关闭

关闭

关闭

封号提示

内容

首页 [Springer出版]Cyberspace security and defense_ re…

[Springer出版]Cyberspace security and defense_ research issues.pdf

[Springer出版]Cyberspace security…

上传者: 知北游 2013-05-01 评分 0 0 0 0 0 0 暂无简介 简介 举报

简介:本文档为《[Springer出版]Cyberspace security and defense_ research issuespdf》,可适用于IT/计算机领域,主题内容包含CyberspaceSecurityandDefense:ResearchIssuesNATOScienceSeriesASeriespresent符等。

CyberspaceSecurityandDefense:ResearchIssuesNATOScienceSeriesASeriespresentingtheresultsofscientificmeetingssupportedundertheNATOScienceProgrammeTheSeriesispublishedbyIOSPress,Amsterdam,andSpringer(formerlyKluwerAcademicSubSeriesILifeandBehaviouralSciencesIOSPressIIMathematics,PhysicsandChemistryIIIComputerandSystemsScienceIOSPressIVEarthandEnvironmentalSciencesTheNATOScienceSeriescontinuestheseriesofbookspublishedformerlyastheNATOASISeriesAdvancedStudyInstitutesarehighleveltutorialcoursesofferingindepthstudyoflatestadvancesinafieldAdvancedResearchWorkshopsareexpertmeetingsaimedatcriticalassessmentofafield,andidentificationofdirectionsforfutureactionAsaconsequenceoftherestructuringoftheNATOScienceProgrammein,theNATOScienceSerieswasreorganizedtothefoursubseriesnotedabovePleaseconsultthefollowingwebsitesforinformationonpreviousvolumespublishedintheSerieshttp:wwwnatointsciencehttp:wwwspringeronlinecomhttp:wwwiospressnlTheNATOScienceProgrammeofferssupportforcollaborationincivilsciencebetweenscientistsofcountriesoftheEuroAtlanticPartnershipCouncilThetypesofscientificmeetinggenerallysupportedare“AdvancedStudyInstitutes”and“AdvancedResearchWorkshops”,andtheNATOScienceSeriescollectstogethertheresultsofthesemeetingsThemeetingsarecoorganizedbyscientistsfromNATOcountriesandscientistsfromNATOsPartnercountriescountriesoftheCISandCentraland–EasternEurope,Publishers)inconjunctionwiththeNATOPublicDiplomacyDivisionSpringer(formerlyKluwerAcademicPublishers)Springer(formerlyKluwerAcademicPublishers)SeriesII:Mathematics,PhysicsandChemistry–VoleditedbyJanuszSKowalikUniversityofWashington,JanuszGorskiGdanskUniversityofTechnologies,Gdansk,PolandandAnatolySachenkoInstituteofComputerInformationTechnologies,TernopilAcademyofEconomy,Ternopil,UkrainePublishedincooperationwithNATOPublicDiplomacyDivisionSeattle,WA,USACyberspaceSecurityandDefense:ResearchIssuesProceedingsoftheNATOAdvancedResearchWorkshoponCyberspaceSecurityandDefense:ResearchIssuesGdansk,PolandSeptemberACIPCataloguerecordforthisbookisavailablefromtheLibraryofCongressPublishedbySpringer,POBox,AADordrecht,TheNetherlandsPrintedonacidfreepaperPrintedintheNetherlandsAllRightsReservedSpringerNopartofthisworkmaybereproduced,storedinaretrievalsystem,ortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,microfilming,recordingorotherwise,withoutwrittenpermissionfromthePublisher,withtheexceptionofanymaterialsuppliedspecificallyforthepurposeofbeingenteredandexecutedonacomputersystem,forexclusiveusebythepurchaseroftheworkISBNX(PB)SpringerDordrecht,Berlin,Heidelberg,NewYorkISBN(PB)SpringerDordrecht,Berlin,Heidelberg,NewYorkISBN(HB)SpringerDordrecht,Berlin,Heidelberg,NewYorkISBN(ebook)SpringerDordrecht,Berlin,Heidelberg,NewYorkISBN(HB)SpringerDordrecht,Berlin,Heidelberg,NewYorkISBN(ebook)SpringerDordrecht,Berlin,Heidelberg,NewYorkTableofContentsPrefaceixPartGeneralSecurityIssuesITSecurityDevelopmentComputerAidedToolSupportingDesignandEvaluationAndrzejBiaáasááACaseforPublicandPrivateReviewofDevelopingITSecurityStandardsRogerAllanFrenc,TimothyGranceAssuringCriticalInformationInfrastructureSokratisKKatsikasSystemicChallengesforCriticalInformationInfrastructureProtectionMarcelloMaseraDecentralizedEnergySupplytoSecureComputerSystemsIgorTyukhovPartDependabilitySafetyAnalysisMethodsSoftwareDevelopmentQuestionsTadeuszCichockiTrustCaseACaseforTrustworthinessofITInfrastructuresJanuszGórskiDependability,Structure,andInfrastructureBrianRandellDesignforSafetyandSecurityofComplexEmbeddedSystems:AUnifiedApproachErwinSchoitschviPartNetworksDesignofDistributedSensorNetworksforSecurityandDefenseZdravkoKarakehayovADistributedApproachtotheRecognitionofGeographicallyLocatedIPDevicesGeorgeMarkowsky,RomanRomanyak,andAnatolySachenkoSituationalAwarenessandNetworkTrafficAnalysisJohnMcHugh,CarrieGates,andDamonBecknelPartEarlyWarningInformationSystemsandSecureAccessControlHoneynets:FoundationsfortheDevelopmentofEarlyWarningInformationSystemsFPouget,MDacier,andVHPhamIRISBiometricsforSecureRemoteAccessAndrzejPacut,AdamCzajka,andPrzemekStrzelczykNewDirectionsinAccessControlPierangelaSamaratiandSabrinaDeCapitanidiVimercativiiPartCryptographyImprovedBlockCipherCounterModeofOperationSchemesIvanGorbenkoandSergiyGolovashichElectronicSignatureinRealWorldVlastaJoškováANoteonTwoSignificantDevelopmentsinCyberspaceSecurityandDefenseJanuszSKowalikACryptographicMobileAgentImplementingSecurePersonalContentDeliveryProtocolBartáomiejZióááákowskiandJanuszStokááákkosaááPartIntrusionDetectionAnInfrastructureforDistributedEventAcquisitionHervéDebar,BenjaminMorin,VincentBoissée,andDidierGuérinSomeAspectsofNeuralNetworkApproachforIntrusionDetectionVladimirGolovkoandPavelKochurkoPrefaceThisvolumecontainsaselectionofpaperspresentedattheNATOsponsoredAdvancedResearchWorkshopon“CyberspaceSecurityandDefense”heldatthePolitechnikaGdanskainGdansk,Poland,fromSeptemberthtoth,ThepurposeoftheworkshopwastoassessthestateoftheartinthisareaofinformationtechnologyandidentifykeyresearchissuesThepaperscollectedinthisvolumerepresentawidespectrumoftopicswiththemainfocusbeingpracticalityandreallifeexperiencesTheworkshopwasanopportunityformanytopexpertsfromtheNorthAmerica,theWesternandEasternEuropefordiscussingtheirtechnicalapproachestosecuringanddefendingcyberspaceagainstmanypotentialthreatsWewishtothanktheNATOScientificAffairsDivisioninBrusselsfortheirgenerousfinancialsupportandsponsorshipoftheworkshop,andtotheAdministrationofthePolitechnikaGdanskaforbeinganexcellenthostManyindividualshelpedtoorganizetheworkshopAmongthemareMrHuangMingYuhfromTheBoeingCompanyinSeattleandMrPhilipAttfieldfromTheSeattleUniversitywhowereresponsibleforthetechnicalprogramSeveralpersonsprovidedanexcellentofficeandtechnicalsupportfortheworkshopWethankMrsAlfredaKortasandMrMarcinOlszewskiforthisinvaluablehelpInthefinalassemblyofthemanuscriptwewerehelpedbyMrRayBensonfromTheBoeingCompanyWethankhimforhistime,effortandhisgreatattentiontodetailsButaboveallwearedeeplygratefultotheparticipantsoftheworkshop,especiallythosewhohavecontributedtheirpaperstothisvolumeDecemberJanuszSKowalikJanuszGorskiAnatolySachenkoPARTGENERALSECURITYISSUESITSECURITYDEVELOPMENTComputerAidedToolSupportingDesignandEvaluationAndrzejBiałasInstituteofControlSystems,Chorzów,Długa,PolandabialasissplAbstract:ThepaperpresentsaprototypeofthesoftwaretoolforIT(InformationTechnology)securitydevelopmentandevaluationaccordingtoCommonCriteria(ISOIEC)familyofstandardsThemaingoalofdevelopingthetoolistomaketheseactivitieseasierThetoolisbasedontheenhancedconceptofgenerics,advancedfunctionality,complianttoISOIECDTRandtherecentinformationsecuritymanagementstandards,andontheriskanalysisaswellKeywords:CommonCriteriaITsecuritydesignevaluationdevelopmentcomputeraidingsecurityengineeringINTRODUCTIONThepaperdealswithaprototypeofthesoftwaretoolaidingIT(InformationTechnology)securitydesignandevaluationaccordingtoCommonCriteria(ISOIEC)–andrelatedstandards–,althoughitisfocusedonfunctionalityofferedtodevelopersCommonCriteria(CC)imposearigorousdevelopmentandevaluationmethodologyonanysecurityrelatedproduct,dependingmostlyonthedeclaredEvaluationAssuranceLevel(inrange:EAL–EAL)Basically,morestrictdisciplineindevelopmentandevaluationmeansbetterassuranceThusthedevelopmentandevaluationprocessesareverycomplicatedduetomanydetails,dependenciesandfeedbacks,whichshouldbetakenintoconsideration,andratherdifficultrationalesThatiswhytheneedofcomputeraidedtoolsisimportantandgrowingTherearethreemaingroupsofthetoolsdesignedfortheITsecuritydevelopersandevaluatorsThefirstonesupportsCommonCriteriaITsecuritydevelopmentprocessinalessormoredetailedway–TheseapplicationshelptomanagedesignstagesandrelateddocumentationAllofthemhaveCCfunctionalandassurancecomponentsimplementedandallowtodefinemnemonicJSKowaliketal(eds),CyberspaceSecurityandDefense:ResearchIssues,–SpringerPrintedintheNetherlandsGeneralSecurityIssuesdescriptorsexpressingITsecurityfeatures,called“generics”Someofthem–havepredefinedonlyabasicsetofgenericswithrelationsbetweenthem,someofferthepossibilityofdefiningthembytheuseronlyThesetoolsneedalsotoimprovetheirbasicfunctionalityofferedtodevelopers,allowingthem:xnotonlytomanagethedevelopmentprocessbutalsotobettersupportthedesigntradeoffsdealingwithdevelopedsecurityrelatedproduct,xtobetterfocusontheproblemssolving(betterdesigndecisionsupport),xtoissuedesignsthataremorepreciseandcomplianttothecreatedITsecuritystandardsandalsodevelopmentandevaluationtobemorecosteffectiveThesetoolsaredesignedratherforlowerEALsandcanbeusefulforcommonlyusedproducts,likeCOTS(commercialofftheshelf)Thesecondgroupoftools,designedforhigherEALs,isenhancedbutalsoapplicationspecific(usuallyforJavasmartcards)ThetoolsfocusmainlyonproperimplementationofADVclass(Developmentassurance),basedonsemiformalorformalapproach,likeUML,OCL,Bmethodandtools,Autofocus,Spark,EdenAsagoodexampleonecanconsideranextendedversionofTheworksdealingwithUMLextension,calledUMLsec,areverypromising,providingunifiedapproachtosecurityfeaturesdescriptionThethirdgroup,designedfortheevaluators,supportingimplementedevaluationscheme,like,willbenotconsideredthereSomeofthetoolsaredevelopedasapartofknowhowoftheITdevelopmentorevaluationslaboratories,andforthisreason,theirdescriptionaswellasthetools,arenotoftenpubliclyavailableThesoftwarepresentedbelowbelongstothefirstgroupofthetoolsComparedtothepreviouslymentioned,thetoolhasthreegeneralfeatures,ensuringnotonlyeffectivemanagement,butalsoprovidingimprovedassistanceoftheITsecuritydevelopmentprocess,especiallyforCOTSandlowassuranceprotectionprofiles:xenhancedcommonlyusedgenericslibrary,horizontallyandverticallyordered,allowingbetteraidingofdesigndecisionsbythetool,operationsongenerics,parameterizationanditsreusability,xadvancedassistanceofthedevelopmentprocess,andalsocomplianttothecreatedISOIECstandard,includingextrafeatures,likeariskanalyzer,projectdatarelationshipsvisualization,reportingandevaluationmodules,ximprovedcompliancewithinformationsecuritymanagementssystemsalwayscreatingtheworkingenvironmentforsecurityrelatedproductsGeneralSecurityIssuesThetoolfeaturesareconsistentwiththerecentresearchesandtrendsfocusingon:creatingunifiedassuranceframeworksmostlyforCOTS,implementingriskmanagementfeaturesandevaluatingnonITcomponents–,issuingproductsoflowcostofevaluation,beingmorecomplianttosecuritymanagementstandards–andbasingonXMLThedevelopmentofthepresentedsoftwarehasalsoacommonmeaning:promotingCCandsecureCOTS,providingcontributiontotheCCRA(CCRecognitionArrangement)deployment(theexperienceoftheothercountries,showsitisnoteasy),aswellasitcanbeusedfortrainingpurposesTheSecCertpresentedtherewassignificantlyimproved,basingmostlyonthefollowingexperiences:ValidationontheCOTStypePKIapplicationfordigitalsignatureandencryption,basedonMicrosoftCryptoAPI(SecOffice)Theresultwasgenerallypositive,butneedsanddiscoveredgapshaveenforcednewoptions,like:riskanalyzer,XMLgeneratorimproving(designersdrawingsattachment),extensionofthegenericlibrariesanditsbettermanagement,supportingtradeoffbetweensecurityobjectivesdeclaredforthesecurityrelatedproduct,foritsenvironmentorforbothCasestudybasedonearlycertifiedproductsofPhilipssmartcardInconclusion,thevisualizationofthegenericscomponentsandtheirrelationships(besidetheexistingcorrespondencematrices),andimprovedevidencematerialmanagementwereimplementedCompatibilitycheckingwithISOIECDTRdiscoversnotproperlyimplementedthesocalled“SOFStrengthofFunctionsclaims”andoperationsoncomponents,andalsonumerous,butrathersmall,discrepanciesdealingwithdevelopmentprocessimplementationThefeaturesimprovingcompatibilitywithinformationsecuritymanagementstandardswereimpliedbasingonexperiencesinsoftwaredevelopmentcomplianttoBSstandard(SecFrame)ANINTRODUCTIONTOITSECURITYDEVELOPMENTPROCESSTobetterunderstandthetoolfeaturesandfunctionality,aconciseintroductiontoITsecuritydevelopmentprocessisneededAllsecuredIThardwareorsoftwareproductsandsystemsarecalledTargetofEvaluation(TOE)whicharecreatedonthebasisofthesecurityrequirementsspecifications:SecurityTarget(ST)animplementationdependentandProtectionProfile(PP)animplementationindependentDevelopmentprocess(Figure)consistsof(forPP)phasesandtransitionsrationales:GeneralSecurityIssuesxestablishingsecurityenvironment,definedbysetsofassumptions,threatsandorganizationalsecuritypolicies(OSP),workedoutduringananalysis:TOEassets,purposeandphysicalenvironmentgureGeneralSchemeofITSecurityDevelopmentProcessxsettingsecurityobjectivesfortheTOEanditsenvironmentxusingCCcomponentscataloguesandanalyzingtheaboveobjectives,workingoutthesetsoffunctionalandassurancerequirementsfortheTOEandfortheenvironmentxusingfunctionalandassurancerequirements,preparingtheTOEsummaryspecification(TSS)dealswithSTspecificationonlyFiGeneralSecurityIssuesITSECURITYDEVELOPMENTTOOLFEATURESOnthebasisofageneralTOEdevelopmentprocess(Figure),amoredetailedschemeofelaboratingProtectionProfilesandSecurityTargetswasworkedoutandimplemented,presentedintheFigure,–STARTDescriptorsandidentifierspPPIdentificationofsecurityenvironment(concerns)Y(PP)N(ST)UsingPPonlyNYEstablishingthesecurityrequirementsIdentificationofsecurityobjectivesObjectiverationaleObjectivesOKYNOtherPPneededYNAppendPPppWorkoutofthesecurityrequirementsRequirementsrationaleRequirementsRiOKNSTYN(PPfinished)WorkoutoftheTOEsummaryspecification(TSS)TOEsummaryspecificationrationaleTSSOKDescriptorsandidentifiersupdateYSTfinishedENDChangingobjectivesgggneededjNYChangingTSSisenoughggggNChangingrequirementsneededYChangingenvironmentggneededNChangeenvironmentgYNYNNYYFigureSecurityTarget(ST)andProtectionProfile(PP)DevelopmentProcessThesedifferentwaysofcreatingSTorPPspecificationsaccordingtowereencompassedbythepresentedtoolTheTOEcanbedesigned:xstraightonthebasisofconsumerneeds,GeneralSecurityIssuesxusingconsumerneeds,andadditionallyincompliancewithgivenPPs,xbasedonlyontherequirementsdefinedwithintheearlierevaluatedPPsEnhancedDataModelandDataLibrariesAmoreenhanceddesignlibrarymeansmoreeffectivesupportfordevelopersForthisreasonitencompassesnotonlyfunctionalandassurancecomponents,butalsoasetofgenericsItshouldbenoticedthatthepaperpresentsanextendedconceptofagenericThenumerousandorderedsetofgenericsallowstospecifydifferentaspectsofITsecurityforthelargegroupofthesecurityrelatedproducts(assumingCOTS)Thesetiscompliant,albeitconsiderablylargerthanthoseincludedininformativeannexesinItisorderedhorizontallybydomainsoftheapplication,andverticallybysecuritydesignaspects,correspondingtothedevelopmentphases,like:securityenvironment,objectives,requirementsorfunctionsAdditionally,genericsrepresentingdifferenttypesofassetsandsubjectswereintroduced,togetherwithgenericsrepresentingsuchsecurityaspects,likerisk,vulnerabilityandimpactnevermetbeforeTheycanexpresssecurityfeatures,mostlythreatsandpolicies,morepreciselyDefinition(General,Descriptive):Genericisamnemonicname,expressingthesetofcommonfeatures,behaviorsoractions,relatingtodifferentaspectsorelementsofITsecuritysystem,likesubjects,objects,assumptionsforthesecurityenvironment,organizationalsecuritypolicies,threats,securityobjectivesfortheTOEanditsenvironment,securityrequirementsfortheenvironment,securityfunctions,aswellasvulnerabilities,risksandimpactsDefinition(MoreFormal,Open):Generic=DomainTypeMnemonicDerivedDescriptionRefinementAttributes,where:„Domain”dealswiththeareaofapplications,like:GNR–commonaspects,CRP–specificcryptographicapplications,COM–communication,networksaspects,firewallIDSIDPspecifics,DAB–DatabaseManagementSystems(DBMS),TTP–specificapplicationsforTrustedThirdParty(TTP),S

职业精品

用户评论

0/200
    暂无评论

精彩专题

上传我的资料

热门资料

资料评价:

/49
仅支持在线阅读

意见
反馈

返回
顶部