1 homeland security issues and solutions prof. steven a. demurjian, sr. director, cse graduate...
TRANSCRIPT
1
Homeland Security Issues and SolutionsHomeland Security Issues and SolutionsProf. Steven A. Demurjian, Sr.
Director, CSE Graduate ProgramComputer Science & Engineering Department
The University of ConnecticutStorrs, CT 06269-3155
[email protected]://www.engr.uconn.edu/~steve
http://www.engr.uconn.edu/~steve/DSEC/dsec.html(860) 486 - 4818
Lt. Col. Charles E. Phillips, Jr. Dept. of Electrical Engineering and Computer Science
United States Military AcademyWest Point, NY
[email protected](845) 938 - 5564
(Instructor at USMA/Ph.D. Student at UConn)
2
Dynamic Coalition for Homeland SecurityDynamic Coalition for Homeland Security CrisisCrisis
Any Situation Requiring National or International Attention
CoalitionCoalition Alliance of Organizations Military, Civilian, International or any Combination
DynamicDynamic CoalitionCoalition Formed in a Crisis and Changes as Crisis Develops Key Concern Being the Most Effective way to Solve
the Crisis Dynamic Coalition Problem (DCP)Dynamic Coalition Problem (DCP)
Security, Resource, and Information Sharing Risks that Occur as a Result of Coalition Being Formed Quickly
3
FADDAFATDS
GCCS-A
MCS
ASAS
CSSCS
Other
ABCS
U.N.
U.S.A
NGO/PVO
NATOMarine Corps
NavyAir Force
Army
GCCS
Battle Management
System
JointCommand
System
Army Battle Command
System
CombatOperations
System
U.S. Global C2 Systems
DC for Military Deployment/EngagementDC for Military Deployment/Engagement
LFCSCanada
SICF France
HEROS Germany
SIACCON Italy
OBJECTIVES: Securely Leverage Information in a
Fluid EnvironmentProtect Information While Simultaneously
Promoting the CoalitionSecurity Infrastructure in Support of DCP
4
DC for Medical EmergencyDC for Medical Emergency
Govt.
TransportationMilitaryMedics
LocalHealthCare
CDC
ISSUES: Privacy vs. Availability in Medical RecordsSupport Life-Threatening Situations via Availability of Patient Data on Demand
Pharma.Companies
Govt.MDs w/oBorders
RedCross
RNsEMTs
MDsState
HealthOther
5
Security Issues: Information Access and FlowSecurity Issues: Information Access and Flow What are the Security Requirements for Each User in DC What are the Security Requirements for Each User in DC
Information at What Times? Information at What Times? What Information Needs to Be Sent (Pushed) to Which What Information Needs to Be Sent (Pushed) to Which
Users at What Time (Regular Intervals)? Users at What Time (Regular Intervals)? Delivering Critical Data in Timely Fashion for DC Correct and Consistent Information at Right Time
What Information Needs to Be Available On-demand What Information Needs to Be Available On-demand (Pulled) to Which Users at What Time? (Pulled) to Which Users at What Time? Satisfying Dynamic Data Requirements for DC Exactly Enough Information and No More
Can we Support User Privileges that Change Based on the Can we Support User Privileges that Change Based on the “Context” and “State” of DC?“Context” and “State” of DC?
6
Security Issues: System ConsiderationsSecurity Issues: System Considerations How Does Distribution of a DC Affect Security Policy How Does Distribution of a DC Affect Security Policy
Definition and Enforcement?Definition and Enforcement? Are Security Handlers/Enforcement Mechanisms of DC Are Security Handlers/Enforcement Mechanisms of DC
Centralized and/or Distributed for Multiple Policies?Centralized and/or Distributed for Multiple Policies? Are there Reusable Security Components that Can Be
Composed on Demand to Support DC? Support for RBAC, DAC, and/or MAC?
What is the Impact of Legacy/COTs/GOTs of a DC on What is the Impact of Legacy/COTs/GOTs of a DC on Delivering the Information Securely?Delivering the Information Securely? At What Level, If Any, is Secure Access Available? How is Security Added If it is Not Present? What Techniques Are Needed to Control Access to
Legacy/COTS?
7
Security Issues: Different ApproachesSecurity Issues: Different Approaches Discretionary Access Control (DAC)Discretionary Access Control (DAC)
Restricts Access Based on Identity of Group/Subject Discretion Supports the “Pass-on” of Permissions
Role-Based Access Control (RBAC) Role-Based Access Control (RBAC) Permissions Based on Responsibilities or Roles Users may Play Multiple Roles Each RBAC Flexible in both Management and Usage
Mandatory Access Control (MAC)Mandatory Access Control (MAC) Restrict Access Based on Sensitivity Level (Top
Secret, Secret, Confidential, Unclassified) If Clearance of User Dominates Classification of
Object, Access is Allowed Homeland Security Likely Requires All Three at Times!Homeland Security Likely Requires All Three at Times!
8
Security Issues: Confidence in SecuritySecurity Issues: Confidence in Security AssuranceAssurance
Are the Security Privileges for Each User of DC Adequate (and Limited) to Support their Needs?
What Guarantees are Given by the Security Infra-structure of DC in Order to Attain: Safety: Nothing Bad Happens During Execution Liveness: All Good Things can Happen During Execution
ConsistencyConsistency Are the Defined Security Privileges for Each User
Internally Consistent? Least-Privilege Principle Are the Defined Security Privileges for Related Users
Globally Consistent? Mutual-Exclusion
9
Solution: RBAC/MAC at Design LevelSolution: RBAC/MAC at Design LevelPoll Topic Archived System
JuniorOperator- C
Senior Staff - S
Poll Topic Admin - TS
Enter PollTopic - S
Activate PollTopic - TS Deactivate Poll
Topic - TS
Enter Question - C Verify Topic - S
EnterOrdinaryQuestion - C
EnterSpecialQuestion - S
CategorizeQuestion - C
Enter Category - S
Supervisor - TS
<<extend>>
<<extend>><<extend>>
<<include>>
<<extend>>
<<include>>
<<include>>
<<include>>
Security as First Security as First Class Citizen in Class Citizen in the Design the Design ProcessProcess
Use Cases and Use Cases and Actors (Roles) Actors (Roles) Marked with Marked with Security LevelsSecurity Levels
Dynamic Dynamic Assurance Assurance Checks to Insure Checks to Insure that Connections that Connections Do Not Do Not ViolateViolateMAC RulesMAC Rules
10
Other Possibilities: Reverse Engineer Existing Policy to
Logic Based DefinitionUML Model with Security
Capture all Security Requirements!
Extending UML for the Designand Definition of Security Requirements
Address Security in Use-Case Diagrams, Class Diagrams, etc., as Part of Application Design
Formal Security Policy Definition usingExisting Approach (Logic Based Policy Language)
Iterate, Revise
Bi-Directional Translation - Prove thatall UML Security Definitions in UML in Logic-Based Policy Language and vice-versa
Security Model Generation
RBAC99 RBAC/MAC UConn
OracleSecurity
Must Prove Generation Captures all Security Requirements
Solution: UML-Based RBAC/MACSolution: UML-Based RBAC/MAC
11
Legacy
COTS
GOTS
Database
JavaClient
LegacyClient
DatabaseClient
COTSClient
Solution: Unifying RBAC/MACSolution: Unifying RBAC/MAC Interacting Software ArtifactsInteracting Software Artifacts New/Existing Clients use APIsNew/Existing Clients use APIs Control Access to APIs by … Control Access to APIs by …
Role (who) Classification (MAC) Time (when) Data (what) Delegation
Security AuthorizationClient (SAC)
Security Policy Client (SPC)
SecurityRegistration
Services
Unified Security Resource (USR)Security Policy
Services
Security DelegationClient (SDC)
SecurityAnalysis and
Tracking (SAT)
SecurityAuthorization
Services
Working Prototype Available
usingCORBA,
JINI, Java, Oracle
NETWORK
12
Solution: Unifying RBAC/MACSolution: Unifying RBAC/MAC Security Model that Unifies RBAC/MAC with Method-Security Model that Unifies RBAC/MAC with Method-
Level Approach Level Approach Constraints using: Role, MAC, Time, and Data Customized Access to APIs of Artifacts Contrast with Object Level Approach
Security Policy and Enforcement AssuranceSecurity Policy and Enforcement Assurance Design Time (During Security Policy Definition)
Security Assurance Run Time (Executing Application) Security
Enforcement RBAC/MAC for a Distributed Setting (Middleware)RBAC/MAC for a Distributed Setting (Middleware)
Flexible, Portable, Platform Independent Security with Minimal/Controlled Impact
13
Concluding RemarksConcluding Remarks Dynamic Coalitions will play a Critical Role in Homeland Dynamic Coalitions will play a Critical Role in Homeland
Security during Crisis SituationsSecurity during Crisis Situations Critical to Understand the Security Issues for Users and Critical to Understand the Security Issues for Users and
System of Dynamic CoalitionsSystem of Dynamic Coalitions At UConn, Multi-Faceted Approach to SecurityAt UConn, Multi-Faceted Approach to Security
Attaining Consistency and Assurance at Policy Definition and Enforcement
Capturing Security Requirements at Early Stages via UML Enhancements/Extensions
Providing a Security Infrastructure that Unifies RBAC and MAC for Distributed Setting
http://www.engr.uconn.edu/~steve/DSEC/dsec.html