trusted computing in government networks may 16, 2007 richard c. (dick) schaeffer, jr. information...
TRANSCRIPT
![Page 1: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/1.jpg)
Trusted Computing in Government Networks
May 16, 2007
Richard C. (Dick) Schaeffer, Jr.Information Assurance Director
National Security Agency
![Page 2: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/2.jpg)
2
Information Assurance at NSA
• Information Assurance Directorate (IAD)– Provides products and services critical to
protecting U.S. National Security information and Information systems
• National Information Assurance Research Laboratory (NIARL)– Carries out research and design of technologies
needed to enable IA solutions for the National Security Community
• Where SELinux was created and is currently maintained
![Page 3: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/3.jpg)
3
IA Mission Drivers
• Rapid introduction of new technology & services– IA solutions must be available at the speed of the IT
business and customer cycles
• Commercial IT dominates most systems; commercial IA growing– Leveraging/influencing commercial activity is vital
• Global communications and connectivity expanding• National IA needs are growing while resources
remain fairly constant
![Page 4: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/4.jpg)
4
Government/Industry Partnerships
• To meet national IA needs requires cooperative partnerships
• Multi-layered approach– Define System-level Solutions
• Operational Capability Needs• Appropriate IA for Operational Environment
– Determine that System Components (COTS & GOTS) provide necessary capabilities and assurance
• Technology Guidance• Evaluation
– Develop and Provide User Guidance• Configuration Guides• Systems Security Engineering
![Page 5: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/5.jpg)
5
Timing IA Integration
• IA Activities provide benefit all along the product/system life-cycle
• Early in the Development (maximum affect)– Microsoft Security Design Lifecycle (SDL)– Solution and Technology IA Design Guidance
• Near Product/System Completion– Vulnerability Analysis– Evaluation
• During Operation– Appropriate Usage Guidance– Configuration Guidance (e.g., Microsoft Windows)
![Page 6: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/6.jpg)
6
Balanced IA
• Not all systems require equal security functionality and assurance
• Operational factors dictate necessary security functions– Data sensitivity and perishability– System connectivity– Criticality of operation– Operational environment
![Page 7: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/7.jpg)
7
The Right Security Functionality
• Lessons learned from Multi-Level Security (MLS) systems
• SELinux embodies a sound architecture for flexible Mandatory Access Control
• Open Source Community has helped to shape the end result
• Continuing to work toward further advances
![Page 8: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/8.jpg)
8
Achieving Higher Assurance
• Crucial to NSA and its clients and customers• Getting the right functionality with medium
assurance through current efforts• EAL4 is not the end of the road, just a start
– Higher levels of assurance (EAL4+ and beyond) critical to meeting the needs of the National Security Community
![Page 9: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/9.jpg)
9
High Assurance Platform (HAP)
• NSA program fusing advanced commercial initiatives with NSA certified trusted applications into a customizable platform security architecture
• Leverage COTS to maximum extent possible– Hardware assisted virtualization and security
• Enable solution integrators to compose a high assurance platform instance from available components that can:– Isolate and separate security domains– Provide assured information sharing across security domains
![Page 10: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/10.jpg)
10
IA Tools
• Automated tools needed to counter immense product and system complexity, particularly for high assurance
• Tools applied across the life-cycle– Development
• Risk and design analysis tools• Threat modeling tools
– Analysis• Source and binary code analysis tools
– Operation• Patch management tools• Configuration checking and consistency tools
![Page 11: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/11.jpg)
11
Gaining Commercial Acceptance
• The technical challenges facing the National Security Community are the same, the stakes are quite different
• Unique perspective on threats and countermeasures to share with industry
• Our role is to not just “tell” industry what to do; we must also contribute to the “solution” space
![Page 12: Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency](https://reader036.vdocuments.mx/reader036/viewer/2022082805/5514f84c550346b0478b6175/html5/thumbnails/12.jpg)
12
Reaching the Goal
• Significant progress to date!• Need to keep advancing in all areas:
– Enhanced Security Functionality– Increased Assurance
• More Robust Tools
– Improved Commercial Acceptance– Expanded Partnerships