Information Assurance IATF

1
Information AssuranceIATF

• IATF
• Information Assurance Technical Framework
• Security System Engineering methodology

2
Information Systems Security Engineering

• ISSE
• Art and science of discovering users' information
  protection needs.
• Designing systems with economy and elegance, so
  that safely resists the forces to which they will
  be subjected.
• Building and testing such systems.

3
SE versus ISSE
SE Activities ISSE Activities Discover needs
Discover information protection needs Define
system requirements Define system security
requirements Design system architecture Design
system security architecture Develop detailed
design Develop detailed security
design Implement system Implement system
security Assess effectiveness Assess system
security effectiveness
4
Technical Security Countermeasures

• Determination of the appropriate technical
  security measures to address attacks at all
  layers in the information system.

5
Security Services

• Services that safeguard information and
  information systems.
• Authentication
• Confidentiality
• Integrity
• Availability
• Non-repudiation
• Robustness
• Interoperability

6
Potential Adversaries

• Nation States
• Hackers
• Terrorists
• Organized crime
• Other criminal elements
• International press
• Industrial competitors
• Disgruntled employees
• Careless employees

7
Motivations

• Access to sensitive information
• Track operations
• Disrupt operations
• Steal money, products or services
• Free use
• Embarrassment
• Overcome technical challenge
• Compromise

8
Classes of Attacks

• Passive attacks
• Active attacks
• Close-in attacks
• Insider attacks
• Distribution attacks

9
Passive Attacks

• Monitoring open communication
• Ethernet sniffing
• Decrypting weak encryption
• WEP
• Password sniffing
• Traffic analysis

10
Active Attacks

• Modify data in transit
• Modify financial transactions
• Replay
• Session hijacking
• Privileges of established session
• Masquerading
• Unauthorized access

11
Active Attacks (cont'd)?

• Exploiting app's or OS
• Outlook Express
• Exploit trust
• Transitive trust, e.g. PGP

12
Active Attacks (cont'd)?

• Data execution
• Open an attachment that is a script
• Inserting and exploiting code
• Trojan horse, back door
• Denial of service

13
Close-in Attacks

• Access to comm's wires, RF, visual, etc.
• Information gathering
• IP addresses, IDs, passwords
• System tampering
• Bugging, keyboard sniffing SW
• Physical compromise

14
Insider Attacks

• Malicious
• Modify/destroy data and security mechanisms
• Establish unauthorized access
• Cover channels
• Physical damage/alteration
• Non-malicious
• Modification of data/configuration
• Physical damage

15
Distribution Attacks

• Attacks on the distribution chain of products or
  services
• Modification at vendor's facility
• Modification during distribution

16
Primary Security Services

• Access control
• Confidentiality
• Integrity
• Availability
• Nonrepudiation

17
Access Control

• Limiting access to information, services and
  communications
• Identity and authentication
• You are who you say you are.
• Authorization
• Access rights
• Decision
• Rights match demand
• Enforcement
• Grant/deny and log/notify

18
Confidentiality

• Information state
• Transmission, storage, proccessing
• Data type
• Crypto keys, config files, text
• Amounts or parts of data
• Value and life of data

19
Elements of Confidentiality

• Data protection
• Data separation
• Traffic flow protection

20
Integrity

• Prevention of unauthorized data modification
• Detection and notification of unauthorized
  modification
• Logging all modifications

21
Availability

• Protection from attack
• Protection from unauthorized use
• Resistance to routine failures

22
Non-repudiation

• Repudiation
• Denial by one entity in a multi-entity exchange
  that it participated.
• Non-repudiation
• Proof of origin, proof of identity, time of
  origination
• Proof of delivery, time of delivery
• Audit trail

23
Security Technologies

• APIs
• CryptoAPI
• Cryptographic Service Providers
• File Encryptors
• Hardware tokens
• Intrusion detectors
• IPSec
• IKE

24
Security Technologies(cont'd)?

• Packet filter
• Stateful packet filter
• PKI
• SSL
• S/MIME
• Trusted Computing Base
• Virus detectors
• Tripwire

25
Robustness Strategy

• Determine the Degree of Robustness
• Strength of Mechanism
• Levels of Assurance

26
Purpose

• Security engineering guidance
• Levels of security mechanisms
• Security services appropriate to mission
• Levels of assurance

27
Robustness Strategy Functions

• Assessment of strength mechanisms
• Definition of product requirements
• Subsequent risk assessments
• Recommend security requirements

28
Robustness Strategy Process

1. Assess value
2. Assess threat
3. Determine strength level appropriate
4. Determine implementation necessary

29
Degree of Robustness
30
Degree of Robustness Determination

• Level of strength and assurance recommended for a
  potential security mechanism
• Depends on
• Value of information
• Perceived threat environment

31
Information Value Levels
.VI. Violation of the information protection
policy would have negligible adverse effects or
consequences. .V2. Violation of the information
protection policy would adversely affect and/or
cause minimal damage to the security, safety,
financial posture, or infrastructure of
the organization. .V3. Violation of the
information protection policy would cause some
damage to the security, safety, financial
posture, or infrastructure of the
organization. .V 4. Violation of the information
protection policy would cause serious damage to
the security, safety, financial posture, or
infrastructure of the organization. .V5.
Violation of the information protection policy
would cause exceptionally grave damage to the
security, safety, financial posture, or
infrastructure of the organization.
32
Threat Levels
.TI. Inadvertent or accidental events ( e.g.,
tripping over a power cord). .T2. Passive, casual
adversary with minimal resources who is willing
to take little risk ( e.g., listening). .T3.
Adversary with minimal resources who is willing
to take significant risk ( e.g., unsophisticated
hackers). .T4. Sophisticated adversary with
moderate resources who is willing to take little
risk (e.g., organized crime, sophisticated
hackers, international corporations). .T5.
Sophisticated adversary with moderate resources
who is willing to take significant risk (e.g.,
international terrorists). .T6. Extremely
sophisticated adversary with abundant resources
who is willing to take little risk (e.g.,
well-funded national laboratory, nation-state,
international corporation).
.T7. Extremely sophisticated adversary with
abundant resources who is willing to take extreme
risk (e.g., nation-states in time of crisis).
33
Strength of Mechanism Levels
.SMLl is defined as basic strength or good
commercial practice. It is resistant
to unsophisticated threats (roughly comparable to
TI to T3 threat levels) and is used to protect
low-value data. Examples of countered threats
might be door rattlers, ankle biters, and
inadvertent errors. .SML2 is defined as medium
strength. It is resistant to sophisticated
threats (roughly comparable to T4 to TS threat
levels) and is used to protect medium-value data.
It would typically counter a threat from an
organized effort (e.g., an organized group of
hackers). .SML3 is defined as high strength or
high grade. It is resistant to the national
laboratory or nation-state threat (roughly
comparable to T6 to T7 threat levels) and is used
to protect high-value data. Examples of the
threats countered by this SML are an
extremely sophisticated, well-funded technical
laboratory and a nation-state adversary.
34
Assurance Levels
EAL 1 Functionally Tested EAL 2 Structurally
Tested EAL 3 Methodically Tested and Checked EAL
4 Methodically Designed, Tested and Reviewed EAL
5 Semiformally Designed and Tested EAL
6 Semiformally Verified Design and Tested EAL
7 Formally Verified Design and Tested
35
Security Mechanisms

1. Security Management
2. Confidentiality
3. Integrity
4. Availability
5. Identification Authentication
6. Access Control
7. Accountability
8. Non-repudiation

36
Security Management Mechanisms
37
Confidentiality Mechanisms
38
Integrity Mechanisms
39
Availability Mechanisms
40
Identification Authentication Mechanisms
41
Access Control Mechanisms
42
Accountability Mechanisms
43
Non-Repudiation Mechanisms
44
Interoperability

• Contemporary Systems involve multiple networks as
  well as multiple heterogeneous computer systems
• All systems depend on communication
• Security must be as transparent as possible in
  such a compute environment

45
Elements of Interoperability

1. Architecture
2. Security Protocols
3. Standards Compliance
4. Interoperable Certificate Management
5. Agreement on Security Policies

46
Interoperability Strategy

1. Foster Standards
2. Security Negotiation
3. Support Open Standards