The MILS Partitioning Communication System + RT CORBA = Secure Communications for SBC Systems
|
|
- Philip Harvey
- 6 years ago
- Views:
Transcription
1 The MILS Partitioning Communication System + RT CORBA = Secure Communications for SBC Systems Kevin Buesing Objective Interface Systems Field Applications Engineer kevin.buesing@ois.com Jeff Chilton Objective Interface Systems Senior Product Engineer jeff.chilton@ois.com This presentation represents joint research between the Air Force, Army, Navy, NSA, Boeing, Lockheed Martin, Objective Interface, Green Hills, Lynux Works, Wind River, GD, Rockwell Collins, MITRE, U of Idaho
2 Foundational Threats Privilege Mode Processing Buffer Overflow? Network Data Wild Creatures of the Net, Worms, Virus,... 9/16/2004 SBC
3 Foundational Threats (That MILS Protects Against) Privilege Mode Processing Paradigm Shift Network Data Under MILS Network Data and Privilege Mode Processing is Separated 9/16/2004 SBC
4 9/16/2004 SBC
5 MILS Overview 9/16/2004 SBC
6 The Whole Point of MILS Really simple: Dramatically increase the scrutiny of security critical code Dramatically reduce the amount of security critical code 9/16/2004 SBC
7 What does MILS do? Executive Overview MILS Architecture Objectives Enable the Application Layer Entities to Enforce, Manage, and Control Application Level Security Policies in such a manner that the Application Level Security Policies are Reference Non-bypassable Monitor Evaluatable Concept Always-Invoked Tamper-proof MILS = Multiple Independent Levels of Security/Safety 9/16/2004 SBC
8 MILS Architecture Objectives How does MILS achieve its objectives? Enforce an Information Flow, Data Isolation, Periods Processing, and Damage Limitation Security Policy between multiple address spaces: First, in a Microprocessor Centric Manner, i.e., MILS RTOS Kernel, Second, in a Network Centric Manner, i.e., MILS Middleware, in such a manner that the layered Security Policies are N E A T 9/16/2004 SBC
9 Orange Book vs. MILS Architecture CSCI (Main Program) Monolithic Applications User Mode Middleware Damage Limitation Network I/O Partitioning Monolithic Kernel File systems Mathematical Verification/ Evaluation Periods Processing Kernel Auditing Information Flow DAC Data isolation MAC Device drivers Privilege Mode 9/16/2004 SBC
10 Executive Overview MILS Three Layer Architecture Three distinct layers (John Rushby, PhD) Partitioning Kernel Trusted to guarantee separation of time and space Separate process spaces (partitions) Time partitioning Secure transfer of control between partitions Really small: 4K lines of code 1. Middleware Secure application component creation Secure end-to-end inter-object message flow Most of the traditional operating system functionality Device drivers, file systems, etc. Partitioning Communications System Extends the policies of Partitioning Kernel to communication Facilitates traditional middleware Real-time CORBA, DDS, web services, etc. 2. Applications Can enforce application-specific security functions e.g., firewalls, crypto services, guards 9/16/2004 SBC
11 Layer Responsibilities Partitioning Kernel Functionality Time and Space Partitioning Data Isolation Inter-partition Communication Periods Processing Minimum Interrupt Servicing Semaphores Timers Instrumentation MILS Middleware Functionality RTOS Services Device Drivers CORBA File System Partitioned Communication System Inter-node communication And nothing else! 9/16/2004 SBC
12 Executive Overview MILS Architecture High Assurance Application (User Mode) Partitions MILS - Multiple Independent Levels of Security MSL - Multi Single Level S TS S,TS MLS - Multi Level Secure SL - Single Level (SL) (SL) (MLS) Keyboard Device Driver (MSL) File Sys Device Driver (MSL) Network Interface Unit (MSL) PCS (MSL) RT CORBA Run Time Libraries RT CORBA Run Time Libraries RT CORBA Run Time Libraries RTOS Micro Kernel (MILS Partitioning Kernel) Supervisor Mode MMU, Inter-Partition Communications Interrupts Processor 9/16/2004 SBC
13 Partitioning Kernel: Just a Start Partitioning Kernel provides Secure foundation for secure middleware Secure Middleware provides Most of traditional O/S capabilities File system Device drivers (not in the kernel, not special privileges) Etc. Secure intersystem communication (PCS) Secure foundation for building secure applications Secure Applications can Be built! Be trusted to enforce application-level security policies!!! 9/16/2004 SBC
14 Distributed Security 9/16/2004 SBC
15 Distributed Security Requirements Rely upon partitioning kernel to enforce middleware security policies on a given node Information Flow Data Isolation Periods Processing Damage Limitation Application-specific security requirements must not creep down into the middleware (or kernel) ensure the system remains supportable and evaluatable Optimal inter-partition communication Minimizing added latency (first byte) Minimizing bandwidth reduction (per byte) Fault tolerance Security infrastructure must have no single point of failure Security infrastructure must support fault tolerant applications 9/16/2004 SBC
16 Distributed Object Communication Partition Local same address space, same machine Machine Local different address space, same machine Remote different address space, on a different machine Shared Memory Multicast Rapid IO TCP/IP 1394 ATM RACEway VME 9/16/2004 SBC
17 Partitioned Communication System 9/16/2004 SBC
18 Partitioned Communication System Partitioned Communication System Part of MILS Middleware Responsible for all communication between MILS nodes Purpose Extend MILS partitioning kernel protection to multiple nodes Similar philosophy to MILS Partitioning Kernel Minimalist: only what is needed to enforce end-to-end versions of policies End-to-end Information Flow End-to-end Data Isolation End-to-end Periods Processing End-to-end Damage Limitation Designed for EAL level 7 evaluation 9/16/2004 SBC
19 PCS Objective Just like MILS Partitioning Kernel: Enable the Application Layer Entities to Enforce, Manage, and Control Application Level Security Policies in such a manner that the Application Level Security Policies are Non-Bypassable, Evaluatable, Always-Invoked, and Tamper-proof. An architecture that allows the Security Kernel and PCS to share the RESPONSIBILITY of Security with the Application. Extended: To all inter-partition communication within a group of MILS nodes (enclave) 9/16/2004 SBC
20 PCS Requirements Strong Identity Nodes within enclave Separation of Levels/Communities of Interest Need cryptographic separation Secure Configuration of all Nodes in Enclave Federated information Distributed (compared) vs. Centralized (signed) Secure Loading: signed partition images Suppression of Covert Channels Bandwidth provisioning & partitioning Network resources: bandwidth, hardware resources, buffers 9/16/2004 SBC
21 PCS Provides End-to-End: Information Flow Data Isolation Periods Processing Damage Limitation Executive Overview MILS Network Security Policy Example Policy Enforcement Independent of Node Boundaries RS E1 E2 BV CPU & Network Registers Switches, DMA, Red Network E3 Black Network RPM BPM D1 RV D2 BS System D3 9/16/2004 SBC
22 MILS Replaces Physical Separation MILS architecture allows computer security measures to achieve the assurance levels as physically isolated systems All O/S code not necessary for performing Partitioning Kernel functions moved out of privileged mode O/S service code moved to middleware layer e.g. device drivers, file system, POSIX Prevents software and network attacks from elevating a partition privilege to an unauthorized level 9/16/2004 SBC
23 Best Security/Safety is Physical (Air Gap) Processor R1 Processor R2 Processor Rn Intranet (Proprietary, Sensitive, Critical) App App App Internet (Public, Untrusted) App App App Processor B1 Processor B2 Processor Bn 9/16/2004 SBC
24 Legacy Approach to Bridging the Air Gap (Good, Expensive, Physical Solutions Exist) Processor R1 Processor R2 Processor Rn Red App App App (classified, Sensitive, Critical) Very high assurance Off-the-shelf solution SNS One- Way Gate Write- Down Guard Office environment only Extra hardware Black (unclassified, Public, Untrusted) App Processor B1 App Processor B2 App Processor Bn 9/16/2004 SBC
25 Air Gap Solution to SDR Separate Hardware Modem Crypto Engine Red Processor Channel A (Top Secret) Modem Crypto Engine Red Processor Channel B (Secret) Modem Crypto Engine Red Processor Channel C (Confidential) Modem Crypto Engine Red Processor Channel D (Unclassified) This Is Current Stovepipe Technology That Is Expensive And Inflexible 9/16/2004 SBC
26 A Simple Application of MILS to SDR Separate Processor Resources Modem Crypto Engine Red Processor Channel A (Top Secret) Modem Crypto Engine Red Processor Channel B (Secret) Modem Crypto Engine Red Processor Channel C (Confidential) Modem Crypto Engine Red Processor Channel D (Unclassified) AND AND Need MILS Solution Here! Need MILS Solution Here! Need MILS Non Real-Time Operating Environment Solution Here! 9/16/2004 SBC
27 Introduction MLS/MSLS Multi-Level Secure/Safe (MLS): Processes data of differing classifications/sensitivities securely/safely down graders data fusion guards firewalls data bases Multi-Single Level Secure/Safe (MSLS): Separates data of differing classifications/sensitivities securely/safely simultaneously communications platforms infrastructures 9/16/2004 SBC
28 MILS Can Handle MLS A Partitioning Kernel is ignorant of traditional Multi-Level Security (MLS) Requirement for military and intelligence systems However, MILS is quite capable of supporting MLS systems MILS can be used to construct MLS systems because of Strong separation guarantees Certification process 9/16/2004 SBC
29 Applying MILS to Software Defined Radio 9/16/2004 SBC
30 Example JTRS Joint Tactical Radio System Family of software programmable radios Design around Software Communications Architecture JTRS provides reliable multichannel voice, data, imagery, and video communications Eliminates communications problems of "stovepipe" legacy systems JTRS is: Modular, enabling additional capabilities and features to be added to JTR sets Scaleable, enabling additional capacity (bandwidth and channels) to be added to JTR sets Backwards-compatible, communicates with legacy radios Allowing dynamic intra-network and inter-network routing for data transport that is transparent to the radio operator 9/16/2004 SBC
31 MILS Roadmap MILS Crypto Engine & Emb OE Modem BLACK MLS Crypto Apps TS Channel Modem Modem Modem MILS Crypto Engine RED MILS Middleware MILS RTOS Microprocessor S Channel C Channel U Channel 9/16/2004 SBC
32 Designing an MLS Component MLS Middleware Component Classified network (Red), labeled messages Ex: Cryptographic downgrader, such as JTRS or trusted network interface unit Unclassified Network (Black) 9/16/2004 SBC
33 Designing an MLS Component Encryption Engine(s) (MLS) Classified network (Red), labeled messages Red Network Interface Unit (MLS) Decryption Engine(s) (MLS) Blk Network Interface Unit Unclassified Network (Black) 9/16/2004 SBC
34 Designing an MLS Component MLS E1 Certified Downgrader RS E2 BV E3 Red NIU (MLS) Blk NIU Classified network (Red), labeled messages RV D1 D2 BS Unclassified Network (Black) D3 Single Level Components (MSL) 9/16/2004 SBC
35 Designing an MLS Component E1 Certified Downgraders RS E2 E3 BV Red NIU Blk NIU (MLS) Classified network Certification Requirements: (Red), labeled D1 Incoming messages will be encrypted with the messages specified algorithm RV and D2key BS Output is strongly encrypted D3 Each device downgrades from one specific level to unclassified Unclassified Network (Black) 9/16/2004 SBC
36 Designing an MLS Component MLS E1 RS E2 E3 BV Classified network (Red), labeled messages Red NIU (MLS) Blk NIU Certification D1 Requirements: Unclassified Network RV Messages D2 from BS either side will maintain (Black) labels and contents D3 Periods processing (transaction based) unit 9/16/2004 SBC
37 Designing an MLS Component MLS E1 RS E2 E3 BV Classified network (Red), labeled messages Red NIU (MLS) Blk NIU Certification Requirements: Messages from NIU will be routed to D1 Unclassified appropriate encryption unit Network RV D2 BS Periods processing (transaction based) (Black) unit D3 9/16/2004 SBC
38 Designing an MLS Component MLS Classified network (Red), labeled messages E1 Certification Requirements: RS E2 BV Messages from decryption units will be labeled correctly before E3 sending to NIU Periods processing (transaction based) unit Red NIU Blk NIU (MLS) RV D1 D2 D3 BS Unclassified Network (Black) 9/16/2004 SBC
39 Designing an MLS Component Black Communication Links Certification Requirements???: Tamperproof, Non bypassable, Evaluatable E1 RS E2 E3 BV Red NIU (MLS) Blk NIU Classified network (Red), labeled messages RV D1 D2 BS Unclassified Network (Black) Red Communication Links D3 Certification Requirements: Tamperproof, Non bypassable, Evaluatable 9/16/2004 SBC
40 The MILS Architecture Approach Describe the system in terms of communicating components Designate the clearance of each component and label as MLS or MSL Determine the flow between components with respect to policy Install boundary firewalls that manage information up-flow and down-flow these are MLS components 9/16/2004 SBC
41 The MILS Architecture Approach For each MLS device, determine its type Downgrader will take data from one security level and send data at a lower level Transaction processor will process data one message at a time; stateless, may filter data or perform operation on single message Collator will combine data from many inputs Verification of each device may involve additional MILS componentization 9/16/2004 SBC
42 Implementation Hierarchical Approach Lowest level is separation kernel enforces isolation, information flow, periods process, damage limitation on a single processor Next level is middleware, to coordinate end-to-end separation Need to create trusted components. Verification of the components utilizes architectural support of lower layer Next Level is application specific 9/16/2004 SBC
43 Acronyms MILS Multiple Independent Levels of Security/Safety MSLS Multiple Single Level Security/Safety MLS Multi-Level Secure/Safe PCS Partition Communication System CORBA Common Object Request Broker Architecture NEAT Non-bypassable, Evaluatable, Always-invoked,Tamper-proof NIU Network Interface Unit ORB Object Request Broker O/S Operating System CC Common Criteria EAL Evaluation Assurance Level ARINC 653 Safety Community Standard for Time and Space Partitioning DMA Direct Management Access MMU Memory Management Unit 9/16/2004 SBC
44 Partners MILS Hardware Based Partitioning Kernel AAMP7 Rockwell Collins MILS Software Based Partitioning Kernel Integrity-178 LynxOS-178 VxWorks AE Secure Green Hills Software LynuxWorks Wind River MILS Middleware PCS and ORBexpress MILS TestBed MILS TestBed Objective Interface Systems, Inc. University of Idaho Naval Post Graduate School 9/16/2004 SBC
MILS Middleware: High Assurance Security for Real-time, Distributed Systems
2001 Objective Interface Systems, Inc. MILS Middleware: High Assurance Security for Real-time, Distributed Systems Bill Beckwith bill.beckwith@ois.com Objective Interface Systems, Inc. 13873 Park Center
More informationHigh-Assurance Security/Safety on HPEC Systems: an Oxymoron?
High-Assurance Security/Safety on HPEC Systems: an Oxymoron? Bill Beckwith Objective Interface Systems, Inc. Phone: 703-295-6519 Email Address: bill.beckwith@ois.com W. Mark Vanfleet National Security
More informationMultiple Independent Levels of Security. GIG High Assurance (MILS) Infrastructure Building Blocks. Objective Interface Systems
Objective Interface Systems GIG High Assurance Infrastructure Building Blocks Levels of Security Gordon chenick Sr. Mentor/Principal Engineer Objective Interface Systems, Inc. Acknowledgements Acknowledgement
More informationMILS Multiple Independent Levels of Security. Carol Taylor & Jim Alves-Foss University of Idaho Moscow, Idaho
MILS Multiple Independent Levels of Security Carol Taylor & Jim Alves-Foss University of Idaho Moscow, Idaho United states December 8, 2005 Taylor, ACSAC Presentation 2 Outline Introduction and Motivation
More informationHAMES Review at SRI, 7 October 2008 partly based on Layered Assurance Workshop 13, 14 August 2008, BWI Hilton and based on Open Group, 23 July 2008,
HAMES Review at SRI, 7 October 2008 partly based on Layered Assurance Workshop 13, 14 August 2008, BWI Hilton and based on Open Group, 23 July 2008, Chicago Component Security Integration John Rushby Computer
More informationApplying MILS to multicore avionics systems
Applying MILS to multicore avionics systems Eur Ing Paul Parkinson FIET Principal Systems Architect, A&D EuroMILS Workshop, Prague, 19 th January 2016 2016 Wind River. All Rights Reserved. Agenda A Brief
More informationSYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS
SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS David Murotake, (SCA Technica, Inc. Nashua NH, USA; david.murotak@scatechnica.com) Antonio Martin (SCA Technica, Inc., Nashua NH, USA;
More informationImplementing Middleware for Content Filtering and Information Flow Control
Implementing Middleware for Content Filtering and Information Flow Control ABSTRACT This paper discusses the design and implementation of a middleware guard for purposes of content filtering and information
More informationSpecifying and Certifying Information Flow Properties in MILS Systems
Specifying and Certifying Information Flow Properties in MILS Systems SAnToS Laboratory Computing and Information Sciences Kansas State University John Hatcliff, Professor Torben Amtoft, Associate Professor
More informationHigh Assurance Systems Development Using the MILS Architecture
Systems Development Using the MILS Architecture Paul Parkinson, Principal Systems Architect, Wind River Arlen Baker, Principal Technologist, Wind River Table of Contents Abstract... 1 Introduction... 1
More informationMLS for Tactical Soldier, Sensor and Munitions Networks September 10, 2003
MLS for Tactical Soldier, Sensor and Munitions Networks September 10, 2003 2 Outline 0 Purpose / Background 0 Statement of the Challenge 0 Additional Security Discussion 0 Emerging Communication Network
More informationBuilding High-Assurance Systems out of Software Components of Lesser Assurance Using Middleware Security Gateways
Building High-Assurance Systems out of Software Components of Lesser Assurance Using Middleware Security Gateways A PrismTech Product Line OMG's First Software Assurance Workshop: Working Together for
More informationSuccess Oriented Ground and Space Software Defined Architectures
Success Oriented Ground and Space Software Defined Architectures 30 March 2004 Jerry Brand, Vince Kovarik and James Faist Melbourne, Florida Presented at the GSAW 2004 Manhattan Beach, CA GSAW 2004 (Slide
More informationApplied IT Security. Device Security. Dr. Stephan Spitz 10 Development Security. Applied IT Security, Dr.
Applied IT Security Device Security Dr. Stephan Spitz Stephan.Spitz@gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System Security
More informationGREEN HILLS SOFTWARE: EAL6+ SECURITY FOR MISSION CRITICAL APPLICATIONS
GREEN HILLS SOFTWARE: EAL6+ SECURITY FOR MISSION CRITICAL APPLICATIONS 15 December 2008: EAL6+ Security for Mission Critical Applications INTERVIEWEE. DAVID KLEIDERMACHER CHIEF TECHNOLOGY OFFICER TEL.
More informationA Cost Effective High Assurance Layered Solution for MLS Test Training and LVC
A Cost Effective High Assurance Layered Solution for MLS Test Training and LVC 2014 Layered Assurance Workshop 8-Dec, 2014 James Marek 2014 Rockwell 2014 Collins. Rockwell Collins. Introduction Solution
More informationMultiple Independent Layers of Security (MILS) Network Subsystem Protection Profile (MNSPP) An Approach to High Assurance Networking Rationale
Multiple Independent Layers of Security (MILS) Subsystem Protection Profile (MNSPP) An Approach to High Assurance ing Rationale 1 2008 Wind River Systems, Inc. The MILS Subsystem (MNS) is A class of subsystem
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCOMPUTER SECURITY: THE GOOD, THE BAD, AND THE UGLY (with applications to embedded systems)
COMPUTER SECURITY: THE GOOD, THE BAD, AND THE UGLY (with applications to embedded systems) Catherine Meadows Naval Research Laboratory Code 5543 Washington, DC 20375 meadows@itd.nrl.navy.mil Introduction
More informationImplementing Middleware for Content Filtering and Information Flow Control
Implementing Middleware for Content Filtering and Information Flow Control Jeffrey Choi Robinson, W. Scott Harrison, Nadine Hanebutte, Center for Secure and Dependable Systems University of Idaho Moscow,
More informationBringing Android to Secure SDRs
Bringing Android to Secure SDRs David Kleidermacher Frank Vandenberg SDR 11 WinnComm - Europe Agenda Overview Why Android in SDR? Android Security Proposed Architecture Typical red-black architecture for
More informationComputing and Communications Infrastructure for Network-Centric Warfare: Exploiting COTS, Assuring Performance
for Network-Centric Warfare: Exploiting COTS, Assuring Performance Dr. James P. Richardson Mr. Lee Graba Mr. Mukul Agrawal Honeywell International, Inc. {james.p.richardson,lee.graba,mukul.agrawal}@honeywell.com
More informationUse of Formal Methods in Assessment of IA Properties
Use of Formal Methods in Assessment of IA Properties George W. Dinolt gwdinolt@nps.navy.mil 44 th Meeting of IFIP Working Group 10.4 Computer Science Department Naval Postgraduate School 833 Dyer Road
More informationA Data-Centric Approach for Modular Assurance Abstract. Keywords: 1 Introduction
A Data-Centric Approach for Modular Assurance Gabriela F. Ciocarlie, Heidi Schubert and Rose Wahlin Real-Time Innovations, Inc. {gabriela, heidi, rose}@rti.com Abstract. A mixed-criticality system is one
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationAbstract. 1. Introduction
Towards Safety Critical Middleware for Avionics Applications D.A. Haverkamp, R.J. Richards, Ph.D., Rockwell Collins Advanced Technology Center, Advanced Computing Systems Department, Cedar Rapids, IA {dahaverk,
More informationUsing a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles
Safety & Security for the Connected World Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles 16 th June 2015 Mark Pitchford, Technical Manager, EMEA Today
More informationWeapon Systems Open Architecture Overview
Weapon Systems Open Architecture Overview OMG Real-Time and Embedded Distributed Object Computing Workshop July 24-27, 2000 . Vision for Joint Theater Operations Joint Joint Forces Forces Global Global
More informationMIL-SPEC vs. COTS Standards: Necessary Harmony for Affordable Multilevel Secure Architectures
Superior Products Through Innovation MIL-SPEC vs. COTS Standards: Necessary Harmony for Affordable Multilevel Secure Architectures 2004 LOCKHEED MARTIN CORPORATION Dr. Ben A. Calloni, P.E. MILS Chief Evangelist
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationInvolved subjects in this presentation Security and safety in real-time embedded systems Architectural description, AADL Partitioned architectures
Introduction Problem: security and reliability Purpose: design and implementation of safe/secure systems Help system designers to describe their requirements Ensure safety and security policies enforcement
More informationSecure Desktop KVM Switch Update. Keep classified information classified.
Secure Desktop KVM Switch Update Keep classified information classified. Introduction Until recently, the National Information Assurance Partnership (NIAP) used Common Criteria Evaluation & Validation
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationTEITP User and Evaluator Expectations for Trusted Extensions. David Hardin Rockwell Collins Advanced Technology Center Cedar Rapids, Iowa USA
TEITP 2010 User and Evaluator Expectations for Trusted Extensions David Hardin Rockwell Collins Advanced Technology Center Cedar Rapids, Iowa USA Outline What Does a Security Evaluation Entail? Example:
More informationData-Centric Architecture for Space Systems
Data-Centric Architecture for Space Systems 3 rd Annual Workshop on Flight Software, Nov 5, 2009 The Real-Time Middleware Experts Rajive Joshi, Ph.D. Real-Time Innovations Our goals are the same but not
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationF6 Model-driven Development Kit (F6MDK)
F6 Model-driven Development Kit (F6MDK) Gabor Karsai, Abhishek Dubey, Andy Gokhale, William R. Otte, Csanad Szabo; Vanderbilt University/ISIS Alessandro Coglio, Eric Smith; Kestrel Institute Prasanta Bose;
More informationAchieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors
Safety & Security for the Connected World Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors 13 October 2015 Mark Pitchford, Technical Manager, EMEA Achieving safe,
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More informationCreating Trust in a Highly Mobile World
Creating Trust in a Highly Mobile World Technical White Paper Oct, 2014 MobileCrypt with Hardware Strength Security MobileCrypt s solution leverages an Android based mobile application and a Hardware Security
More informationGreen Hills Software, Inc.
Green Hills Software, Inc. A Safe Tasking Approach to Ada95 Jim Gleason Engineering Manager Ada Products 5.0-1 Overview Multiple approaches to safe tasking with Ada95 No Tasking - SPARK Ada95 Restricted
More informationUsing a Hypervisor to Manage Multi-OS Systems Cory Bialowas, Product Manager
Using a Hypervisor to Manage Multi-OS Systems Cory Bialowas, Product Manager cory.bialowas@windriver.com Trends, Disruptions and Opportunity Wasn t life simple? Single-OS: SMP OS OS CPU Single Core Virtualization
More informationEvaluation of MILS and reduced kernel security concepts for SCADA remote terminal units.
University of Louisville ThinkIR: The University of Louisville's Institutional Repository Electronic Theses and Dissertations 7-2006 Evaluation of MILS and reduced kernel security concepts for SCADA remote
More informationA Comparison Study of Intel SGX and AMD Memory Encryption Technology
A Comparison Study of Intel SGX and AMD Memory Encryption Technology Saeid Mofrad, Fengwei Zhang Shiyong Lu Wayne State University {saeid.mofrad, Fengwei, Shiyong}@wayne.edu Weidong Shi (Larry) University
More informationChapter 18: Evaluating Systems
Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation Criteria FIPS 140 Common Criteria SSE-CMM Slide #18-1 Overview Goals Why evaluate? Evaluation criteria TCSEC (aka Orange Book) FIPS
More informationUsing a Real-time, QoS-based ORB to Intelligently Manage Communications Bandwidth in a Multi-Protocol Environment
Using a Real-time, QoS-based ORB to Intelligently Manage Communications Bandwidth in a Multi-Protocol Environment Bill Beckwith Objective Interface Systems, Inc. +1 703 295 6500 bill.beckwith@ois.com http://www.ois.com
More informationCatalog of Control Systems Security: Recommendations for Standards Developers. September 2009
Catalog of Control Systems Security: Recommendations for Standards Developers September 2009 2.7.11.2 Supplemental Guidance Electronic signatures are acceptable for use in acknowledging rules of behavior
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationFPGAs: High Assurance through Model Based Design
FPGAs: High Assurance through Based Design AADL Workshop 24 January 2007 9:30 10:00 Yves LaCerte Rockwell Collins Advanced Technology Center 400 Collins Road N.E. Cedar Rapids, IA 52498 ylacerte@rockwellcollins.cm
More informationSystem Threat Analysis Case Study for Software Based Communications
System Threat Analysis Case Study for Software Based Communications David K. Murotake, Ph.D. dmurotak@scatechnica.com Mobile: (603) 321-6536 www.scatechnica.com SBC Workshop 2004 1 Introduction Software
More informationUnderstanding TETRA Security
Understanding TETRA Security Brian Murgatroyd Tetra Association former chairman Security and Fraud Prevention Group (SFPG) Warren Systems Independent Security Consultant brian@warrensystems.co.uk Agenda
More informationResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationTopics in Systems and Program Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and
More informationhandled appropriately. The design of MILS/MSL systems guaranteed to perform correctly with respect to security considerations is a daunting challenge.
A Separation Kernel Formal Security Policy David Greve, Matthew Wilding, and W. Mark Vanfleet Rockwell Collins Advanced Technology Center Cedar Rapids, IA 52498 USA fdagreve,mmwilding@rockwellcollins.com
More informationFormal methods for software security
Formal methods for software security Thomas Jensen, INRIA Forum "Méthodes formelles" Toulouse, 31 January 2017 Formal methods for software security Formal methods for software security Confidentiality
More informationArchitectural Support for A More Secure Operating System
Architectural Support for A More Secure Operating System Edward L. Bosworth, Ph.D. TSYS Department of Computer Science Columbus State University Columbus, GA A Few Comments The term Secure Operating System
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationCompositional Security Evaluation: The MILS approach
Compositional Security Evaluation: The MILS approach John Rushby and Rance DeLong Computer Science Laboratory SRI International Menlo Park CA USA Primary affiliation: LynuxWorks John Rushby, Rance DeLong,
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationUsing a Certified Hypervisor to Secure V2X communication
SYSGO AG PUBLIC 1 Using a Certified Hypervisor to Secure V2X communication Author(s): Date: Version Chris Berg 08/05/2017 v1.1 SYSGO AG PUBLIC 2 Protecting Assets People started protecting their assets
More informationTopics in Systems and Program Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and
More informationA Performance Modeling and Simulation Approach to Software Defined Radio
A Performance Modeling and Simulation Approach to Software Defined Radio OMG Software-Based Communications (SBC) Workshop San Diego, CA - August, 2005 Shawkang Wu & Long Ho Integrated Defense Systems The
More informationThe Next Steps in the Evolution of Embedded Processors
The Next Steps in the Evolution of Embedded Processors Terry Kim Staff FAE, ARM Korea ARM Tech Forum Singapore July 12 th 2017 Cortex-M Processors Serving Connected Applications Energy grid Automotive
More informationOperating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008
Operating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008 Page 1 Outline Designing secure operating systems Assuring OS security TPM and trusted computing Page 2 Desired
More informationSmart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017
Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software
More informationDeploying DDS on a WAN and the GIG: The DDS Routing Service. Gerardo Pardo-Castellote, Ph.D. The Real-Time Middleware Experts
Deploying on a WAN and the GIG: The Routing Service Gerardo Pardo-Castellote, Ph.D. The Real-Time Middleware Experts Fernando Crespo Sanchez Principal Engineer, Real-Time Innovations fernando.crespo@rti.com
More informationWIND RIVER ANSWERS TO 50 QUESTIONS TO ASK YOUR ARINC 653 VENDOR
AN INTEL COMPANY WIND RIVER ANSWERS TO 50 QUESTIONS TO ASK YOUR ARINC 653 VENDOR Wind River is the market-leading ARINC 653 solutions provider with good financial health, technical capability, a strong
More informationSecuring your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to
More informationMixed Critical Architecture Requirements (MCAR)
Superior Products Through Innovation Approved for Public Release; distribution is unlimited. (PIRA AER200905019) Mixed Critical Architecture Requirements (MCAR) Copyright 2009 Lockheed Martin Corporation
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCHAPTER 1: OPERATING SYSTEM FUNDAMENTALS
CHAPTER 1: OPERATING SYSTEM FUNDAMENTALS What is an operating system? A collection of software modules to assist programmers in enhancing system efficiency, flexibility, and robustness An Extended Machine
More informationSystem design issues
System design issues Systems often have many goals: - Performance, reliability, availability, consistency, scalability, security, versatility, modularity/simplicity Designers face trade-offs: - Availability
More informationOMG SBC. Software Radio Cooperative Research Project (SRCRP) Jimmie Marks Roy Bell. March 8, 2006
Software Radio Cooperative Research Project (SRCRP) OMG SBC March 8, 2006 Jimmie Marks Roy Bell January 2005 Copyright 2005, Raytheon Company. All Rights Reserved Agenda Program Overview Architecture Overview
More informationPrimary Multicore Software Configurations Mark Hermeling, Senior Product Manager Wind River
Primary Multicore Software Configurations Mark Hermeling, Senior Product Manager Wind River Agenda Multicore and Virtualization at Wind River Primary Software Configurations Business drivers behind Multicore
More informationReal-Time & Embedded Operating Systems
Real-Time & Embedded Operating Systems VO Embedded Systems Engineering (Astrit ADEMAJ) Real-Time Operating Systems Scheduling Embedded Operating Systems Power Consumption Embedded Real-Time Operating Systems
More informationLecture 15 Designing Trusted Operating Systems
Lecture 15 Designing Trusted Operating Systems Thierry Sans 15-349: Introduction to Computer and Network Security Anatomy of an operating system Concept of Kernel Definition Component that provides an
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationTowards Formal Evaluation of a High-Assurance Guard
Towards Formal Evaluation of a High-Assurance Guard Mark R. Heckman Roger R. Schell Edwards E. Reed 2012 Layered Assurance Workshop,
More informationCOTS, Subversions, and the Foreign Supply Chain issues for DoD Systems. Dr. Ben A. Calloni, P.E. Lockheed Martin Fellow, Software Security
Superior Products Through Innovation COTS, Subversions, and the Foreign Supply Chain issues for DoD Systems Dr. Ben A. Calloni, P.E. Lockheed Martin Fellow, Software Security Research Program Manager and
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationOperating Systems Overview. Chapter 2
Operating Systems Overview Chapter 2 Operating System A program that controls the execution of application programs An interface between the user and hardware Masks the details of the hardware Layers and
More informationHigh Assurance Platform (HAP) High Assurance Challenges. Rob Dobry Trusted Computing NSA Commercial Solutions Center 04 & 05 August 2009
High Assurance Platform (HAP) High Assurance Challenges Rob Dobry Trusted Computing NSA Commercial Solutions Center 04 & 05 August 2009 What is HAP? HAP is being developed to provide users with two primary
More informationIntroduction to Operating Systems. Chapter Chapter
Introduction to Operating Systems Chapter 1 1.3 Chapter 1.5 1.9 Learning Outcomes High-level understand what is an operating system and the role it plays A high-level understanding of the structure of
More informationNepal Telecom Nepal Doorsanchar Company Ltd.
Nepal Telecom Nepal Doorsanchar Company Ltd. Syllabus lg=g+= 124 ;+u ;DalGwt cg';'lr - 3_ Part II: (Specialized subject for Computer Engineer Level 7 Tech. - Free and Internal competition) Time: 2 hours
More informationT Yritysturvallisuuden seminaari
T-110.5690 Yritysturvallisuuden seminaari Chapter 10: Conceptual Security Architecture Lauri Helkkula 22.10.2007 Sources Chapter 10 of the book Sherwood, Clark, Lynas: Enterprise Security Architecture,
More informationMulti-Level Security for Service-Oriented Architectures
RZ 3672 (# 99672) 06/22/06 Computer Science 12 pages Research Report Multi-Level Security for Service-Oriented Architectures HariGovind V. Ramasamy and Matthias Schunter IBM Research GmbH Zurich Research
More informationInitial Evaluation of a User-Level Device Driver Framework
Initial Evaluation of a User-Level Device Driver Framework Stefan Götz Karlsruhe University Germany sgoetz@ira.uka.de Kevin Elphinstone National ICT Australia University of New South Wales kevine@cse.unsw.edu.au
More informationIntroduction to Operating Systems. Chapter Chapter
Introduction to Operating Systems Chapter 1 1.3 Chapter 1.5 1.9 Learning Outcomes High-level understand what is an operating system and the role it plays A high-level understanding of the structure of
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu 1 Introduction So you can specify a well-thought-out policy and a concrete model now what? Now it s time for a system
More informationTrusted OS Design CS461/ECE422
Trusted OS Design CS461/ECE422 1 Reading Material Section 5.4 of Security in Computing 2 Design Principles Security Features Kernelized Design Virtualization Overview 3 Design Principles Simplicity Less
More information