120 likes | 279 Views
Information System Security Engineering and Management. Risk Analysis and System Security Engineering Homework (#2, #3) Dr. William Hery hery@isis.poly.edu. GTS System Description.
E N D
Information System Security Engineering and Management Risk Analysis and System Security Engineering Homework (#2, #3) Dr. William Hery hery@isis.poly.edu
GTS System Description • Poly is going to set up a new, streamlined grade and transcript server (GTS). There is already a grade database on a secure server (SGDB) that is used for entering and maintaining grade records. The new server will allow students to • view grades without directly accessing the SGDB • generate full transcripts to be sent to grad schools and potential employers from Poly in such a manner as to have the recipients of the transcripts trust that they are authentic. • For the homework, assume that SGDB is already secure, but there will now be a new application/server accessing it. Also assume that students can access GTS from the Poly intranet, or from the Internet.
GTS Architecture SGDB Poly Intranet email Employer Or Grad School GTS Poly Intranet Internet Student Student
Assets at Risk (HW 2) • Integrity of the grade database (but this is assumed to be a secure system for our purposes) • Privacy of the student grades • Integrity of the grades presented to the student • Integrity of the transcripts sent out (and the trust the recipients have in that integrity) • Availability of the GTS service • Poly's reputation as a premier institution in information security and an NSA COE in IA
Threats (HW 2) • Students who want to do general mischief or target specific students • Outsiders who want to do general mischief or target specific students • Students who want to send a fake transcript
Risk Management Approach (HW 2) • Integrity of the grade database: transfer risk to SGDB owner • privacy of the student grades: mitigate with technology (authentication of user via password); accept some risk of stolen password • integrity of the grades presented to the student: mitigate with technology (protect GTS system) • integrity of the transcripts sent out: mitigate by digitally signing transcripts • availability of the GTS service: mitigate with firewall; accept some risk of breaking through firewall • Poly's reputation as a premier institution in information security: mitigate with all of the above
Systems Engineering: First Steps • Mission Needs Statement: • A system to allow students to securely access their grades, and to allow them to have authenticated transcripts emailed to prospective employers and grad schools. • CONOPS: A student logs into the GTS Server over the Internet or Poly’s Intranet. A user friendly GUI allows the student to see which courses they have taken and what their grades have been. The student can also request a complete transcript be emailed to prospective employers and grad schools. For security reasons, the GTS will be a separate server from the existing, secure grade database, the SGDB.
System Architecture and Functional Requirements • Architecture: see first slide • GTS Functional Requirements: • User (student) interface: must authenticate user, accept user query, format response • SGDB interface: must format grade query, send to SGDB, accept response • Individual grade request • Complete transcript request • GTS must be able to create and send authenticated transcripts via email
Hig Level Security Requirements • Authentication of Students • Protect SGDB from attack at SGDB/GTS interface (preserve integrity and privacy of the grade database) • Protect all networks from snooping (privacy of grades) • Protect confidentiality and integrity of all processing on the GTS server • Provide a digital signature service to sign emailed transcripts from GTS • Protect GTS from denial of service attacks
Revised GTS Architecture With External Security Components MyPoly user Password auth. SGDB Poly Intranet Poly Signing Service email Employer Or Grad School GTS Poly Intranet Internet Student Student
Security Requirements Allocation: • Authentication of Students: MyPoly User ID/Password authentication • Protect SGDB from attack at SGDB/GTS interface: Custom interface to prevent attack (“application firewall”) • Protect all networks from snooping: Encrypted network links • Protect confidentiality and integrity of all processing on the GTS server: Server security • Provide a digital signature service to sign emailed transcripts from GTS: Poly Digital Signature Service • Protect GTS from denial of service attacks: firewalls, secured server