slide1 l.
Skip this Video
Loading SlideShow in 5 Seconds..
Trusted Computing in Government Networks May 16, 2007 PowerPoint Presentation
Download Presentation
Trusted Computing in Government Networks May 16, 2007

Loading in 2 Seconds...

play fullscreen
1 / 12

Trusted Computing in Government Networks May 16, 2007 - PowerPoint PPT Presentation

  • Uploaded on

Trusted Computing in Government Networks May 16, 2007. Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency. Information Assurance at NSA. Information Assurance Directorate (IAD)

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Trusted Computing in Government Networks May 16, 2007' - samara

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Trusted Computing in Government Networks

May 16, 2007

Richard C. (Dick) Schaeffer, Jr.

Information Assurance Director

National Security Agency

information assurance at nsa
Information Assurance at NSA
  • Information Assurance Directorate (IAD)
    • Provides products and services critical to protecting U.S. National Security information and Information systems
  • National Information Assurance Research Laboratory (NIARL)
    • Carries out research and design of technologies needed to enable IA solutions for the National Security Community
      • Where SELinux was created and is currently maintained
ia mission drivers
IA Mission Drivers
  • Rapid introduction of new technology & services
    • IA solutions must be available at the speed of the IT business and customer cycles
  • Commercial IT dominates most systems; commercial IA growing
    • Leveraging/influencing commercial activity is vital
  • Global communications and connectivity expanding
  • National IA needs are growing while resources remain fairly constant
government industry partnerships
Government/Industry Partnerships
  • To meet national IA needs requires cooperative partnerships
  • Multi-layered approach
    • Define System-level Solutions
      • Operational Capability Needs
      • Appropriate IA for Operational Environment
    • Determine that System Components (COTS & GOTS) provide necessary capabilities and assurance
      • Technology Guidance
      • Evaluation
    • Develop and Provide User Guidance
      • Configuration Guides
      • Systems Security Engineering
timing ia integration
Timing IA Integration
  • IA Activities provide benefit all along the product/system life-cycle
  • Early in the Development (maximum affect)
    • Microsoft Security Design Lifecycle (SDL)
    • Solution and Technology IA Design Guidance
  • Near Product/System Completion
    • Vulnerability Analysis
    • Evaluation
  • During Operation
    • Appropriate Usage Guidance
    • Configuration Guidance (e.g., Microsoft Windows)
balanced ia
Balanced IA
  • Not all systems require equal security functionality and assurance
  • Operational factors dictate necessary security functions
    • Data sensitivity and perishability
    • System connectivity
    • Criticality of operation
    • Operational environment
the right security functionality
The Right Security Functionality
  • Lessons learned from Multi-Level Security (MLS) systems
  • SELinux embodies a sound architecture for flexible Mandatory Access Control
  • Open Source Community has helped to shape the end result
  • Continuing to work toward further advances
achieving higher assurance
Achieving Higher Assurance
  • Crucial to NSA and its clients and customers
  • Getting the right functionality with medium assurance through current efforts
  • EAL4 is not the end of the road, just a start
    • Higher levels of assurance (EAL4+ and beyond) critical to meeting the needs of the National Security Community
high assurance platform hap
High Assurance Platform (HAP)
  • NSA program fusing advanced commercial initiatives with NSA certified trusted applications into a customizable platform security architecture
  • Leverage COTS to maximum extent possible
    • Hardware assisted virtualization and security
  • Enable solution integrators to compose a high assurance platform instance from available components that can:
    • Isolate and separate security domains
    • Provide assured information sharing across security domains
ia tools
IA Tools
  • Automated tools needed to counter immense product and system complexity, particularly for high assurance
  • Tools applied across the life-cycle
    • Development
      • Risk and design analysis tools
      • Threat modeling tools
    • Analysis
      • Source and binary code analysis tools
    • Operation
      • Patch management tools
      • Configuration checking and consistency tools
gaining commercial acceptance
Gaining Commercial Acceptance
  • The technical challenges facing the National Security Community are the same, the stakes are quite different
  • Unique perspective on threats and countermeasures to share with industry
  • Our role is to not just “tell” industry what to do; we must also contribute to the “solution” space
reaching the goal
Reaching the Goal
  • Significant progress to date!
  • Need to keep advancing in all areas:
    • Enhanced Security Functionality
    • Increased Assurance
      • More Robust Tools
    • Improved Commercial Acceptance
    • Expanded Partnerships