Corporate governance, It governance, etc
advertisement
SECURITY: “Back to the Future”: Revisiting Trusted Computer Systems as a Basic Protection Requirement 1 "For many, the cyber threat is hard to understand; no one has died in a cyberattack, after all, there has never been a smoking ruin for cameras to see," "It is the kind of thinking that said we never had a major foreign terrorist attack in the United States, so we never would; al Qaeda has just been a nuisance, so it never will be more than that." Richard A Clarke, 8 April 2003 Reported Testimony before House Government Reform Subcommittee, USA/ 8-4-2003 Richard A Clarke (former Cybersecurity Advisor to Whitehouse) 2 Report: 8 April 2003, Washington Post at http://www.washingtonpost.com 9 April 2003 3 4 5 THEMES: 1. computer security needs radical attention after over 20 years of neglect 5 5 THEMES: 2. computer security technology - understood for over 25 years BUT associated products limited move beyond “perimeter” security 6 5 THEMES: 3. response in commodity IT products - almost nonexistent - no market for “trusted” computer systems 7 5 THEMES: 4. CIOs and IT professionals - take lead! - warn senior management of risks and consequences - say “no” to the use of cheap, commodity products for mission critical system under the threat of legal action to both themselves and their boards 8 5 THEMES: 5. government must step in to cause the industry - to “lift its game” in this area, as in automobile, pharmaceuticals, food and like industries, - unless, via education and training, the market for security can be lifted by normal market forces in a rapid manner ? 9 Today’s Context. 10 “Sunday” – Channel 9, 6 April 2003. Menangle Bridge, NSW – CLOSED 27 Mar ’03 WARNED 6 Mar ‘03 NSW Transport Services (Rail) “…They’re frightened of bringing bad reports to the Government…. ….. They’ve been managed for good news..” 11 AUSTRALIAN FINANCIAL REVIEW 15 April 2003. “Judge urges directors to end ‘climate of fear’. “ ASIC Chair, Mr David Knott: ”Business and its advisors need to demonstrate by their conduct and their actions that the government and corporate regulators have been justified in refraining from more radical surgery.” HIH Royal Commission 12 BUSINESS IMPERATIVES 13 IMPERATIVES • LEGISLATORS • DIRECTORS • MANAGERS • IT PROFESSIONALS 14 IMPERATIVES IT PROFESSIONALS • Development • Deployment • Operation Roles & Obligations • Investigation • Litigation 15 COMPUTER SECURITY 16 17 September 2002 Otellini 18 COMPUTERS • The basis for protection on the Internet. • General purpose and embedded IT’S NOT THE ‘NET IT’S THE NODES ! 19 Forrester March 2003 “Can Microsoft Be Secure?” • 74% of users don’t trust Microsoft security • 9 out of 10 users deploy sensitive applications on 20 . Windows, anyway “..I’m not proud… We really haven’t done everything we could to protect our customers …. Our products just aren’t engineered for security” Brian Valentine Senior Vice-President Microsoft Windows Development Computerworld (Australia) September 16, 2002. Page 14. 21 VENDOR ESCAPE: MICROSOFT (Mundie, 8 Oct. 2002, RSA, Paris) • Question: 25 years to go “trustworthy” ? • Reply: • “Customers wouldn’t pay for it until recently. • “Information officers ..only recently begun to demand security.” • “.. Only in last 10 years that Microsoft has attempted to play in the security-requiring worlds of banking, payroll and networked systems…” 22 WINDOWS NT / 2000 / XP EXPERIENCE “Although each Win32 process has its own private memory space, kernel-mode operating system and device driver code share a single virtual Every IT professional address space…Windows 2000 doesn't provide learn how to system memory any protection to can private read/write write a running driver! in kernel mode. being used by components In other words, once in kernel mode, operating system and deviceEvery driver user code can has complete access installand a driver! to system space memory can bypass Windows 2000 security D and Russinovich, M to access objects." Solomon, "Inside Microsoft Windows 2000" - Third Edition Microsoft Press, Redmond, Washington. USA., 2000 23 ATTITUDE ENVIRONMENT MARKET 1980s IBM Advertisement, BYTE Magazine : Dec. 1985. IBM PC Ad – 1981. 24 eWeek April 18, 2003 Securing Windows Server 2003 By Dennis Fisher SAN FRANCISCO—The upcoming release of Windows Server 2003 is a watershed event, not only for the Windows group, but also for the security team at Microsoft Corp. Company executives have made it quite clear over the last few months that the next version of the flagship operating system will be a key test for the processes and improvements made as part of the Trustworthy Computing initiative. In fact, Dave Aucsmith, chief technology officer of the Security Business Unit at Microsoft, based in Redmond, Wash., said if the OS is found to be as vulnerable as previous versions of Windows, it will mean that the company's model for improving security "was wrong." Solution: Look at the base! 25 The riches won't flow until Wi-Fi security reaches industrial grade. Corporations are hankering for the power and flexibility of Wi-Fi networks, but many are postponing rollouts in strategic areas until they're convinced that hackers, spies, and competitors can't intercept wireless data. General Motors Corp. has deployed Wi-Fi in 90 manufacturing plants but is holding off on Wi-Fi at headquarters until next year. Why? Execs worry that until new encryption is in place, guests at a Marriott Hotel (MAR ) across the street could log on to GM's network and make off with vital memos and budgets. Industry analysts say a slew of airtight Wi-Fi security systems will be out next year. But delays or news of security breaches could pummel confidence in the technology. BW 28 April 2003 THE PROBLEM CONTINUES ! SECURE FROM THE START ? 26 ADD-IN SECURITY 27 “End systems must be able to enforce the separation of information based on confidentiality and integrity requirements to provide system security. Operating system security mechanisms are UNDENIABLE the foundation for ensuring such separation. Unfortunately, existing mainstream operating systems EXPERT lack the critical security feature required TESTIMONY for enforcing separation: mandatory access control. As a consequence, application security mechanisms IN are vulnerable to tampering and bypass, and malicious orLITIGATION flawed applications can !easily cause failures in system security.” N N S A A I & L a b s. 18 Dec. 2000 28 TCPA Trusted Computing Platform Alliance • 145 PC & related manufacturers/enterprises at 30 Jan 2001 UNDENIABLE • Main specification - 25 January 2001 EXPERT • “ … a sensible layperson should trust only those TESTIMONY systems that have been publicly examined by the (cryptographic INand security) community…” LITIGATION ! THIS need. • Implied: Current PCs DO NOT MEET • For a while - detection vs prevention 29 OKENA - CISCO ( April 2003 ) INSIDE THE COMPUTER OS 30 CRYPTO INTEGRATION “.. hardware on which applications run must be secure, as must the operating system and run time environment in between, while offering a reasonable API for application developers… .. applications cannot be more secure than the kernel functions they call, and the operating system cannot be more secure than the hardware that executes its commands..” Dyer et al – “Building the IBM 4758 Secure Coprocessor” IEEE Computer, October 2001. 31 32 What’s in a Name? • The technology formerly known as “Palladium” from 24 January 2003 will be called: “Next-Generation Secure Computing Base for Windows” –NGSCBW ??? Real security architecture or another BIG patch? 33 MS says NGSCBW is… • Code name for core components of Windows OS that combine hardware and software to ensure: • System integrity • Personal privacy • Information protection • Needs the commitment of the entire computer industry (software, hardware, ISPs, etc) From Presentation “Trustworthy Computing and Palladium” John Manferdelli – General Manager Windows Trusted Platform Technologies. Downloaded from http://www.netproject.com/presentations/ TCPA/john_manferdelli.pdf 34 WEB SERVICES 35 “Building castles on quicksand” AUTH ROLE PRIV POLIC TRUST AUDIT WEB SERVICES SECURITY OPERATING SYSTEM SECURITY MIDDLEWARE SECURITY HARDWARE SECURITY 36 TODAY 37 Conclusions (1) • The 20 year syndrome in action – - Intel and Microsoft – better & easier solutions exist! – Selective IT industry amnesia • Nothing was done before the PC and 1982! – All useful IT research is on the Web • Intel, Microsoft & TCPA: Read the Intel manuals ! Read the literature ! • Government action IS needed! (Forget “light touch”!) Multics GEMSOS DEC VAX Trusted XENIX Intel 286 38 Security IS NOT & NEVER HAS been market led or vendor driven e.g. seat belts, fire extinguishers, smoke detectors, pool fences, etc. 39 Motor Vehicle Standards Act 1989 Act No. 65 of 1989 as amended Consolidated as in force on 20 April 1999 (incudes amendments up to Act No. 8 of 1999) Prepared by the Office of Legislative Drafting, Attorney-General’s Department, Canberra AN EXCELLENT & PROVEN MODEL ! INDUSTRY TECHNICAL STANDARDS WITH LEGISLATIVE ENFORCEMENT 40 CONCLUSIONS (2) • Trusted Systems with Mandatory Security as enterprise servers • Moving beyond perimeter security which is impractical for web-services (CIL parsing?) • Plain English evaluation docs! • Separate TCP/IP networks for critical B2B e-commerce 41 HP-UX 11i ( CAPP/EAL4 ) HP-UX 11i is Hewlett-Packard’s UNIX®-based operating environment specifically targeted at Internet applications. HP-UX 11i delivers an end-to-end scalable, manageable, and secure infrastructure for developing, deploying, and brokering mission-critical e-services. HP-UX 11.11 has been submitted for evaluation to the Common Criteria evaluation assurance level EAL4, against the functional requirements in the Controlled Access Protection Profile. The target environment is for systems that may execute on a single HP 9000 Server or be connected to other HP 9000 Servers identically configured to form a local distributed system implementing a unified security policy. Solution: HP Virtual Vault !! ? 42 HP-UX BLS / Virtual Vault Virtualvault is built on a security hardened version of the HP-UX operating system 43 IBM AIX Version 4.3.1 B1/EST-X Vers 2.0.1 44 Trusted Solaris 8 4/01 … multilevel trusted operating environment Meets and exceeds • Labeled Security, • Role-based Access Control, and • Controlled Access protection profiles of the Common Criteria. Features include: • MAC and DAC - including ACLs; • Least privilege Trusted networking and trusted NFS; • Identification and authentication; • Roles for separating user and administration capabilities; • Rights profiles; • Multilevel windowing environment; • Centralized administration ….; • Auditing actions of users and roles. 45 Windows’2000 ( CAPP/EAL4 ) As for HP-UX 11i “ .. to be used in .. a relatively benign environment…..” “ .. all information on the system .. same level ..” “.. All users authorized for that level of information .. not all the data…” “ users not expected to be trustworthy..” “ administrators are assumed to be trusted and competent… “ ..all elements of the network operate under the same security rules and constraints and are subsumed under a single management domain…” Translation: Forget Internet connection! 46 CONCLUSIONS (3) • For CIO/CSO • Learning to say “NO!” • Growing legal and corporate responsibility • Start with the simple • PINPad experience! • Learn trusted systems 47 ISRC Information Security Research Centre at QUT 48 THANK YOU. 20th ANNIVERSARY 49
