CS662 System Security Certification

1
CS662 System Security Certification
Accreditation

• DII COE
• Overview
• by
• Randy Johnston

2
What is DII COE?

• Defense Information Infrastructure Common
  Operating Environment (DII COE).
• Administered by the Defense Information System
  Agency (DISA), the DII COE
• is a multifaceted framework for interoperability
  that encompasses
• guidelines for software construction, packaging,
  and behavior
• guidelines for the operating environment
• guidelines for the accompanying documentation
• several compatible reference implementations of
  the operating environment for representative
  platforms, in the form of kernel and
  infrastructure support software
• guidelines for the reuse and sharing of software
  and data
• a repository of shareable software and data and
• tools and procedures for registering, verifying,
  submitting, and certifying mission applications
  as being DII COE compliant.

3
The DII COE Mandate

• All UNIX-based C4I legacy systems other
  than mainframes shall be Level 5 DII COE
  complaint. All new C4I emerging systems and
  upgrades shall be Level 6 complaint with the goal
  of achieving Level 7. For those systems not
  achieving the goal, waivers must be requested.
• The DII COE will evolve as necessary to
  maintain compliance with the Joint Technical
  Architecture, which mandates the DII COE
  compliance levels stipulated above.
• (Memorandum from the Assistant Secretary of
  
• Defense - May 23, 1997)

4
The DII COE Challenge

• Position the system architecture to take
  advantage of technological advances. At the same
  time, the system must not sacrifice quality,
  stability, or functionality. In keeping with
  current DoD trends, the COE emphasizes the use of
  commercial products and standards to take
  advantage of investments made by industry.
• (From the DII COE Version 3.1 Baseline
• Specifications - April 3, 1997)

5
The Scope of the DII COE

• The DII COE is not a system it is a foundation
  for building systems
• The DII COE is a network-centric plug-and-play
  open architecture, presently designed and
  implemented around a client/server model.
• The DII COE includes an implementation of the
  components defined to be in the COE. The
  reference implementation is the key to
  reusability and interoperability. Use of the
  reference implementation provided is required to
  assure interoperability and is therefore a
  fundamental requirement for DII COE compliance.
  The reference implementation may change over time
  to take advantage of new technologies or to fix
  problems.
• The DII COE is an evolutionary acquisition and
  implementation strategy. It emphasizes
  incremental development and fielding to reduce
  the time required to put new functionality into
  the hands of the warrior, while not sacrificing
  quality nor incurring unreasonable program risk
  or cost.
• (DII COE Integration Runtime Specification
  Version 4.1 - Oct. 3, 2000)

6
The DII COE and Developers

• Architecture
• A precisely defined JTA-compliant architecture
  specifying how system components will interact
  and fit together, and definition of the
  system-level interface to COE components.
• Runtime Environment
• A standard operating environment that includes
  the look and feel, operating systems, and
  windowing environment.
• Data Environment
• A standard data environment that prescribes the
  rules whereby applications can share data with
  other applications.
• Reference Implementation
• A defined set of already implemented reusable
  functions and data.ext

7
The DII COE and Developers (continued)

• APIs
• A collection of interfaces for accessing COE
  components.
• Standards and Specifications
• A set of principles that describe what the COE
  is, and a set of rules regarding how to use the
  COE, how to construct software segments, how to
  create a GUI, etc...
• Development Methodology
• A process for developing, integrating, and
  distributing the system and a process for sharing
  components among developers. The COE is intended
  to emphasize and encourage incremental
  development.

8
DII COE Program Objectives

• Common software foundation
• Software reusability
• Standardization
• Interoperability
• Scalability
• Portability
• Security
• Improved time-to-delivery

9
The Pragmatic Reasons for DII COE

• To simplify the problem of integration.
• To standardize the software installation process.
  
• To address security concerns.
• To reduce hardware/software costs.
• To share data among applications (and users).
• To reduce the likelihood of developing
  functionally equivalent code over and over again,
  for different projects.

10
DII COE Compliance Categories

• Category 1
• Runtime Environment
• Levels 1 through 8, inclusive
• Category 2
• Style Guide
• How the system appears to the user
• Category 3
• Architecture Compatibility
• How the software fits into the COEs
  client-server architecture
• Category 4
• Software Quality
• Metrics to assess program risk and software
  maturity

11
Current DII COE standards

• Operating Systems UNIX with full
  support for POSIX.1 and .2
  Windows NT 4.0 Win2K (partial POSIX.1)
• User interfaces Common Desktop
  Environment (Unix)
• Windows GUI (NT 4.0)
• Networking Ethernet LANs WAN (DISN
  SIPRNET)
• TCP/IP, SMTP, SNMP, HTML, BSD
  Sockets
• Data Management COTS RDBMS - Oracle,
  Sybase, Informix
• Microsoft SQL Server for
  Windows NT
• gt The Shared Data
  Environment (SHADE)
• Security Orange Book C2, and lots
  of other stuff
• Kerberos key encryption (full
  DCE is gone)
• User productivity Netscape Navigator
  with email newsgroups Core
  Windows applications (Microsoft Office)
• Programming Neutral, but ANSI C/C
  Suns Java 2
• Languages Win32 MFC ( Java 2) for
  Windows NT

12
The DII COE Kernel

• Runs on a set of certified COTS hardware/software
  platforms.
• Certification performed by DISA for Sun, HP, and
  Windows NT.
• Kernel components
• Operating system patches (Y2K, security, and
  vendor bug fixes).
• Common Desktop Environment (CDE) for UNIX.
• Security enhancements (gt system security
  lockdown).
• System administrator security manager
  functional separation.
• Segment (software package) installation/de-install
  ation utility.
• Common printing facility.
• Common account management interface for UNIX and
  NT.

13
DII COE Authorized Platforms

• UNIX-based systems
• The COE Kernel is directly implemented and
  supported by DISA (for the COE 3.x, 4.x and 5.x
  release families).
• Sun Solaris 7 8 (with full COTS/GOTS
  application suite).
• HP-UX 10.20 11.0 (with full COTS/GOTS
  application suite).
• Kernel Platform Compliance Program
• DISA makes available the Kernel source code (COE
  4.2 now available).
• Platform vendor signs up to port the Kernel to
  the proposed system.
• Platform is certified by DISA, and added to COE
  platform list.
• KPC Validated Platform List
• Compaq Tru64 UNIX 4.0e (COE Kernel V3.3 only).
• SGI IRIX 6.5.3 (COE Kernel V3.3 only).
• Other KPC systems under development
• IBM AIX S/390 mainframe

14
DII COE Authorized Platforms

• Non-UNIX systems
• Presently, only Windows NT 4.0 (with plans for
  Windows 2000, slowed mainly by the security
  certification process).
• Includes basic COTS applications, plus a limited
  set of GOTS applications, projected to expand as
  quickly as DISA can fund and deliver the software
  using its collection of COE contractors)
• DISAs plan
• Re-host the core DII COE library of legacy
  UNIX-based GOTS applications (mainly written in
  platform-specific C) on Windows NT/2000 using a
  platform-neutral language that can be written
  once and then deployed across all DII COE
  supported OS platforms.

15
COE Component Segments
16
Some Comments on DII COE Compliance (from the
DII COE Chief Engineer)

• If you cant get to Level 4, dont bother. (Find
  that piece of paper that says Waiver in big
  letters and good luck.)
• Level 5 is the Minimal DII COE Compliance
  Level.
• The software and data must be in segment format.
• The VerifySeg utility must report successful
  segmentation.
• The software must coexist with the COE Kernel and
  other applications.
• The segment must install/de-install using the
  Segment Installer.
• Separation of application from database is
  encouraged (but not required).
• Level 6 Dont (and I mean dont) bring your
  own map, correlator, or communications services.
  Start sharing resources.
• Level 7 No replication of SHADE data.
  Constraints and business rules are in the
  database, not the application. The application
  must be separate from the database.

17
Major Systems Employing DII COE

• Global Command and Control System
• GCCS is a deployed Command, Control,
  Communications, Computers, and Intelligence (C4I)
  system with two main objectives the replacement
  of the Worldwide Military Command and Control
  System (WWMCCS) and the implementation of the C4I
  for the Warrior concept. GCCS includes multiple
  workstations cooperating in a distributed LAN/WAN
  environment. Key features include push/pull data
  exchange, data processing, sensor fusion, dynamic
  situation display, analysis and briefing support,
  and maintenance of a common tactical picture
  among the distributed GCCS sites.

18
Major Systems Employing DII COE

• Global Combat Support System
• GCSS is presently under development and is
  targeted
• for the warfighting support functions (logistics,
  
• transportation, etc.) to provide a system that is
  fully
• interoperable with the warfighter C4I system.
• Implemented at its fullest potential, GCSS will
  provide
• both warfighter support to include reachback
  from
• deployed commanders into the CONUS sustaining
  base
• infrastructure and cross-functional integration
  on a
• single workstation platform.

19
GCCS Site Configuration

• Local installations
• US Space Command at PAFB NORAD (since April
  1995).
• Air Force Space and Army Space (since October
  1995).
• Global Network backbone
• SIPRNET (Secret Internet Protocol Router
  Network).
• Core Technologies and system platforms
• TCP/IP over Ethernet ATM switches.
• Sun UNIX servers and workstations running
  Solaris.
• HP UNIX servers and workstations running HP-UX.
• PC clients running Windows NT 4.0.
• DII COE Kernel V3.x DISA-certified COTS/GOTS
  applications.

20
References

• http//DIICOE\Independent Verification and
  Validation - DII COE.htm
• http//xml.coverpages.org/dii-coeXMLRegistry.html
• http//DIICOE\Defense Information Infrastructure
  Common Operating Environment\diicoe_body.htm

21
Summary

• The Defense Information Infrastructure (DII)
  Common Operating Environment (COE) was developed
  in late 1993. DII COE was designed to eliminate
  duplication of development (in areas such as
  mapping, track management, and communication
  interfaces) and eliminate design incompatibility
  among Department of Defense (DoD) systems.
  Conceptually, the COE is designed to reduce
  program cost and risk through reusing proven
  solutions and sharing common functionality,
  rather than developing systems from "scratch"
  every time. The purpose of DII COE is to field
  systems with increasing interoperability,
  reusability, portability, and operational
  capability, while reducing development time,
  technical obsolescence, training requirements,
  and life-cycle cost.

22
Conclusion

• This concludes the DII COE overview.
• Questions?