Trusted Computing in Government Networks

May 16, 2007

Richard C. (Dick) Schaeffer, Jr.Information Assurance Director

National Security Agency

2

Information Assurance at NSA

• Information Assurance Directorate (IAD)– Provides products and services critical to

protecting U.S. National Security information and Information systems

• National Information Assurance Research Laboratory (NIARL)– Carries out research and design of technologies

needed to enable IA solutions for the National Security Community

• Where SELinux was created and is currently maintained

3

IA Mission Drivers

• Rapid introduction of new technology & services– IA solutions must be available at the speed of the IT

business and customer cycles

• Commercial IT dominates most systems; commercial IA growing– Leveraging/influencing commercial activity is vital

• Global communications and connectivity expanding• National IA needs are growing while resources

remain fairly constant

4

Government/Industry Partnerships

• To meet national IA needs requires cooperative partnerships

• Multi-layered approach– Define System-level Solutions

• Operational Capability Needs• Appropriate IA for Operational Environment

– Determine that System Components (COTS & GOTS) provide necessary capabilities and assurance

• Technology Guidance• Evaluation

– Develop and Provide User Guidance• Configuration Guides• Systems Security Engineering

5

Timing IA Integration

• IA Activities provide benefit all along the product/system life-cycle

• Early in the Development (maximum affect)– Microsoft Security Design Lifecycle (SDL)– Solution and Technology IA Design Guidance

• Near Product/System Completion– Vulnerability Analysis– Evaluation

• During Operation– Appropriate Usage Guidance– Configuration Guidance (e.g., Microsoft Windows)

6

Balanced IA

• Not all systems require equal security functionality and assurance

• Operational factors dictate necessary security functions– Data sensitivity and perishability– System connectivity– Criticality of operation– Operational environment

7

The Right Security Functionality

• Lessons learned from Multi-Level Security (MLS) systems

• SELinux embodies a sound architecture for flexible Mandatory Access Control

• Open Source Community has helped to shape the end result

• Continuing to work toward further advances

8

Achieving Higher Assurance

• Crucial to NSA and its clients and customers• Getting the right functionality with medium

assurance through current efforts• EAL4 is not the end of the road, just a start

– Higher levels of assurance (EAL4+ and beyond) critical to meeting the needs of the National Security Community

9

High Assurance Platform (HAP)

• NSA program fusing advanced commercial initiatives with NSA certified trusted applications into a customizable platform security architecture

• Leverage COTS to maximum extent possible– Hardware assisted virtualization and security

• Enable solution integrators to compose a high assurance platform instance from available components that can:– Isolate and separate security domains– Provide assured information sharing across security domains

10

IA Tools

• Automated tools needed to counter immense product and system complexity, particularly for high assurance

• Tools applied across the life-cycle– Development

• Risk and design analysis tools• Threat modeling tools

– Analysis• Source and binary code analysis tools

– Operation• Patch management tools• Configuration checking and consistency tools

11

Gaining Commercial Acceptance

• The technical challenges facing the National Security Community are the same, the stakes are quite different

• Unique perspective on threats and countermeasures to share with industry

• Our role is to not just “tell” industry what to do; we must also contribute to the “solution” space

12

Reaching the Goal

• Significant progress to date!• Need to keep advancing in all areas:

– Enhanced Security Functionality– Increased Assurance

• More Robust Tools

– Improved Commercial Acceptance– Expanded Partnerships