the impact of cots components on building trustworthy systems arthur pyster deputy assistant...
Post on 20-Dec-2015
221 views
TRANSCRIPT
![Page 1: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/1.jpg)
THE IMPACT OFTHE IMPACT OFCOTS COMPONENTS COTS COMPONENTS
ON BUILDING ON BUILDING TRUSTWORTHY TRUSTWORTHY
SYSTEMSSYSTEMS
Arthur Pyster
Deputy Assistant Administrator for Information Services and
Deputy Chief Information Officer
February 7, 2001
![Page 2: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/2.jpg)
2/7/01 2
The FAA’s JobThe FAA’s Job
Each day at 1000 staffed facilities, the FAA manages 30,000 commercial flights, using 40,000 major pieces of equipment, by 48,000 FAA employees, to safely move 2,000,000 passengers.
![Page 3: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/3.jpg)
2/7/01 3
National Airspace SystemNational Airspace System
• ~ 500 FAA Managed Air Traffic Control Towers
• ~ 180 Terminal Radar Control Centers
• 20 Enroute Centers
• ~ 60 Flight Service Stations
• ~ 40,000 Radars, VORs, Radios, …
![Page 4: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/4.jpg)
2/7/01 4
CIO’s Security MissionCIO’s Security Mission
Establish and lead a comprehensive program to minimize information systems security risks
Ensure critical systems are certified as secure
Ensure all FAA staff and contractors know and do what is required to maintain information systems security
Ensure cyber attacks are detected and repelled and that successful attacks have minimal effect
Maintain effective outreach to industry, government, and academia
Protect the FAA’s information infrastructure and help the aviation industry reduce security risks through leadership in innovative information assurance initiatives
![Page 5: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/5.jpg)
2/7/01 5
COTS Use within FAA (Part 1)COTS Use within FAA (Part 1)
>$2B annually in IT acquisitions
Most recent and planned systems are heavily COTS-based; e.g.
FAA Telecommunications Infrastructure
National Airspace Systems Information Management System
Next generation messaging
Rapid movement towards TCP/IP-based networking and Oracle-based DBMS
![Page 6: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/6.jpg)
2/7/01 6
COTS Use within FAA (Part 2)COTS Use within FAA (Part 2)
Even many “custom” air traffic control systems may be used by air traffic control authorities in many countries CTAS – advise order in which aircraft should
land
COTS is key to rapid and affordable deployment of new capabilities
Almost all heavily proprietary systems are old legacy ARTS – primary system for terminal air traffic
control
![Page 7: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/7.jpg)
2/7/01 7
COTS-related System VulnerabilitiesCOTS-related System Vulnerabilities(Part 1)(Part 1)
Source code known to many outside FAA, but not to those inside FAA
Knowledge of source code not controlled by FAA
Security often an “afterthought” in commercial systems – security not often a commercial success criteria
New releases of software could introduce new vulnerabilities and invalidate old mitigations
Hackers often go after vulnerabilities in COTS components
![Page 8: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/8.jpg)
2/7/01 8
COTS-related System VulnerabilitiesCOTS-related System Vulnerabilities(Part 2)(Part 2)
COTS rely heavily on commercial protocols and standards that are widely known, making it easier to exploit vulnerabilities
Easily available tools and knowledge mean less sophisticated hackers can exploit many vulnerabilities in COTS components
Generality of COTS components makes them more likely to have vulnerabilities and to introduce new vulnerabilities when integrated with other components.
Built-in COTS security features can be widely implemented, reducing vulnerability!
![Page 9: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/9.jpg)
2/7/01 9
Exponential Growth in Security IncidentsExponential Growth in Security Incidents
262 417 774
3734
9859
21756
0
5000
10000
15000
20000
25000
VulnerabilitiesReported
Incidents Handled
199819992000
Recent CERT-CC Experiences
![Page 10: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/10.jpg)
2/7/01 10
FAA’s 5 Layers of System ProtectionFAA’s 5 Layers of System Protection
Personnel
Security
Physical
Security
Compartmentalization/
Information Systems Security
Site Specific Adaptation
Redundancy
Archi
tectu
re an
d Eng
inee
ring A
wareness and Execution
![Page 11: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/11.jpg)
2/7/01 11
… … and A Generic ISS Service Perspectiveand A Generic ISS Service Perspective
Access
Control
Confidentiality
Availability
Archi
tectu
re an
d Eng
inee
ring A
wareness and Execution
Authentication
Integrity
![Page 12: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/12.jpg)
2/7/01 12
ISSCertifier
Sys Developer or Owner
CIO Certification
Agent
ThreatVulnerabilitiesLikelihoodImpact
Risk Management Plan
VA Report IS Security Plan ISS Test Plan &
Summary Results Protection Profile Certification
Statement
PrepareSCAP
Conduct Risk & VulnerabilityAssessments
System Certification &
Authorization Package
(SCAP)Package
• Certification Statement
• Authorization Statement
• Executive Summary
C&AStatements
to
DAADeploy
Comprehensive Certification ProcessComprehensive Certification Process
![Page 13: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/13.jpg)
2/7/01 13
Integrated Facility SecurityIntegrated Facility Security
SecureFacilityBoundary
Personneland Physical
Barrier
Shared Networks
Service A
HOST
ManualDARC
HOST
Service B
Service C
ElectronicBarrier
Private Netw
orksPhone lines
ElectronicBarrier
DSR
Authenticated& Authorized
Traffic
![Page 14: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/14.jpg)
2/7/01 14
Airport Traffic Control Tower andAirport Traffic Control Tower and Airport Surface Movement Airport Surface Movement
ASDE 3
• AOC
• AIRPORT
• RAMP CONTROL
Info Exchange
Air Traffic Control Tower
VoiceVoiceSwitch
Weather(AWOS/ASOS,
ITWS)
TDWR LTWIP
ACARS DL
AWOS/ASOS
Airport/Runway Equipment
SeparateStatus and
Control Devices
Tower Datalink-R WS
ARTCC
AMASS &ASDE-3 WS
ST
AR
SLA
N
TRACONSTARSLegend
Core INFOSECRequirements
INFOSECAdmin &
Management
NetworkScreeningService
CoreINFOSEC
Rqmtsincluding
Risk-driven
Tower Display Workstation(STARS Air
Traffic Display)
Flight DataI/O
Initial SMA(FFP1)
Weather(SupervisorWorkstation)
Integrated DisplaySystem Workstation(SAIDS)
In S
elec
ted
To
wer
s
E-IDS WS(Airport Status& Control)
SMA
TDLS-R WSWx (SupervisorWorkstation)
TDW(Air Traffic Display )
Voice VoiceSwitch
ATCT (Local Info. Servicesand LAN Control)
X
Target Data fromTRACON/STARS to
TDW
WANO-DVPN
O-DVPN
O-DVPN
• ASDE •Other FAA Facs• TDWR •AWOS/ASOS• ITWS •ACARS DL
Local Wx AWOS/ASOS, ITWS)
Software Updates
Remote Maintenance
AMASS/ASDE
ATCT
Legend
Core INFOSECRequirements Core INFOSEC
Requirements,including Risk-driven
INFOSECAdmin &
Management
Encrypted Interface
Plaintext Interface
ExtranetServer
XRemoval ofMalicious
Traffic from NW
O-DVPN
NAS Ops DataVirtual
Private NetworkNetwork Access
Control
NWAC
NetworkScreeningService
SStrongAuth of
NW Users
Common Network Security Interface
SNWAC
O-DVPNX
Current -2002 2003-2005
![Page 15: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/15.jpg)
2/7/01 15
Selected CTAS Security MeasuresSelected CTAS Security Measures
Enable basic security measures in operating system
Shut off unused Internet protocols
Audit system use to detect unauthorized access or operation
Banners warn users about penalties for misuse
Virtual Private Network for secure communication
![Page 16: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/16.jpg)
2/7/01 16
Selected FTI Security RequirementsSelected FTI Security Requirements
Basic Security Services Confidentiality, Integrity, Availability
Optional Enhanced Security Services Strong Authentication, Firewalls, Extranets,
VPNs, Enhanced confidentiality and integrity, Closed user groups, Enhanced remote access
![Page 17: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/17.jpg)
2/7/01 17
Oracle8Oracle8ii Security Features Security Features
User Authentication DB, external, OS, network, global, N-Tier
Password Management Account locking, password aging, history and
complexity checking
Fine Grained Access Control Views, PL/SQL API, Virtual Private Database
Advanced Security Option Data Privacy, Data Integrity, Authentication and
Single Sign On, Authorization
![Page 18: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/18.jpg)
2/7/01 18
Certifying COTS ComponentsCertifying COTS Components
ISO Protection Profiles establish standard security requirements for classes of systems such as firewalls, databases, operating systems, and even for a generic information system
COTS components can be “certified” for compliance with Protection Profiles by an official body such as the National Information Assurance Partnership.
Custom components can use tailored versions of COTS-oriented Protection Profiles.
![Page 19: THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d405503460f94a1b124/html5/thumbnails/19.jpg)
2/7/01 19
Closing ThoughtsClosing Thoughts COTS present new security challenges daily, but use
of COTS is key to rapidly and affordably delivering new services.
The 5-layers of FAA security implemented through a comprehensive certification process to achieve integrated facility security ensure the National Airspace System remains protected.
Greatest COTS research challenges:
Testing the security characteristics of black-box COTS components Understanding the security properties of composed COTS
components Architecting COTS-based systems for security