system.
  • Platform is certified by DISA, and added to COE
    platform list.
  • KPC Validated Platform List
  • Compaq Tru64 UNIX 4.0e (COE Kernel V3.3 only).
  • SGI IRIX 6.5.3 (COE Kernel V3.3 only).
  • Other KPC systems under development
  • IBM AIX S/390 mainframe

14
DII COE Authorized Platforms
  • Non-UNIX systems
  • Presently, only Windows NT 4.0 (with plans for
    Windows 2000, slowed mainly by the security
    certification process).
  • Includes basic COTS applications, plus a limited
    set of GOTS applications, projected to expand as
    quickly as DISA can fund and deliver the software
    using its collection of COE contractors)
  • DISAs plan
  • Re-host the core DII COE library of legacy
    UNIX-based GOTS applications (mainly written in
    platform-specific C) on Windows NT/2000 using a
    platform-neutral language that can be written
    once and then deployed across all DII COE
    supported OS platforms.

15
COE Component Segments
16
Some Comments on DII COE Compliance (from the
DII COE Chief Engineer)
  • If you cant get to Level 4, dont bother. (Find
    that piece of paper that says Waiver in big
    letters and good luck.)
  • Level 5 is the Minimal DII COE Compliance
    Level.
  • The software and data must be in segment format.
  • The VerifySeg utility must report successful
    segmentation.
  • The software must coexist with the COE Kernel and
    other applications.
  • The segment must install/de-install using the
    Segment Installer.
  • Separation of application from database is
    encouraged (but not required).
  • Level 6 Dont (and I mean dont) bring your
    own map, correlator, or communications services.
    Start sharing resources.
  • Level 7 No replication of SHADE data.
    Constraints and business rules are in the
    database, not the application. The application
    must be separate from the database.

17
Major Systems Employing DII COE
  • Global Command and Control System
  • GCCS is a deployed Command, Control,
    Communications, Computers, and Intelligence (C4I)
    system with two main objectives the replacement
    of the Worldwide Military Command and Control
    System (WWMCCS) and the implementation of the C4I
    for the Warrior concept. GCCS includes multiple
    workstations cooperating in a distributed LAN/WAN
    environment. Key features include push/pull data
    exchange, data processing, sensor fusion, dynamic
    situation display, analysis and briefing support,
    and maintenance of a common tactical picture
    among the distributed GCCS sites.

18
Major Systems Employing DII COE
  • Global Combat Support System
  • GCSS is presently under development and is
    targeted
  • for the warfighting support functions (logistics,
  • transportation, etc.) to provide a system that is
    fully
  • interoperable with the warfighter C4I system.
  • Implemented at its fullest potential, GCSS will
    provide
  • both warfighter support to include reachback
    from
  • deployed commanders into the CONUS sustaining
    base
  • infrastructure and cross-functional integration
    on a
  • single workstation platform.

19
GCCS Site Configuration
  • Local installations
  • US Space Command at PAFB NORAD (since April
    1995).
  • Air Force Space and Army Space (since October
    1995).
  • Global Network backbone
  • SIPRNET (Secret Internet Protocol Router
    Network).
  • Core Technologies and system platforms
  • TCP/IP over Ethernet ATM switches.
  • Sun UNIX servers and workstations running
    Solaris.
  • HP UNIX servers and workstations running HP-UX.
  • PC clients running Windows NT 4.0.
  • DII COE Kernel V3.x DISA-certified COTS/GOTS
    applications.

20
References
  • http//DIICOE\Independent Verification and
    Validation - DII COE.htm
  • http//xml.coverpages.org/dii-coeXMLRegistry.html
  • http//DIICOE\Defense Information Infrastructure
    Common Operating Environment\diicoe_body.htm

21
Summary
  • The Defense Information Infrastructure (DII)
    Common Operating Environment (COE) was developed
    in late 1993. DII COE was designed to eliminate
    duplication of development (in areas such as
    mapping, track management, and communication
    interfaces) and eliminate design incompatibility
    among Department of Defense (DoD) systems.
    Conceptually, the COE is designed to reduce
    program cost and risk through reusing proven
    solutions and sharing common functionality,
    rather than developing systems from "scratch"
    every time. The purpose of DII COE is to field
    systems with increasing interoperability,
    reusability, portability, and operational
    capability, while reducing development time,
    technical obsolescence, training requirements,
    and life-cycle cost.

22
Conclusion
  • This concludes the DII COE overview.
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com