230 likes | 478 Views
ACCORD-THSM. OKB SAPR S pecial D esign B ureau for CAD S ystem D esign www.accord.ru accord@accord.ru. Accord. R eliability in an unreliable world. Moscow, 2009. A personal computer. is only an instrument. Are you sure that YOUR PC. is only YOUR instrument?.
E N D
ACCORD-THSM OKB SAPR Special Design Bureau for CAD System Design www.accord.ru accord@accord.ru Accord. Reliability in an unreliable world. Moscow, 2009
A personal computer is only an instrument.
Are you sure thatYOURPC is only YOUR instrument?
Are you sure about itEACH TIME that you turn it on?
You need the assurance that while you were away no PC hardware has been changed; no PC software has been changed; no data, stored on your PC, has been changed or became known to an intruder.
The first task of information protection is protecting your PC from an unauthorized access (UA).
An UA protection tool must: allow working on this PC only for those users who have a right to work on this PC, according to the security policy; control the state of the computer hardware and software for the absence of any unauthorized modifications.
What should an UA protection tool be like? Checking the integrity of the software environment with the help of some program — can we be sure in its own integrity? First, we need to check that program. And before that — check the programthat is going to check it…
What should an UA protection tool be like? Can you pull yourself out of a swamp? You can. If you have a support point, which isoutside of the swamp.
What should an UA protection tool be like? independent from the PC operating and file system inaccessiblefor the introduction of modifications hardware-based.
At the end of last century, we have developed a concept of hardware protection and an information protection tool (IPT), which became and still remains a standard for all of the developers.
Accord-TSHM: Trusted Startup HardwareModule Provides a trusted startup of the operating system, irrespective of its type, for an authenticated user.
What is trusted startup? The operating system boot is performed only aftera successful completion of the following procedures: the user identification/authentication. integrity checking of the PC hardware and the software utilities, using a step-by-step integrity inspection algorithm; blocking the operating system boot from the external storage mediums;
Accord-TSHM: has been patented has18conformance certificates and has more than250 000 implementations in the governmental authorities and commercial organizations, as of the end of the year 2007.
An unauthorized access controlproductAccord-TSHM consists of the hardware and software tools: Hardware tools: Controller; Contact device; Identifier; Software tools: BIOS-controller of the Accord-TSHM complex; Firmware, realizing the TSHM functions.
The main versions of Accord-TSHM include the controllers: for PCs with bussed interface PCI Accord-5MX, Accord-5.5 with a powerful cryptographicsubsystem.
Accord-TSHM may also include the controllers: Accord-4.5 for PCs with bussed interfaceISA; Accord-PC104 for PCs with PC-104 standard; Accord-5МХ mini-PCI for notebooks and other computers with bussed interface mini-PCI;
All of the Accord-TSHM modifications: may be used at any PC; use personal TM-identifiers DS 1992 – DS 1996 with the memory volume up to 64 Kbit (or other identifier upon the customer’s request) for the user identification and provide for the registration of up to 128 users at the PC (Accord-PC104 – up to 1024); use a password up to 12 symbols for the users authentication, entered from the keyboard;
All of the Accord-TSHM modifications: work with the following types of file systems: FAT 12,FAT 16,FAT 32,NTFS,HPFS, FreeBSD,Ext2FS,Sol86FS,QNXFS,MINIX; provide the integrity control of the PC hardware before the operating system boot; provide the integrity control of the programs and data before the operating system boot, as well as the protection from the implementation ofthe destructive applications (DA);
All of the Accord-TSHM modifications: perform the boot blocking from the alienable carriers (FDD, CD ROM, ZIP-drive); perform the registration of the users activities in the system log, located in the permanent memory of the controller; provide the system administration (users and personal identifiers registration, assigning files for integrity control, PC hardware component control, system log display and so on).
Reliability in an unreliable world: introducing modification into the Accord-TSHM firmware is impossible; the controller’s even log is accessible only to the information security administrator, that is why concealing an attempt of UA from him is impossible; on the basis of Accord-TSHM, there have been developed the access delimitation and information protection control systems (when installing special software).
Individual packaging: in accordance with the customer’s requirement, Accord-TSHMand Accord-TSHM-based systems may use various identifiers: TM-identifiers (standard packaging), smart-cards, fingerprint reading devices, PCDST (personal cryptographic data security tool) SHIPKA.
ACCORD-TSHM OKB SAPR Special Design Bureau for CAD System Design www.accord.ru accord@accord.ru Accord. Reliability in an unreliable world. Moscow, 2009