secu

ring

the

futu

re™

High Assurance T rustede-Commerce & PKI S erversACSAC, December 9, 1999

Paul A. McNabbVice President and CTO

secu

ring

the

futu

re™

S ummary

� New commercial Internet architectures aredemanding new security technologies

� A new generation of trusted operatingsystems has come out of the commercialmarket

� TOS technology enables mission criticalarchitectures for e-commerce and PKI

secu

ring

the

futu

re™

Advanced Internet

Architectures

secu

ring

the

futu

re™

Paradigm S hifts

� Collapsing Walls� Perimeters cannot easily be defined� Perimeters of networks are no longer defensible

� Internet as a Transaction Platform� Transaction servers will be attacked for their

financial assets and information� Transaction servers have become gateways to

backend systems and networks

secu

ring

the

futu

re™

T raditional Web S erver

Users interact with web server

Informationtransferredto backendseparately

Mainframe

Firewall

Internet

Web Server

secu

ring

the

futu

re™

Direct T ransaction S erver

Firewall

Internet

Mainframe

Web Server

Users interact directlywith backend system

secu

ring

the

futu

re™

Direct Connect Model

Security Challenge

� Opens a new high-speed, direct conduit tosensitive back-end systems

� Commercial, third party applications arerunning on critical “gateway” systems

secu

ring

the

futu

re™

E -Commerce S ystems Under Attack

In a 1999 Computer Security Institute/FBI study of521 large organizations—including banks andgovernment agencies—

� 62% of respondents had experienced securitybreaches over the past 12 months.

� 21% answered “don’t know”� 91% utilize firewalls

� 98% use anti-virus software

� 93% deploy access control� 42% have intrusion detection

As E-Commerce Grows So Does Crime

secu

ring

the

futu

re™

PKI Hacker T hreats

� “By 2002, 80% of businesses using a PKIto support e-commerce applications orextranets will experience hacking attacksagainst the PKI components....”

-Gartner Group Research Note “Network Security for Public Key Infrastructures” 6 August 1999

secu

ring

the

futu

re™

Certificate Authority Endorsement

� “The certificate authority and repositoryshould run on hardened OSs. For high-sensitivity environments, we recommenduse of OSs designed to meet B1principles....”

-Gartner Group Research Note “Network Security for Public Key Infrastructures” 6 August 1999

secu

ring

the

futu

re™

T echnology S ummary

T rusted Operating S ystems

secu

ring

the

futu

re™

Unassailable S ecurity Fact

“The threats posed by the modern computingenvironment cannot be addressed withoutsecure operating systems. Any securityeffort which ignores this fact can only resultin a ‘fortress built upon sand.’”

-- The Inevitability of Failure: The Flawed Assumptionof Security in Modern Computing Environments

Loscocco, Smalley, Muckelbauer, Taylor, Turner, and FarrellNational Security Agency

secu

ring

the

futu

re™

T raditional S ecurity

� Firewalls

� Encryption� Network Encryption

� Public Key Infrastructure (PKI)

� Authentication� Digital Certificates

� Access Tokens

� Intrusion Detection

� Hardened Operating Systems

secu

ring

the

futu

re™

Where does a T rusted OS fit?

� A TOS doesn’t take the place of encryption,firewalls, intrusion detection, orauthentication mechanisms

� It adds extra layer of security that canstrengthen other security mechanisms

� It provides strong platform and networkinterface security for Internet-basedcommercial applications

� It prevents damage outside of a partition,and limits damage from buffer overflows

secu

ring

the

futu

re™

Capabilities Unique to the OS

� Stack overwrite bugs

� Administrator hijacking

� Multi-network communication

� Improper application interaction

� Other COTS/middleware software bugs

There are certain threats and risks that canonly be controlled via the operating system:

The OS can impose controls on all software.

secu

ring

the

futu

re™

T rusted OS Product Generations

Characteristic1st

Generation2nd

Generation3rd

Generation

Interface

Configurability

Networking

Installation

Feature Set

Emphasis

Criteria/Eval

Command Line

None

No MLS

Replace OS

Very Limited

AccessControl

TCSEC

Graphical

Limited

MLS

Replace OS

Moderate

Access +Admin

TCSEC / ITSEC

Browser

Extensive

MLS+

Upgrade OS

Very Rich

Access + Admin+ Integration

CC

secu

ring

the

futu

re™

T rusted OS T rend

� Losing image of old DoD systems

� Being designed to meet commercialstability and functionality requirements

� Becoming requirement for directtransaction servers

� Becoming part of the standard toolkit forsecurity professionals securing high riskenvironments.

secu

ring

the

futu

re™

Multiple Compartment Isolation

OutsideCompartment

SecurityGateway

Inte

rnet

Internet LAN

LAN

LAN

LANApplication 1

Compartment

Application 2Compartment

Application 3Compartment

secu

ring

the

futu

re™

Isolated S ystem Compartments

Shared SystemFiles (Read Only)

CGI Files

CGI Application

LANInterface

AdminServer

ProtectedAdmin Files

Web Pages

HTTPServer

InternetInterface

secu

ring

the

futu

re™

T OS -enabled

Architectures and S olutions

secu

ring

the

futu

re™

VPN SSL ProxyUser

T OS -based Webserver Architectures

TrustedAdministration

Server

Admin

Extranet AWeb Server

Extranet BWeb Server

Security Gate Auth. ModuleDefault

Web Server

UDE

Security Gate Application

SG App SG App SG

secu

ring

the

futu

re™

T OS -based PKI Architectures

FW

FW

DMZ

LAN

INET

RA

BE

FE

db

Admin

logstore

CA

FE

BE HSM

secu

ring

the

futu

re™

Internet

Local NI

LAN

Public NIVNI VNI VNI

Virtual MLS Machines for AS P/CS P

VM#1

VM#3

VM#2

shared resources

adminVM

secu

ring

the

futu

re™

High-End S ecure Environments

� Electronic Commerce� Internet Banking / Finance� Multilevel Intranet http Servers� Multi-National Commands� Multi-Disciplined Collection

Transaction Database Servers� Medical/Health Services� Secure Web Servers� PKI / Certificate Authorities� Trusted Firewalls

secu

ring

the

futu

re™

Argus Products

� PitBullA third generation trusted OS undergoing CCLSPP/EAL4 evaluation. Available on:

�Sun Solaris (2.5.1, 7, 8; SPARC & x86)�IBM AIX (4.3.2, 4.3.3)�SCO Unixware (7.1)

� GibraltarA complete e-platform architecture based onPitBull and running on the same platforms.

secu

ring

the

futu

re™

VPN SSL ProxyUser

Gibraltar Product Architecture

TrustedAdministration

Server

Admin

Extranet AWeb Server

Extranet BWeb Server

Security Gate Auth. ModuleDefault

Web Server

UDE

Security Gate Application

SG App SG App SG

secu

ring

the

futu

re™

S ummary

� New commercial Internet architectures aredemanding new security technologies

� A new generation of trusted operatingsystems has come out of the commercialmarket

� TOS technology enables mission criticalarchitectures for e-commerce and PKI

secu

ring

the

futu

re™

Argus S ystems

Securing theFuture

secu

ring

the

futu

re™

For More Information

www.argus-systems.com

1809 Woodfield DriveSavoy, IL 61874 USA

Tel: 217-355-6308Fax: 217-355-1433

info@argus-systems.com