T-Systems. Secure Software Download
|
|
- Herbert Wiggins
- 6 years ago
- Views:
Transcription
1 T-Systems. Secure Software Download A Maintenance Process? , Page 1
2 Reasons for Download Business chances / Critical questions Bug Fixes A software update for a security system is cheaper and faster than changing the hardware. How often is critical hardware changed? Enhancements for staying competitive Staying ahead while in the field for years enables a business field for downloads. Is it only software defining the technological progress? Modular Business Model Selling special features to customers on demand can enable new business models and markets. Are special features relevant to security systems? , Page 2
3 Updating Certified Software Is it an Option? Going through a CC certification process may easily take a year or more. Changing security relevant parts will require re-evaluation. How do new features impact on the security evaluation? A new component requires changing at least the HLD/TDS and its dependencies, i.e. results in a major re-evaluation. Only parts without security relevance can be updated freely How to define an appropriate structure? Maintenance upgrades are desirable Is impact analysis practical for core updates? How to define an appropriate infrastructure? , Page 3
4 Updates Assurance Continuity Module 1 Module 2 Module 3 Module 4 Secure System Module Module 1 Module 2 Module 3a Module 4 Secure System? Impact Analysis: Is the module / component TSP enforcing? Is it truly seperable? Is impact analysis at all practical? Side effects of weakly separable modules, e.g. same address space. Side effects of defining new behavior for internal interfaces , Page 4
5 Updates Assurance Continuity Module 1 Module 2 Module 3 Module 4 Secure System Module Module 1 Module 2 Module 3a Module 4 Secure System? Module 1 Module 2 Module 3 Module 4 Module 5 Secure System? Impact Analysis: Is it allowed to install the module on the system? Are all interfaces for new modules existing? , Page 5
6 Upgrade Dilemma Effects, Side-Effects and Domain Separation Component not enforcing TSP Safe to change at will. Strictly requires Security Domain Separation. Component supporting TSP Consistence of interfaces: allowing a new parameter can break an existing function, which relies on an error state. Analysis of side effects or FPT_SEP / ADV_ARC Security Domain Separation is the only clean solution , Page 6
7 Field downloads Assurance Continuity Module 1 Module 2 Module 3 Module 4 Secure System Module Module 1 Module 2 Module 3a Module 4 Secure System? Field upgrades are performed automatically in uncontrolled environments. Who is the sender? Is transmission correct? Is the module intended for this system? , Page 7
8 Field downloads Assurance Continuity Module 1 Module 2 Module 3 Module 4 Secure System Module Module 1 Module 2 Module 3a Module 4 Secure System? Module 1 Module 2 Module 3 Module 4 Module 5 Secure System? Is it allowed to install the module on the system in a particular configuration? The system must decide! , Page 8
9 Field downloads Security threats Integrity and Authenticity Organizational processes specified for class ADO (resp. ALC_DEL, AGD_PRE) during initial delivery must be mapped to technical means in terms of e.g. FDP_DAU Configuration management Following several updates the installation base will be heterogeneous. ACM_SCP (resp. ALC_CMS) virtually encompasses each instance of the TOE. The TOE will enforce e.g. FDP_ACC.2 based on roles and TOE actual configuration. Testing Testing could become infeasible. If e.g. a module was allowed to be installed in any configuration of the TOE, this also applies to future configurations , Page 9
10 Field downloads Business threats Liability Failure of critical systems can severely affect reputation and finance. Worse, if the failure was induced by third parties. Intellectual Property If software defines the technological benefit, updates may leak important, confidential IP. Piracy Software can be copied arbitrarily fast and often at almost no cost without greater knowledge. If there is a market for modules, there is a market for pirates , Page 10
11 Field upgrades Integrate data from unreliable sources How to maintain security, when we cannot rely on the update data? , Page 11
12 Crosstalk Requirements require each other Target System This is how it looks: Some Software shall go to a target system. Software Update , Page 12
13 Crosstalk Requirements require each other A closer look: Someone manages the process Target System Availability Customer Database OEM Business Case Software Update , Page 13
14 Crosstalk Requirements require each other Maintaining security: Choose the correct update Test in all configurations Target System Availability Correctness Customer Database OEM Business Case Configuration Database Software Update , Page 14
15 Crosstalk Requirements require each other Maintaining security: Do you know that your database is on track with the actual configuration of each single target system? Target System Availability Correctness Customer Database OEM Business Case Configuration Database Software Update , Page 15
16 Crosstalk Requirements require each other Maintaining security: Ensure that what you sent is what is installed! Integrity Target System Availability Correctness Customer Database OEM Business Case Configuration Database Software Update , Page 16
17 Crosstalk Requirements require each other Confidentiality Protect IP: Keep confidential information away from pirates. Integrity Target System Availability Correctness Customer Database OEM Business Case Configuration Database Software Update , Page 17
18 Crosstalk Requirements require each other Maintaining security: Ensure that what you sent there is what is installed there! Confidentiality Authenticity Integrity Target System Availability Correctness Customer Database OEM Business Case Configuration Database Software Update , Page 18
19 Crosstalk Requirements require each other Protocols Confidentiality Authenticity Integrity Target System Availability Correctness Customer Database OEM Business Case Configuration Database Software Update , Page 19
20 Crosstalk Protocols define it all Protocols Cryptograpic and others TOE (Interfaces, capabilities) OEM Business Case Agents involved (Who to trust?) , Page 20
21 Crosstalk Protocols define it all Update Business Case Update Issuer TOE (Interfaces, capabilities) OEM Business Case Developers Personnel Data Centers Smart Media , Page 21
22 Roles The issuer defines it all Update Issuer Business Case User Installers & Transporters Hardware Developers Software Developers , Page 22
23 Technology Media and Packages On-Site The target is returned to the issuer for upgrade. Broadcasting The update package is identical for all clients. Delivery to target by uncontrolled sending of packages. On-Line Biderectional communication between issuer and target. Information can be collected, and the package can be created individually. Stored Back-Channel Some information collected on secure, smart medium , Page 23
24 Open System Case Study Open System Contains secure software Can be updated in the field Exists in various configurations Runs further software on the same platform Shall accept commodity software Domain separation Reliable software must not be affected by other modules. Distribution with back-channel Determine actual target configuration Mutually authenticate to counter men-in-the-middle , Page 24
25 Open System Case Study Open System Contains secure software Can be updated in the field Exists in various configurations Runs further software on the same platform Shall accept commodity software Domain separation Reliable software must not be affected by other modules. Distribution with back-channel Determine actual target configuration Mutually authenticate to counter men-in-the-middle , Page 25
26 Domain Separation Separation physical or virtual systems A 1 1 OS ARS HW Application1 (single module) Operating system (OS) maintaining resources Application registration service (ARS) Enforce software integrity / authenticity Hardware (HW) supports OS (protected mode) Segregating modules Keeping security through defined interfaces , Page 26
27 Domain Separation Separation physical or virtual systems A OS ARS HW 1 2 A A OS ARS HW Uncontrolled Application A3 OS manages all resources OS controls all IPC HW supports OS (MMU) A2 does not trust A3 Segregating modules Keeping security through defined interfaces , Page 27
28 Domain Separation Separation physical or virtual systems A OS ARS 1 2 A 1 A 3 A A 5 A OS ARS 4 OS ARS HW HW HW Segregating modules Keeping security through defined interfaces Divide and Conquer state-space of complex applications Let the Application Registration Service (ARS) manage configuration and update suitability , Page 28
29 Conclusion Some lessons learned Systems interact with users and some deployment infrastructure. These external factors may be even more important than the system itself. Never believe data at your interfaces, unless you can prove that the source is trustworthy and correct. Therefore, all kinds of closed loops are never to be believed! It is only the module, which can decide, whether data shall be accepted or not. It is only a superordinate instance, which can distinguish modules from each other. Segregation inside the same domain provides firewalls to mitigate single faults, components, which can be updated predictably , Page 29
30 Conclusion Feasible, but... Updating secure systems is a growing issue Update processes introduce complex security requirements Implementing an update process is primarily defining a (business) process, secondarily defining a system architecture, finally implement it correctly. Don't try to add an update feature in the end! Technical measures exist to mitigate trust implementation is non-trivial benefits exist also, if no updates are intended Proper implementation of security domain separation can allow for assurance continuity by a maintenance process instead of a re-evaluation , Page 30
31 Thank you. T-Systems Enterprise Services Dr. Lars Hanke, Dr. Igor Furgel , Page 31
Applied IT Security. Device Security. Dr. Stephan Spitz 10 Development Security. Applied IT Security, Dr.
Applied IT Security Device Security Dr. Stephan Spitz Stephan.Spitz@gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System Security
More informationTRESCCA Trustworthy Embedded Systems for Secure Cloud Computing
TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, 2014 06 17 Ignacio García Wellness Telecom Outline Welcome Motivation Objectives TRESCCA client platform SW framework for
More informationSERTIT-014 CR Certification Report
Sertifiseringsmyndigheten for IT-sikkerhet Norwegian Certification Authority for IT Security SERTIT-014 CR Certification Report Issue 1.0 Fort Fox Hardware Data Diode FFHDD2 CERTIFICATION REPORT - SERTIT
More informationTASKalfa 3050ci, TASKalfa 3550ci, TASKalfa 4550ci, TASKalfa 5550ci Data Security Kit (E) Japan Version Security Target Version 0.
TASKalfa 3050ci, TASKalfa 3550ci, TASKalfa 4550ci, TASKalfa 5550ci Data Security Kit (E) Japan Version Security Target Version 0.70 This document is a translation of the evaluated and certified security
More information8 TIPS FOR A SUCCESSFUL UPGRADE TO vsphere 6.5. Stay in the Know with These Expert Suggestions
8 TIPS FOR A SUCCESSFUL UPGRADE TO vsphere 6.5 Stay in the Know with These Expert Suggestions The Digital Future Has Arrived Spurred by major advancements in technology and growing end-user demands, the
More informationSECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE
SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE MAY 2017 A NEXOR WHITE PAPER NEXOR 2017 ALL RIGHTS RESERVED CONTENTS 3 4 5 6 8 9 10 11 12 14 15 16 INTRODUCTION THREATS RISK MITIGATION REFERENCE ARCHITECTURE
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationManaging Product Configuration Complexity in CC Evaluations
Managing Product Configuration Complexity in CC Evaluations Dr. Karsten Klohs / 14th ICCC, Orlando, September 2013 / 0 / V1.02 Motivation: Tailoring Products for Customers Product AB Product A Gain ++
More informationKrajowa Izba Rozliczeniowa S.A.
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0257.U.12.2018 Trust Service Provider: Krajowa Izba Rozliczeniowa S.A. Conformity Certificate T-Systems.031.0257.06.2017 Attachment
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationKrajowa Izba Rozliczeniowa S.A.
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0257.U.10.2018 Trust Service Provider: Krajowa Izba Rozliczeniowa S.A. Conformity Certificate T-Systems.031.0257.06.2017 Attachment
More informationSeagate Supply Chain Standards and Operational Systems
DATA IS POTENTIAL Seagate Supply Chain Standards and Operational Systems Government Solutions Henry Newman May 9 2018 Supply Chain Standards and Results Agenda 1. 2. SUPPLY CHAIN REQUIREMENTS AND STANDARDS
More informationCompTIA Mobility+ Certification
CompTIA Mobility+ Certification Duration: 5 days Price: $4000 Certifications: CompTIA Mobility+ Exams: MB0-001 Course Overview The mobile age is upon us. More and more people are using tablets, smartphones,
More informationQUANTUM SAFE PKI TRANSITIONS
QUANTUM SAFE PKI TRANSITIONS Quantum Valley Investments Headquarters We offer quantum readiness assessments to help you identify your organization s quantum risks, develop an upgrade path, and deliver
More informationKYOCERA MITA Data Security Kit (E) Security Target KYOCERA MITA. Data Security Kit (E) Software Type I Security Target Version 1.
KYOCERA MITA Data Security Kit (E) Software Type I Security Target Version 1.10 This document is a translation of the evaluated and certified security target written in Japanese. July 27, 2010 KYOCERA
More informationJoint Interpretation Library
Object: Define concept and methodology applicable to composite product evaluation. Version 1.5 October 2017 October 2017 Version1.5 Page 1/55 This page is intentionally left blank Page 2/55 Version 1.5
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationOracle SL500/SL3000/SL8500 Security Guide E
Oracle SL500/SL3000/SL8500 Security Guide E23535-02 2012 Oracle SL500/SL3000/SL8500 Security Guide E23535-02 Copyright 2011, 2012 Oracle and/or its affiliates. All rights reserved. Primary Author: Robert
More informationSecurity Target FORT FOX HARDWARE DATA DIODE. Common Criteria FFHDD EAL7+ Classification PUBLIC
FORT FOX HARDWARE DATA DIODE Security Target Common Criteria FFHDD EAL7+ Classification PUBLIC Component: ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.2 Project no./ref. no.
More informationCERTIFICATION REPORT
REF: 2015-32-INF-1640 v1 Target: Expediente Date: 26.05.2016 Created by: CERT10 Revised by: CALIDAD Approved by: TECNICO CERTIFICATION REPORT File: 2015-32 CCN-TP-PP Applicant: Centro Criptológico Nacional
More informationCar2Car Forum Operational Security
Car2Car Forum 2012 14.11.2012 Operational Security Stefan Goetz, Continental Hervé Seudié, Bosch Working Group Security Task Force: In-vehicle Security and Trust Assurance Level 15/11/2012 C2C-CC Security
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationCompany presentation Transition and Transformation
Company presentation Transition and Transformation FORNEBU 7 DECEMBER 2017 CFO HENRIK SCHIBLER EVRY PUBLIC The IBM Partnership offers accelerated transformation of operations, delivering increased flexibility
More informationTASKalfa 3500i, TASKalfa 4500i, TASKalfa 5500i Data Security Kit (E) Overseas Version Security Target Version 0.80
TASKalfa 3500i, TASKalfa 4500i, TASKalfa 5500i Data Security Kit (E) Overseas Version Security Target Version 0.80 This document is a translation of the evaluated and certified security target written
More informationCanon MFP Security Chip Security Target
Canon MFP Security Chip Security Target Version 1.06 April 7, 2008 Canon Inc. This document is a translation of the evaluated and certified security target written in Japanese Revision History Version
More informationIntroduction to Device Trust Architecture
Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationOracle Mission Critical Support Platform. General. Installation. Troubleshooting. Inventory and Discovery. Frequently Asked Questions Release 2.
Oracle Mission Critical Support Platform Frequently Asked Questions Release 2.3 E23199-01 May 2011 General What is Oracle Mission Critical Support Platform? Is Oracle Mission Critical Support Platform
More informationwww.ipc.org/validation EMS & SUPPLIERS WIN When your company earns an IPC Validation Services certification, you ve proven that you are committed to delivering a higher level of quality. And that opens
More informationRedCastle v3.0 for Asianux Server 3 Certification Report
KECS-CR-08-21 RedCastle v3.0 for Asianux Server 3 Certification Report Certification No.: KECS-CISS-0104-2008 April 2008 IT Security Certification Center National Intelligence Service This document is
More informationCisco ASA 5500 Series IPS Edition for the Enterprise
Cisco ASA 5500 Series IPS Edition for the Enterprise Attacks on critical information assets and infrastructure can seriously degrade an organization s ability to do business. The most effective risk mitigation
More informationCorrelation and Phishing
A Trend Micro Research Paper Email Correlation and Phishing How Big Data Analytics Identifies Malicious Messages RungChi Chen Contents Introduction... 3 Phishing in 2013... 3 The State of Email Authentication...
More informationHP StorageWorks P9000 Command View Advanced Edition Software Common Component
HP StorageWorks P9000 Command View Advanced Edition Software Common Component Security Target April 8, 2011 Version 1.03 Hewlett-Packard Company This document is a translation of the evaluated and certified
More informationCertification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
More informationEpsonNet ID Print Authentication Print Module Security Target Ver1.11
EpsonNet ID Print Print Module Security Target Version 1.11 2008-06-24 SEIKO EPSON CORPORATION This document is a translation of the evaluated and certified security target written in Japanese. SEIKO EPSON
More informationQuickSpecs HP Insight with Microsoft System Center Essentials 2010
Overview HP Insight with Microsoft System Center Essentials 2010 integrates management of your physical and virtual IT environmentsincluding servers, PCs, storage, networking devices and software-using
More informationISO/IEC TR Information technology Security techniques Guidelines for the use and management of Trusted Third Party services
This is a preview - click here to buy the full publication TECHNICAL REPORT ISO/IEC TR 14516 First edition 2002-06-15 Information technology Security techniques Guidelines for the use and management of
More information- Table of Contents -
- Table of Contents - 1 INTRODUCTION... 1 1.1 OBJECTIVES OF THIS GUIDE... 1 1.2 ORGANIZATION OF THIS GUIDE... 2 1.3 COMMON CRITERIA STANDARDS DOCUMENTS... 3 1.4 TERMS AND DEFINITIONS... 5 2 BASIC KNOWLEDGE
More informationAVEVA Global. Release 12.0.SP6 WCF. User Bulletin
AVEVA Global Release 12.0.SP6 WCF User Bulletin Disclaimer Information of a technical nature, and particulars of the product and its use, is given by AVEVA Solutions Limited and its subsidiaries without
More informationINFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE
INFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE MAY 2017 A NEXOR WHITE PAPER NEXOR 2017 ALL RIGHTS RESERVED CONTENTS 3 4 5 6 7 8 11 12 13 14 15 INTRODUCTION IEG SCENARIOS REFERENCE ARCHITECTURE ARCHITECTURE
More informationIntroduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria
Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria Evaluation: assessing whether a product has the security properties claimed for it. Certification: assessing whether a
More informationElectronic Health Card Terminal (ehct)
Common Criteria Protection Profile Electronic Health Card Terminal (ehct) BSI-CC-PP-0032 Approved by the Federal Ministry of Health Foreword This Protection Profile - Protection Profile electronic Health
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationWhy Security Fails in Federated Systems
Why Security Fails in Federated Systems Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University of Southern California CSSE Research Review University
More informationTechnical Trust Policy
Technical Trust Policy Version 1.2 Last Updated: May 20, 2016 Introduction Carequality creates a community of trusted exchange partners who rely on each organization s adherence to the terms of the Carequality
More informationGuide Series. How to upgrade to Microsoft Windows 10? Guide Series
How to upgrade to Microsoft Windows 10? Acuutech All rights reserved 2016 1 Contents Introduction... 2 Why use Windows 10?... 3 What are the advantages of Windows 10?... 4 Windows 10 editions comparison...
More informationNetwork Intrusion Prevention System Protection Profile V1.1 Certification Report
KECS-CR-2005-04 Network Intrusion Prevention System Protection Profile V1.1 Certification Report Certification No. : CC-20-2005.12 12, 2005 National Intelligence Service This document is the certification
More informationIntroduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?
Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011
More informationCYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management
CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management Instructor: Dr. Kun Sun Outline 1. Risk management 2. Standards on Evaluating Secure System 3. Security Analysis using Security Metrics
More informationAnnex No. 1 as of April 30, to the certification report. T-Systems-DSZ-ITSEC as of September 24, 2002
Annex No. 1 as of April 30, 2004 to the certification report T-Systems-DSZ-ITSEC-04084-2002 as of September 24, 2002 1 Scope of this annex 1 This annex describes - all changes applied by the vendor to
More informationDesigning and Implementing a Server 2012 Infrastructure
Designing and Implementing a Server 2012 Infrastructure Course 20413C 5 Days Instructor-led, Hands-on Introduction This 5-day instructor-led course provides you with the skills and knowledge needed to
More informationTSW Reliability and Fault Tolerance
TSW Reliability and Fault Tolerance Alexandre David 1.2.05 Credits: some slides by Alan Burns & Andy Wellings. Aims Understand the factors which affect the reliability of a system. Introduce how software
More informationARE YOUR RACK PDUS KEEPING YOU FROM OPTIMIZING POWER MANAGEMENT?
ARE YOUR RACK PDUS KEEPING YOU FROM OPTIMIZING POWER MANAGEMENT? 1 ARE YOU ENSURING A HIGHLY AVAILABLE, GRID-TO-CHIP POWER CHAIN? As your data processing needs increase, you re experiencing rising power
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationConformity Assessment Report: Conformity Certificate and Summary. T-Systems U Trust Service Provider: Connect Solutions
Conformity Assessment Report: Conformity Certificate and Summary T-Systems.031.0262.U.08.2018 Trust Service Provider: Connect Solutions Conformity Certificate T-Systems.031.0262.12.2017 Attachment No.
More informationYour Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust. Wise Athena Security Team
Your Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust Wise Athena Security Team Contents Abstract... 3 Security, privacy and trust... 3 Artificial Intelligence in the cloud and
More informationOperating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008
Operating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008 Page 1 Outline Designing secure operating systems Assuring OS security TPM and trusted computing Page 2 Desired
More informationASSURANCE CONTINUITY: CCRA REQUIREMENTS
ASSURANCE CONTINUITY: CCRA REQUIREMENTS VERSION 2.1 JUNE 2012 1 INTRODUCTION...3 1.1 SCOPE...3 1.2 APPROACH...3 1.3 CONTENTS...3 2 TECHNICAL CONCEPTS...4 2.1 ASSURANCE CONTINUITY PURPOSE...4 2.2 TERMINOLOGY...4
More informationUsing Windows Server 2003 in a Managed Environment: Controlling Communication with the Internet
Using Windows Server 2003 in a Managed Environment: Controlling Communication with the Internet Microsoft Corporation Published: May 2003 Table of Contents Introduction... 4 Activation and Registration
More informationInventory and Reporting Security Q&A
Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes
More informationSafeNet Authentication Client
SafeNet Authentication Client Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV and/or its subsidiaries who shall have and keep
More informationDeliverySlip for Small & Medium Businesses
USE CASE DeliverySlip for Small & Medium Businesses The loss of company data poses a real threat to the bottom line of every business Small and medium businesses (SMBs) that adopt secure messaging maintain
More informationGoogle on BeyondCorp: Empowering employees with security for the cloud era
SESSION ID: EXP-F02 Google on BeyondCorp: Empowering employees with security for the cloud era Jennifer Lin Director, Product Management, Security & Privacy Google Cloud What is BeyondCorp? Enterprise
More informationDigital Tachograph Smart Card (Tachograph Card)
Digital Tachograph Smart Card (Tachograph Card) Compliant to EU Commission Regulation 1360/2002, Annex I(B), Appendix 10 BSI-CC-PP-0070 Version 1.02, 15 th of November 2011 Tachograph Smart Card Version
More informationDeveloping an Enterprise Extranet Service
Developing an Enterprise Extranet Service White Paper www.aventail.com Tel 206.215.1111 Fax 206.215.1120 808 Howell Street Second Floor Seattle, WA 98101 Executive Summary A variety of market research
More informationMQAssure TM NetSignOn Secure Desktop Login
MQAssure TM NetSignOn Secure Desktop Login EAL 1 Security Target Version 1.7 Date: 08 February 2012 MAGNAQUEST SOLUTIONS SDN. BHD. Document History Version No. Date Revision Description 1.0 31 July 2010
More informationDesigning and Implementing a Server Infrastructure
Designing and Implementing a Server Infrastructure Duration: 5 Days Course Code: 20413 About this course Get hands-on instruction and practice planning, designing and deploying a physical and logical Windows
More informationSMart esolutions Information Security
Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart
More informationCertification Report Arbit Data Diode 2.0
Ärendetyp: 6 Diarienummer: 15FMV10190-35:1 Dokument ID CSEC-37-1072 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2016-10-13 Country of origin: Sweden Försvarets materielverk Swedish Certification
More informationAutomotive Security An Overview of Standardization in AUTOSAR
Automotive Security An Overview of Standardization in AUTOSAR Dr. Marcel Wille 31. VDI/VW-Gemeinschaftstagung Automotive Security 21. Oktober 2015, Wolfsburg Hackers take over steering from smart car driver
More informationSecuring Content in the Department of Defense s Global Information Grid
Securing Content in the Department of Defense s Global Information Grid Secure Knowledge Workshop State University of New York - Buffalo 23-24 September 2004 Robert W. McGraw Technical Director IA Architecture
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Network Device collaborative Protection Profile Extended Package SIP Server 383-6-4 9 August 2017 Version 1.0 Government of Canada. This document is the property of
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationIntroduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria
Introduce the major evaluation criteria. TCSEC (Orange book) ITSEC Common Criteria Evaluation: assessing whether a product has the security properties claimed for it. Certification: assessing whether a
More informationAutomate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds
EXECUTIVE BRIEF SHAREBASE BY HYLAND Automate sharing. Empower users. Retain control. With ShareBase by Hyland, empower users with enterprise file sync and share (EFSS) technology and retain control over
More informationEnforcing Trust in Pervasive Computing. Trusted Computing Technology.
Outline with Trusted Computing Technology. Shiqun Li 1,2 Shane Balfe 3 Jianying Zhou 2 Kefei Chen 1 1 Shanghai Jiao Tong University 2 Institute for InfoComm Research 3 Royal Holloway, University of London
More informationING Corporate PKI G3 Internal Certificate Policy
ING Corporate PKI G3 Internal Certificate Policy Version 1.0 March 2018 ING Corporate PKI Service Centre Final Version 1.0 Document information Commissioned by Additional copies of this document ING Corporate
More informationComposite Evaluation for Smart Cards and Similar Devices
Composite Evaluation for Smart Cards and Similar Devices ISCI-WG1 and T-Systems GEI GmbH Composite EAL Certificate 25th-27th September, 2007, page 1. What are we speaking about? Motivation Terminology
More informationCC Part 3 and the CEM Security Assurance and Evaluation Methodology. Su-en Yek Australasian CC Scheme
CC Part 3 and the CEM Security Assurance and Evaluation Methodology Su-en Yek Australasian CC Scheme What This Tutorial Is An explanation of where Security Assurance Requirements fit in the CC evaluation
More informationSAFE-BioPharma RAS Privacy Policy
SAFE-BioPharma RAS Privacy Policy This statement discloses the privacy practices for the SAFE-BioPharma Association ( SAFE- BioPharma ) Registration Authority System ( RAS ) web site and describes: what
More informationDescriptions for CIS Classes (Fall 2017)
Descriptions for CIS Classes (Fall 2017) Major Core Courses 1. CIS 1015. INTRODUCTION TO COMPUTER INFORMATION SYSTEMS. (3-3-0). This course provides students an introductory overview to basic computer
More informationING Public Key Infrastructure Technical Certificate Policy
ING Public Key Infrastructure Technical Certificate Policy Version 5.4 - November 2015 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Document version General Of this document
More informationLecture Outline. Requirements Analysis I. Defining Requirements Analysis. Network Design: A Systems Approach. Jeremiah Deng.
Lecture Outline TELE302 Lecture 15 Requirements Analysis I Jeremiah Deng TELE / InfoSci, University of Otago 31 August 2015 1 2 Starting from the Top 3 4 Other Requirements 5 TELE302 Lecture 15 2 / 30
More informationThe Open Application Platform for Secure Elements.
The Open Application Platform for Secure Elements. Java Card enables secure elements, such as smart cards and other tamper-resistant security chips, to host applications, called applets, which employ Java
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationRequiring Digital Signatures and Certificates
DocuSign Quick Start Guide Requiring Digital Signatures and Certificates Overview If you are doing business in an industry or region of the world that demands digital signatures, you can leverage DocuSign
More informationOullim Information Technology. ActiveTSM V3.0 Certification Report
KECS-CR-06-16 Oullim Information Technology. ActiveTSM V3.0 Certification Report Certification No. : KECS-ISIS-0056-2006 October 2006 National Intelligence Service IT Security Certification Center This
More informationCitiDirect BE Portal Security, technical requirements and configuration
CitiDirect BE Portal Security, technical requirements and configuration CitiService CitiDirect BE Helpdesk tel. 801 343 978, +48 22 690 15 21 Monday to Friday; 8:00 17:00 helpdesk.ebs@citi.com www.citihandlowy.pl
More informationMobiledesk VPN v1.0 Certification Report
KECS-CR-11-64 Mobiledesk VPN v1.0 Certification Report Certification No.: KECS-NISS-0356-2011 2011. 12. 29 IT Security Certification Center History of Creation and Revision No. Date Revised Pages 00 2011.12.29
More informationTERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004
TERRA Authored by: Garfinkel,, Pfaff, Chow, Rosenblum,, and Boneh A virtual machine-based platform for trusted computing Presented by: David Rager November 10, 2004 Why there exists a need Commodity OS
More informationCertification Report
Certification Report Owl DualDiode Communication Cards v7 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
More informationSmart Grid Security. Selected Principles and Components. Tony Metke Distinguished Member of the Technical Staff
Smart Grid Security Selected Principles and Components Tony Metke Distinguished Member of the Technical Staff IEEE PES Conference on Innovative Smart Grid Technologies Jan 2010 Based on a paper by: Anthony
More informationCloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017
Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationCatalog of Control Systems Security: Recommendations for Standards Developers. September 2009
Catalog of Control Systems Security: Recommendations for Standards Developers September 2009 2.7.11.2 Supplemental Guidance Electronic signatures are acceptable for use in acknowledging rules of behavior
More informationDESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE
Education and Support for SharePoint, Office 365 and Azure www.combined-knowledge.com COURSE OUTLINE DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE Microsoft Course Code 20413 About this course Get
More informationCryptoEx: Applications for Encryption and Digital Signature
CryptoEx: Applications for Encryption and Digital Signature CryptoEx Products: Overview CryptoEx Outlook CryptoEx Notes CryptoEx Volume CryptoEx Pocket CryptoEx File CryptoEx Office CryptoEx Business Server
More informationRetail Security in a World of Digital Touchpoint Complexity
Retail Security in a World of Digital Touchpoint Complexity Author Greg Buzek, President of IHL Services Sponsored by Cisco Systems Inc. Featuring industry research by Previously in part 1 and part 2 of
More informationPillar 4: Be Accountable: Implement your Privacy & Data Protection (PDP) Measures Legal Basis: Sec. 20.a-e, 22 and 24 of the DPA, Sections of
Pillar 4: Be Accountable: Implement your Privacy & Data Protection (PDP) Measures Legal Basis: Sec. 20.a-e, 22 and 24 of the DPA, Sections 25-29 of the IRR, Circular 16-01 DICT Circular 2017-002 RA 10173,
More informationImplementing Desktop Application Environments
Implementing Desktop Application Environments Course # Exam: Prerequisites Technology: Delivery Method: Length: 20416 70-416 20415 Windows Server Instructor-led (classroom) 5 Days Overview About this Course
More information