1 / 19

Secure Access Management for SECRET Operational Networks SAMSON

riona
Download Presentation

Secure Access Management for SECRET Operational Networks SAMSON

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Secure Access Management for SECRET Operational Networks (SAMSON) Dr. Daniel Charlebois DRDC Ottawa – Network Information Operations Section March 3rd, 2009 Good Morning. I would like to present some thoughts on how enabling secure access and sharing of information will involve disruptive technologies.Good Morning. I would like to present some thoughts on how enabling secure access and sharing of information will involve disruptive technologies.

    2. Objective The current DND environment enforces community of interest (caveat) separation using physically separate networks. There are three possible levels of separation, with different mechanisms: Level 1 separation – Different Security Classifications are separated using High-Grade Crypto devices to isolate domains Level 2 separation – Within a single level of classification different Warning Terms (Caveats) are separated using separate networks Level 3 – Need-to-Know separation may be possible using Application, O/S Security? e.g. Entrust Problems with this approach: Inhibits information sharing Inefficient and costly system, network, user administration Lack of synchronization can introduce security vulnerabilities The target environment is a single network encompassing all users and caveats, at least for a single security level. The ultimate goal is to extend to multiple security levels (MLS). Level 1 separation – Different Security Classifications are separated using High-Grade Crypto devices (separate networks for different classifications) Level 2 separation –Warning Terms (Caveats) separation using content-based security Level 3 – Need-to-Know separation using content-based security Advantages: Facilitates information sharing Efficient and cost-effective system, network, user administration Reduces potential for security vulnerabilities The current DND environment enforces community of interest (caveat) separation using physically separate networks. There are three possible levels of separation, with different mechanisms: Level 1 separation – Different Security Classifications are separated using High-Grade Crypto devices to isolate domains Level 2 separation – Within a single level of classification different Warning Terms (Caveats) are separated using separate networks Level 3 – Need-to-Know separation may be possible using Application, O/S Security? e.g. Entrust Problems with this approach: Inhibits information sharing Inefficient and costly system, network, user administration Lack of synchronization can introduce security vulnerabilities The target environment is a single network encompassing all users and caveats, at least for a single security level. The ultimate goal is to extend to multiple security levels (MLS). Level 1 separation – Different Security Classifications are separated using High-Grade Crypto devices (separate networks for different classifications) Level 2 separation –Warning Terms (Caveats) separation using content-based security Level 3 – Need-to-Know separation using content-based security Advantages: Facilitates information sharing Efficient and cost-effective system, network, user administration Reduces potential for security vulnerabilities

    3. Network-based Separation In the current separate network environment, a single user that belongs to the four different communities must be registered separately on each network. This imposes an administrative burden to maintain synchronization of the user’s account credentials across all networks. But, most important, if the user is a CANADIAN national on the CANUS network, but needs access to some CEO information, he cannot have access to this information without changing networks. So this configuration actually enforces inefficiency by inhibiting information sharing. In the current separate network environment, a single user that belongs to the four different communities must be registered separately on each network. This imposes an administrative burden to maintain synchronization of the user’s account credentials across all networks. But, most important, if the user is a CANADIAN national on the CANUS network, but needs access to some CEO information, he cannot have access to this information without changing networks. So this configuration actually enforces inefficiency by inhibiting information sharing.

    4. Content-based Separation The new environment is a single network for all users and caveats, for a single security level. Separation is provided by content-based encryption. All information is labelled and protected according to its label information. Release is controlled by a secure access management system. The new environment is a single network for all users and caveats, for a single security level. Separation is provided by content-based encryption. All information is labelled and protected according to its label information. Release is controlled by a secure access management system.

    5. Content-based Separation The new environment is a single network for all users and caveats, for a single security level. Separation is provided by content-based encryption. All information is labelled and protected according to its label information. Release is controlled by a secure access management system. The new environment is a single network for all users and caveats, for a single security level. Separation is provided by content-based encryption. All information is labelled and protected according to its label information. Release is controlled by a secure access management system.

    6. Content-based Separation All users on a single network Characteristics of content-based separation environmentCharacteristics of content-based separation environment

    7. “Defence-in Depth” Architecture Without content-based separation, in system-high mode, an authenticated user has access to all information. On a network with content-based separation, access to information is controlled by multiple security layers working together to provide a “defence-in-depth” approach. The security mechanisms ensure that access is granted only in after ensuring that user clearances and privileges and information label markings comply with security policy. Without content-based separation, in system-high mode, an authenticated user has access to all information. On a network with content-based separation, access to information is controlled by multiple security layers working together to provide a “defence-in-depth” approach. The security mechanisms ensure that access is granted only in after ensuring that user clearances and privileges and information label markings comply with security policy.

    8. Identity Management Centrally controlled Assign roles and privileges Assign Caveat or COI membership Automatic provisioning to all domains PKI enrolment Now we look a little closer at these defence in depth components starting with identity management. These are the basic required characteristics.Now we look a little closer at these defence in depth components starting with identity management. These are the basic required characteristics.

    9. Strong Authentication Public key digital credentials Two-factor authentication: Smartcard protected by Passphrase or Personal Identification Number (PIN) Biometric authentication: Smartcard protected by biometric property Single authentication process authenticates for all services and applications Single Signon Strong authentication involves the use of public key digital credentials and can be combined with another mechanism to improve the strength of the authentication.Strong authentication involves the use of public key digital credentials and can be combined with another mechanism to improve the strength of the authentication.

    10. Information Management All information objects must be labelled Label content reflects information properties Trusted label binding Information protected (encrypted) according to label content An essential condition for controlling access in this environment is to label all information objects in a trusted manner.An essential condition for controlling access in this environment is to label all information objects in a trusted manner.

    11. Content-based Protection Information objects are labelled and encrypted when created Access to an information object is governed by: User identity attributes, roles, privileges Information label content Security policy Access mediated by Policy Manager (Policy Decision Point)

    12. Policy-based Authorization - 1 This slide and the next illustrate the concept of policy-based authorization (i.e., access control) which is key to the integrated environment. All user requests for access to an information resource on a server are mediated by a policy server. On each information server a Policy Enforcement Point (PEP) intercepts each access request and sends the request to the policy server. This slide and the next illustrate the concept of policy-based authorization (i.e., access control) which is key to the integrated environment. All user requests for access to an information resource on a server are mediated by a policy server. On each information server a Policy Enforcement Point (PEP) intercepts each access request and sends the request to the policy server.

    13. Policy-based Authorization - 2 If access is granted or denied, the decision is communicated to the PEP which enforces the result. If access is granted or denied, the decision is communicated to the PEP which enforces the result.

    14. SAMPOC I & II Demonstrators Secure Access Management Proof of Concept (SAMPOC) Demonstrations Built from COTS products with the support of industry Demonstrated: Identity management and provisioning Secure policy-based access control to documents, web pages and database records Policy-based access control decision based on: Authenticated user credentials Resource labels Security policy

    15. SAMSON TDP Vision Demonstrate a security infrastructure using integrated COTS components Demonstrate separation of CEO, CANUS caveats on a single network Open standards Leverage COTS evergreening principle The SAMSON TDP will demonstrate how this environment will work for two basic communities: CEO and CANUSThe SAMSON TDP will demonstrate how this environment will work for two basic communities: CEO and CANUS

    16. SAMSON Project Objectives Integrate state-of-the-art components Demonstration in a live network environment Scaling and performance Trustable solutions Certification and accreditation Integration with DND applications Deployment considerations to the SECRET operational environment Align demonstrator with NOS project targets for DND Needs to fit into existing DND environment: e.g. Entrust PKI, Datakey Smartcards, MS AD DND moving to uniform environment but still needs interoperability with allies and other environments System evaluation and accreditation needs to be addressedAlign demonstrator with NOS project targets for DND Needs to fit into existing DND environment: e.g. Entrust PKI, Datakey Smartcards, MS AD DND moving to uniform environment but still needs interoperability with allies and other environments System evaluation and accreditation needs to be addressed

    17. Disruptive Technology Enterprise-wide security infrastructure New Security policies: merged networks All information labelled Information protected, managed according to content All information accesses mediated, logged No phased transition – “cold turkey cutover” This technology is disruptive for a number of reasons.This technology is disruptive for a number of reasons.

    18. SAMSON – Project Overview SOW TDP/Options TD Options – Services & S/W licenses Unique IP ownership Contract AWARDED ? Bell Technical Architecture - complete Functional Specification -complete Con Ops – complete C&A Unlike other projects, C&A is baked-in (part of the recipe) CSE providing system security engineering support for C&A activities Targeting Demo IAP – Phase 3 – CNet Demonstration Mandated to review C&A issues for the enterprise

    19. Thank You

More Related