170 likes | 338 Views
Evaluation of Grid Security Solutions using Common Criteria. Syed Naqvi, Michel Riguidel {naqvi, riguidel}@enst.fr Networks and Computer Sciences Department TELECOM PARIS – Graduate School of Telecommunications 46 Rue Barrault, Paris 75013, France. 46 Rue Barrault, Paris 75013.
E N D
Evaluation of Grid Security Solutions using Common Criteria Syed Naqvi, Michel Riguidel {naqvi, riguidel}@enst.fr Networks and Computer Sciences Department TELECOM PARIS – Graduate School of Telecommunications 46 Rue Barrault, Paris 75013, France
Télécom Paris – At a Glance … • French Premier School of Information Sciences and Technologies • Established in 1878 • Four Departments: • Networks and Computer Sciences • Electronics and Communications • Image and Signal Processing • Economy, Management, Humanities and Social Sciences • Statistics of the year 2003 • Total Budget of 45 Million Euros • 142 Academics, 241 PhD students, 1270 Internees • 270 Revues, 550 Conferences • 41 Projects, 16 Softwares, 14 Patents Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
Formal Security Evaluation: Why? • Independent (third party) attestation of a developer’s security claims against a defined security evaluation criteria. • Evaluations result in independent measure of assurance, therefore build confidence in security. • Secures development process and yields better product. • Comprehensive security solutions cannot be evaluated by simple examination! Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
Evolution of Evaluations Criteria TCSEC Canadian Criteria 1985 1993 UK CLs 1989 German Criteria Federal Criteria Draft 1993 French Criteria ITSEC 1991 v1.0 1996 v2.0 1998 Dutch Criteria Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
CC for Grid Security Architecture • Both CC and Computational Grids have emerged by the late 1990s. • However, the Grid community lacks experience in the exercise of CC! • Perhaps, because security features were overlooked in the early Grid endeavors … • The growing size and profile of Grid oblige its designers to incorporate adequate security solutions. • The assessment of these solutions require excellent evaluation criteria. • CC has all the merits of such criteria Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
Naqvi S., Riguidel M., Demeure I.,Security Architecture for Health Grid using Ambient Intelligence,Proceedings of theHealth Grid Conference 2004 (HG2004), Clermont-Ferrand, France, January 29-30, 2004. Case Study: Health Grid http://www.healthgrid.org/HG04/proceeding/pdf/Naqvi.pdf Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
Health Grid – Security Model • Some definitionsSubject Object Operation • AssumptionsActive User Public User Technology UpdatesPhysical Protection • Security ObjectivesAvailability ConfidentialityIntegrity • Security FunctionsAccountability Auditability AuthenticationAuthorizationTraceabilityIdentificationAccess Control Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
Health Grid – Security Model • Sample Authorization Matrix R:Read only RA:Read with Anonymity R/W:Read and Write both Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
CC Evaluation of Health Grid SA Target of Evaluation (TOE) HEALTH GRID independent of the applications being run over it. TOE Security Environment • Assets:Data and information across the TOE, applications running over the TOE, computing resources constituting the TOE, storage repositories of the TOE, communication links (wired and/or wireless) within the TOE. Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
CC Evaluation of Health Grid SA TOE Security Environment • Assumptions:A small community of active users (A.ActiveUsers), a large community of public users (A.PublicUsers), and a provision of periodic revision of the security architecture (A.TechnologyUpdates). • Threats: Threats to Information (T.I), Threats to Resources (T.R) Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
CC Evaluation of Health Grid SA Security Objectives • Objectives for TOE (O.T)O.T.Documentation O.T.Availability O.T.Identity O.T.Integrity O.T.AcessControl O.T.ConfidentialityO.T.TamperProof O.T.Auditability Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
CC Evaluation of Health Grid SA Security Objectives • Objectives for TOE Environment (O.E)O.E.PhysicalProtectionO.E.CommunicationsProtectionO.E.DocumentationO.E.Review Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
CC Evaluation of Health Grid SA TOE Security Requirements • Functional Requirements minimum strength of function (SOF) is high – SOF-highClass FAU: Security Audit Class FPR: Privacy Class FCO: Communication Class FPT: Protection of the TSF Class FCS: Cryptographic Support Class FRU: Resource Utilization Class FDP: User Data Protection Class FTA: TOE Access Class FMT: Security Management Class FTP: Trusted Path/ChannelsClass FIA: Identification & authentication Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
CC Evaluation of Health Grid SA TOE Security Requirements • Assurance Requirements evaluation assurance level (EAL) is 4 – EAL4Class ACM: Configuration & Management Class ALC: Life Cycle Support Class ADO: Delivery & Operation Class ATE: Tests Class ADV: Development Class AVA: Vulnerability Assessment Class AGD: Guidance Documents Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
CC Evaluation of Health Grid SA Security Rationale • Security Objectives Rationale • Security Requirements Rationale Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland
Conclusions • As Grid technology becomes more widely adopted, the need for security will increase even more. • The need to protect privacy and security of priceless data over the Grid is fueling even more need for common security evaluation criteria. • It is imperative for the Grid community to exercise some formal evaluation mechanism for the Grid security solutions. • CC can play a vital role for the evaluation of Grid security solutions. Computing in High Energy Physics 2004 (CHEP'04), Interlaken - Switzerland