- History of Science and Technology, History of Technology, Food History, Musical Theatre, Music Theater, Cyber Security, and 18 moreOpera and classical music in film, World War I Writing, Historically Informed Performance (HIP), Early 20th Century British, Early 20th-century Music, Classical Vocal Technique, World War I literature and history, Great War 1914-18, Christopher Hitchens, Historical Musicology & Vocal Pedagogy, Occupation of Northern France (First World War), Cultural History of the First World War, Internment (First World War), Early 20th century England, Theatrical peformances by prisoners of war, Insider Threat, Safety Engineering, and Software Securityedit
Security in the Software Life Cycle This article emphasizes how developers need to make additional, significant increases in their processes, by adding structure and repeatability to further the security and quality of their software.
Abstract. The security risks associated with software and its development processes have been recognized for 40 years or more. But only in the past quarter century have efforts to understand and address the root causes of system security... more
Abstract. The security risks associated with software and its development processes have been recognized for 40 years or more. But only in the past quarter century have efforts to understand and address the root causes of system security vulnerabilities evolved and coalesced into systematic efforts to improve software security assurance across government and leading industry sectors. Along with these programs have arisen efforts to reshape the software engineering profession, and to establish a robust software security technology and services industry. This article provides a capsule history of the most significant of the software assurance efforts of the past 25 years, organized by the main problems they have striven—and continue to strive—to correct. At the end of the article, a number of more extensive, detailed software assurance landscapes are recommended to the reader, to complement and elaborate upon the information presented here. Background In 1974, a vulnerability analysis...
Abstract.Too often, software and system developers take the quality of computer hardware for granted, never doubting that the logic of the integrated circuits (ICs) on which software runs and critical application data is stored will... more
Abstract.Too often, software and system developers take the quality of computer hardware for granted, never doubting that the logic of the integrated circuits (ICs) on which software runs and critical application data is stored will consistently function in a dependable (correct, predictable) and trustworthy (non-malicious, non-exploitable) manner. After all, ICs seem to be free of the kinds of design and implementation flaws so common in software, and impervious to subversion by malicious code. So ICs are believed capable of achieving high levels of assurance impossible in software. This belief underpins Trusted Processor Modules (TPMs) and Hardware Security Modules (HSMs) [1], devices conceived as high-assurance platforms for critical software processes and highly sensitive data that need strong protection against tampering, interference by untrusted processes, and leakage. But is such faith in IC quality really merited? In recent years, the hardware supply chain has been flooded ...
The challenges and various steps involved in developing ontologies for use by software applications will be discussed in this article, as well as how the DARPA Agent Markup Language (DAML) can be leveraged as a knowledge representation... more
The challenges and various steps involved in developing ontologies for use by software applications will be discussed in this article, as well as how the DARPA Agent Markup Language (DAML) can be leveraged as a knowledge representation language. IA initiatives
As a freely downloadable reference document, “Security in the Software Life Cycle: Making Application Development Processes – and Software Produced by Them – More Secure ” presents key issues in the security of software and its... more
As a freely downloadable reference document, “Security in the Software Life Cycle: Making Application Development Processes – and Software Produced by Them – More Secure ” presents key issues in the security of software and its development processes. It introduces a number of process improvement models, risk management and development methodologies, and sound practices and supporting tools that have been reported to help reduce the vulnerabilities and exploitable defects in software and diminish the possibility that malicious logic and trap doors may be surreptitiously introduced during its development. No single practice, process, or methodology offers the universal silver bullet for software security. “Security in the Software Life Cycle ” has been compiled as a reference document with practical guidance intended to tie it together and inform software practitioners of a number of practices and methodologies from which they can evaluate and selectively adopt to reshape their develo...
Too often, software and system developers take the quality of computer hardware for granted, never doubting that the logic of the integrated circuits (ICs) on which software runs and critical application data is stored will consistently... more
Too often, software and system developers take the quality of computer hardware for granted, never doubting that the logic of the integrated circuits (ICs) on which software runs and critical application data is stored will consistently function in a dependable (correct, predictable) and trustworthy (non-malicious, non-exploitable) manner. After all, ICs seem to be free of the kinds of design and implementation flaws so common in software, and impervious to subversion by malicious code. So ICs are believed capable of achieving high levels of assurance impossible in software. This belief underpins Trusted Processor Modules (TPMs) and Hardware Security Modules (HSMs) [1], devices conceived as high-assurance platforms for critical software processes and highly sensitive data that need strong protection against tampering, interference by untrusted processes, and leakage. But is such faith in IC quality really merited? In recent years, the hardware supply chain has been flooded with coun...
Control of weapon systems requires the Navy system and software developers to fully understand and develop new techniques for assessing and mitigating the safety hazards and security risks to Navy weapon systems imposed by these... more
Control of weapon systems requires the Navy system and software developers to fully understand and develop new techniques for assessing and mitigating the safety hazards and security risks to Navy weapon systems imposed by these imperatives. The purpose of this white paper is to discuss the safety hazards that can arise in safety-critical component-based software- intensive systems (also known as “software-reliant systems”) such as weapons systems, as well as the security risks that can result in safety mishaps (i.e., “safety-impacting security”). The paper also discusses assessment and analysis techniques that can be used to pinpoint and assess such hazards and risks, and architectural engineering countermeasures that can be used mitigate those that cannot be avoided or eliminated.
Research Interests:
Research Interests:
Research Interests:
September 2006 I an era riddled with asymmetric cyber attacks, claims about system reliability, integrity and safety must also include provisions for built-in security of the enabling software. The Department of Homeland Security (DHS)... more
September 2006 I an era riddled with asymmetric cyber attacks, claims about system reliability, integrity and safety must also include provisions for built-in security of the enabling software. The Department of Homeland Security (DHS) Software Assurance Program has undertaken to partner with software practitioners in industry, government, and academia to increase the availability and use of tools, knowledge, and guidance that will help improve the security and quality of the software they produce. In addition to its BuildSecurityIn Web portal [1] and Software Assurance Common Body of Knowledge [2], the DHS Software Assurance Program is publishing Security in the Software Life Cycle: Making Application Development Processes – and Software Produced by Them – More Secure [3] (freely downloadable from the DHS BuildSecurityIn portal).
Research Interests:
RefDoc Refdoc est un service / is powered by. ...
Research Interests:
Too often, software and system developers take the quality of computer hardware for granted, never doubting that the logic of the integrated circuits (ICs) on which software runs and critical application data is stored will consistently... more
Too often, software and system developers take the quality of computer hardware for granted, never doubting that the logic of the integrated circuits (ICs) on which software runs and critical application data is stored will consistently function in a dependable (correct, predictable) and trustworthy (non-malicious, non-exploitable) manner. After all, ICs seem to be free of the kinds of design and implementation flaws so common in software, and impervious to subversion by malicious code. So ICs are believed capable of achieving high levels of assurance impossible in software. This belief underpins Trusted Processor Modules (TPMs) and Hardware Security Modules (HSMs) [1], devices conceived as high-assurance platforms for critical software processes and highly sensitive data that need strong protection against tampering, interference by untrusted processes, and leakage. But is such faith in IC quality really merited? In recent years, the hardware supply chain has been flooded with coun...
Research Interests:
Over the past decades, efforts to enhance software development life cycle (SDLC) practices have been shown to improve software quality, reliability, and fault-tolerance. More recently, similar strategies to improve the security of... more
Over the past decades, efforts to enhance software development life cycle (SDLC) practices have been shown to improve software quality, reliability, and fault-tolerance. More recently, similar strategies to improve the security of software in organizations such as Microsoft, Oracle, and Motorola have resulted in software products with less vulnerabilities and greater dependability, trustworthiness, and resilience. In its mission to improve the security of software used in America’s critical infrastructure and information systems, the Department of Homeland Security’s (DHS) Software Assurance Program has sponsored the creation of the book Enhancing the Development Life Cycle to Produce Secure Software, a source of practical information intended to help developers, integrators, and testers identify and systematically apply security and assurance principles, methodologies, and techniques to current SDLC practices, and thereby increase the security of the software that results. Unlike t...
Research Interests:
Research Interests:
Page 1. Page 2. Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions ...
... Our final theme article by Michael F. Siok, Clinton J. Whittaker, and Dr. Jeff Tian discusses how to plan the number of defects ... will find additional insights in Earned Schedule: An Emerging Enhancement to Earned Value Management,... more
... Our final theme article by Michael F. Siok, Clinton J. Whittaker, and Dr. Jeff Tian discusses how to plan the number of defects ... will find additional insights in Earned Schedule: An Emerging Enhancement to Earned Value Management, which he co-authored with Kym Henderson. ...
Research Interests:
The challenges and various steps involved in developing ontologies for use by software applications will be discussed in this article, as well as how the DARPA Agent Markup Language (DAML) can be leveraged as a knowledge representation... more
The challenges and various steps involved in developing ontologies for use by software applications will be discussed in this article, as well as how the DARPA Agent Markup Language (DAML) can be leveraged as a knowledge representation language. IA initiatives
The security risks associated with software and its development processes have been recognized for 40 years or more. But only in the past quarter century have efforts to understand and address the root causes of system security... more
The security risks associated with software and its development processes have been recognized for 40 years or more. But only in the past quarter century have efforts to understand and address the root causes of system security vulnerabilities evolved and coalesced into systematic efforts to improve software security assurance across government and leading industry sectors. Along with these programs have arisen efforts to reshape the software engineering profession, and to establish a robust software security technology and services industry. This article provides a capsule history of the most significant of the software assurance efforts of the past 25 years, organized by the main problems they have striven - and continue to strive - to correct. At the end of the article, a number of more extensive, detailed software assurance landscapes are recommended to the reader, to complement and elaborate upon the information presented here.
The sophistication of the threat is increasing at least as fast, if not faster, than that of the systems and networks targeted by it. The instigators of today's advanced persistent threats (APTs) are ingenious, creative,... more
The sophistication of the threat is increasing at least as fast, if not faster, than that of the systems and networks targeted by it. The instigators of today's advanced persistent threats (APTs) are ingenious, creative, well-resourced, and patient. In many ways, they are on the leading edge of system and software engineering, in terms of their ability to design and implement complex, sophisticated distributed systems of cooperative software agents that are elegantly minimalistic yet highly reliable, survivable, and effective. Understanding how APTs operate and how they are engineered can provide many clues into how the systems and networks targeted by them could be re-engineered so that our dependency on a failing security paradigm—protect-detect-react-recover, which can never hope to keep up with the rapidly evolving, increasing capabilities of APTs—can be replaced with a commitment to engineering systems and networks capable of withstanding, surviving, and better yet avoiding...
Research Interests:
This is the second article in a two-part series that highlights the need to share information on one hand, and the need to protect it on the other.
RefDoc Refdoc est un service / is powered by. ...
Research Interests:
The purpose of this document is to provide guidance on safeguards that limit the introduction of malicious code into software and software systems in order to reduce the risk posed to software by malicious code. The intended audience for... more
The purpose of this document is to provide guidance on safeguards that limit the introduction of malicious code into software and software systems in order to reduce the risk posed to software by malicious code. The intended audience for the information contained in this document includes system security engineers, as well as system and software developers, evaluators, and development program offices.
Posting here because the document is no longer available online from NSA.
Posting here because the document is no longer available online from NSA.
Research Interests:
Letter to the editor of Communications of the ACM
Research Interests:
This article focuses on lawsuits as a recourse for purchasers of defective COTS software — particularly safety-critical COTS software and software-controlled systems, such as software used in commercial aircraft, motor vehicles, unmanned... more
This article focuses on lawsuits as a recourse for purchasers of defective COTS software — particularly safety-critical COTS software and software-controlled systems, such as software used in commercial aircraft, motor vehicles, unmanned aerial vehicles, medical devices, physical security systems, automated teller ma- chines, commercial robots and industrial control systems, a wide variety of COTS diagnostic and sensor systems, a nd the whole growing panoply of cyber-physical devices and systems that collectively comprise the “Internet of Things.”
Research Interests:
Too often, software and system developers take the quality of comput- er hardware for granted, never doubting that the logic of the integrated circuits (ICs) on which software runs and critical application data is stored will consistent-... more
Too often, software and system developers take the quality of comput- er hardware for granted, never doubting that the logic of the integrated circuits (ICs) on which software runs and critical application data is stored will consistent- ly function in a dependable (correct, predictable) and trustworthy (non-malicious, non-exploitable) manner. After all, ICs seem to be free of the kinds of design and implementation flaws so common in software, and impervious to subversion by malicious code. So ICs are believed capable of achieving high levels of assurance impossible in software. This belief underpins Trusted Processor Modules (TPMs) and Hardware Security Modules (HSMs) [1], devices conceived as high-assur- ance platforms for critical software processes and highly sensitive data that need strong protection against tampering, interference by untrusted processes, and leakage. But is such faith in IC quality really merited? In recent years, the hard- ware supply chain has been flooded with counterfeit ICs of substandard quality and, more recently, hardware Trojans have emerged as a threat to the trustwor- thiness of IC logic. As a result, engineers of critical software-intensive systems need to employ tools that give them deeper insight into the inner workings of the ICs on which their systems’ software will run. And the developers of that software need to design and implement their code so it can survive not only threats from human attackers and malicious software code, but from substandard hardware counterfeits and malicious IC logic.
Research Interests:
The security risks associated with software and its development processes have been recognized for 40 years or more. But only in the past quarter century have efforts to understand and address the root causes of system security... more
The security risks associated with software and its development processes have been recognized for 40 years or more. But only in the past quarter century have efforts to understand and address the root causes of system security vulnerabilities evolved and coalesced into systematic efforts to improve software security assurance across government and leading industry sectors. Along with these programs have arisen efforts to reshape the software engineering profes- sion, and to establish a robust software security technology and services industry.
This article provides a capsule history of the most significant of the software assurance efforts of the past 25 years, organized by the main problems they have striven—and continue to strive—to correct. At the end of the article, a number of more extensive, detailed software assurance landscapes are recommended to the reader, to complement and elaborate upon the information presented here.
This article provides a capsule history of the most significant of the software assurance efforts of the past 25 years, organized by the main problems they have striven—and continue to strive—to correct. At the end of the article, a number of more extensive, detailed software assurance landscapes are recommended to the reader, to complement and elaborate upon the information presented here.
Research Interests:
Recently, practitioners of information assurance, computer network defense, and cybersecurity have begun to admit that their long-pursued strategy of PDR to secure information systems is essentially flawed. The systems to be secured are... more
Recently, practitioners of information assurance, computer network defense, and cybersecurity have begun to admit that their long-pursued strategy of PDR to secure information systems is essentially flawed. The systems to be secured are growing too complex, diffuse, and in many ways uncontrollable, the adversaries too skilled and expert, and the emergence and proliferation of new threats too rapid for any security strategy based on avoidance, deterrence, and defense to ever succeed. The information war, as currently being waged, is not only being lost, it cannot be won. So, if PDR is failing, what can succeed? Inside and outside the DoD, it is increasingly hoped that the answer is survivability. Survivability as a strategy for dealing with threats against security expands the focus from preventing, detecting, and reacting to attacks to include surviving them.
Research Interests:
The sophistication of the threat is faster, than that of the systems and networks targeted by it. The instigators of today’s advanced persistent threats (APTs) are ingenious, creative, well-resourced, and patient. In many ways, they are... more
The sophistication of the threat is faster, than that of the systems and networks targeted by it. The instigators of today’s advanced persistent threats (APTs) are ingenious, creative, well-resourced, and patient. In many ways, they are on the leading edge of system and software engineering, in terms of their ability to design and implement complex, sophisticated distributed systems of cooperative software agents that are elegantly minimalistic yet highly reliable, survivable, and effective. Understanding how APTs operate and how they are engineered can provide many clues into how the systems and networks targeted by them could be re-engineered so that our dependency on a failing security paradigm - protect-detect-react-recover, which can never hope to keep up with the rapidly evolving, increasing capabilities of APTs - can be replaced with a commitment to engineering systems and networks capable of withstanding, surviving, and better yet avoiding the effects of such threats.
Research Interests:
This Information Assurance Technology Analysis Center (IATAC) State-of-the-Art Report (SOAR) provides a representative overview of the current state of the art of the measurement of cybersecurity and information assurance (CS/IA). It... more
This Information Assurance Technology Analysis Center (IATAC) State-of-the-Art Report (SOAR) provides a representative overview of the current state of the art of the measurement of cybersecurity and information assurance (CS/IA). It summarizes the progress made in the CS/IA measurement discipline and advances in CS/IA measurement research since 2000. Topics addressed include: terms and definitions used to describe CS/IA measurement; standards, guidelines, and best practices for development and implementation of quantitative and qualitiative measures and measurement; activities that provide measurable data and statistics; current efforts to make security more measurable through a variety of protocols and enumerations; research within and outside the Department of Defense (DoD) and the federal government on the subject of CS/IA measurement; approaches to quantifying economic value of security; existing gaps between expectations and the state of the art, with recommendations for filling these gaps.
Research Interests:
Enhancing the Development Life Cycle to Produce Secure Software is intended to complement Software Security Assurance: A State-of-the-Art Report, which provides an broad overview of the current methodologies, practices, technologies, and... more
Enhancing the Development Life Cycle to Produce Secure Software is intended to complement Software Security Assurance: A State-of-the-Art Report, which provides an broad overview of the current methodologies, practices, technologies, and activities engaged in by government, industry, and academia for producing secure software and verifying software’s security. Enhancing the Development Life Cycle complements Software Security Assurance by describing in greater technical depth and detail the security principles and practices that software developers, testers, and integrators can adopt to achieve the twin objectives of producing more secure software-intensive systems, and verifying the security of the software they produce.
Research Interests:
This Information Assurance Technology Analysis Center (IATAC) State-of-the-Art Report (SOAR) describes the current "state-of-the-art" in software security assurance. It provides an overview of the current state of the environment in which... more
This Information Assurance Technology Analysis Center (IATAC) State-of-the-Art Report (SOAR) describes the current "state-of-the-art" in software security assurance. It provides an overview of the current state of the environment in which defense and national security software must operate, then surveys current and emerging activities and organizations involved in promoting various aspects of software security assurance. The SOAR also describes the variety of techniques and technologies in use in government, industry, and academia for specifying, acquiring, producing, assessing, and deploying software that can, with a justifiable degree of confidence, be said to be secure. Finally, the SOAR presents observations about noteworthy trends in sofwtare security assurance as a discipline.
Research Interests:
Control of weapon systems requires the Navy system and software developers to fully understand and develop new techniques for assessing and mitigating the safety hazards and security risks to Navy weapon systems imposed by these... more
Control of weapon systems requires the Navy system and software developers to fully understand and develop new techniques for assessing and mitigating the safety hazards and security risks to Navy weapon systems imposed by these imperatives. The purpose of this white paper is to discuss the safety hazards that can arise in safety-critical component-based software- intensive systems (also known as “software-reliant systems”) such as weapons systems, as well as the security risks that can result in safety mishaps (i.e., “safety-impacting security”). The paper also discusses assessment and analysis techniques that can be used to pinpoint and assess such hazards and risks, and architectural engineering countermeasures that can be used mitigate those that cannot be avoided or eliminated.
Research Interests:
Software counterfeiting and piracy are problems of global proportions that violate the enforcement of Intellectual Property Rights (IPR) of software developers and vendors, and thus threaten their market viability. Moreover, software... more
Software counterfeiting and piracy are problems of global proportions that violate the enforcement of Intellectual Property Rights (IPR) of software developers and vendors, and thus threaten their market viability. Moreover, software counterfeiting provides violators with the opportunity to modify and augment the duplicated software code in undesirable ways, including insertion of malicious logic, backdoors, and exploitable vulnerabilities. Technological solutions to these challenges focus on making software authenticity easier to verify, making software more difficult to counterfeit, and making software distribution processes harder to subvert. But the software industry and governments worldwide recognize that technology is not the sole answer to reducing piracy and counterfeiting. They are focusing their efforts both on technological re- search but even more on IPR legislation, trade agreements, enforcement, “best practices” and awareness that both complement and reinforce technological approaches.
Research Interests:
As safety-critical software moves from closed environments to open and commodity technologies, security threats will inevitably increase. Organizations dependent on mission-critical systems and networks are recognizing that the... more
As safety-critical software moves from closed environments to open and commodity technologies, security threats will inevitably increase. Organizations dependent on mission-critical systems and networks are recognizing that the traditional “protect-detect-react” (PDR) strategy for countering intrusions and attacks is ineffective. A new information assurance and cybersecurity strategy is needed that augments PDR with the ability of systems and networks to “fight through” attacks. This article examines techniques that both security- and safety-critical software developers can leverage to increase their soft- ware’s survivability.
Research Interests:
To help creators of Web services and Service-Oriented Architectures (SOAs) understand and address the security challenges that confront them, the National Institute of Standards and Technology (NIST) is getting ready to publish a new... more
To help creators of Web services and Service-Oriented Architectures (SOAs) understand and address the security challenges that confront them, the National Institute of Standards and Technology (NIST) is getting ready to publish a new Special Publication (SP) 800-95, Guide to Secure Web Services. This SP describes Web service security standards and explains how to develop Web services and SOA portals using technologies based on those standards. However, neither SP 800-95 nor the standards it describes address a critical challenge: the security of Web services as software. Without considering software secu- rity, developers cannot create Web services that are truly trustworthy. This article describes both the content of SP 800-95 and highlights its critical omissions in terms of measures needed to produce Web service software that is in and of itself secure.
Research Interests:
As a freely downloadable reference document, “Security in the Software Life Cycle: Making Application Development Processes – and Software Produced by Them – More Secure” presents key issues in the security of software and its development... more
As a freely downloadable reference document, “Security in the Software Life Cycle: Making Application Development Processes – and Software Produced by Them – More Secure” presents key issues in the security of software and its development processes. It introduces a number of process improvement models, risk management and development methodologies, and sound practices and supporting tools that have been reported to help reduce the vulnerabilities and exploitable defects in software and diminish the possibility that malicious logic and trap doors may be surreptitiously introduced during its development. No single practice, process, or methodology offers the universal silver bullet for software security. “Security in the Software Life Cycle” has been compiled as a reference document with practical guidance intended to tie it together and inform software practitioners of a number of practices and methodologies from which they can evaluate and selectively adopt to reshape their development processes to increase not only the security but also the quality and reliability of their software applications, services, and systems, both in development and deployment.
Research Interests:
Over the past decades, efforts to enhance software development life cycle (SDLC) practices have been shown to improve software quality, reliability, and fault-tolerance. More recently, similar strategies to improve the security of... more
Over the past decades, efforts to enhance software development life cycle (SDLC) practices have been shown to improve software quality, reliability, and fault-tolerance. More recently, similar strategies to improve the security of software in organizations such as Microsoft, Oracle, and Motorola have resulted in software products with less vulnerabilities and greater dependability, trustworthiness, and resilience. In its mission to improve the security of software used in America’s critical infrastructure and information systems, the Department of Homeland Security’s (DHS) Software Assurance Program has sponsored the creation of the book Enhancing the Development Life Cycle to Produce Secure Software, a source of practical information intended to help developers, integrators, and testers identify and systematically apply security and assurance principles, methodologies, and techniques to current SDLC practices, and thereby increase the security of the software that results. Unlike the numerous other books on secure software development, Enhancing the Development Life Cycle does not espouse any specific methodology, process model, or development philosophy. Instead it explains the essentials of what makes software secure, and takes an unbiased look at the numerous security principles and secure development methodologies, practices, techniques, and tools that developers are finding effective for developing secure software – information that readers can leverage in defining their own SDLC security-enhancement strategies.
Research Interests:
As providers of trusted guard solutions for the US Defense Information Systems Agency, the Naval Research Laboratories, the Federal Bureau of Investigation, the Internal Revenue Service, and several foreign government agencies, developers... more
As providers of trusted guard solutions for the US Defense Information Systems Agency, the Naval Research Laboratories, the Federal Bureau of Investigation, the Internal Revenue Service, and several foreign government agencies, developers in Wang Federal's Secure Systems and Services Operation (SSSO) realized that most secure guard applications share the same essential architecture, and a significant amount of common functionality. With trusted guard requirements appearing in more and more procurements, both in the US and abroad, SSSO developers asked themselves whether, rather than having to design and implement a custom-built application from scratch to satisfy each new guard requirement, they couldn't develop a single standard guard framework that would satisfy the vast majority of guard requirements, and which would need only incremental customization to satisfy all of them. Having made this discovery, the SSO developers undertook to specify the detailed requirements for just such a generic - or standard - guard framework.
Research Interests:
Following our participation in a Multilevel Secure X.500 Directory Server pilot sponsored by the U.S. Air Force’s Rome Laboratory in 1996-1997, Wang Government Services has undertaken further research and development into the creation of... more
Following our participation in a Multilevel Secure X.500 Directory Server pilot sponsored by the U.S. Air Force’s Rome Laboratory in 1996-1997, Wang Government Services has undertaken further research and development into the creation of a Secure X.500 Border Directory Proxy Server that would enable the sharing of directory information among the U.S. and its allies; or between any other organizations that require limited, strictly controlled, secure sharing of direc- tory information. To achieve the secure “release” of internal directory information to the outside world, the Secure X.500 Border Directory Proxy Server would provide directory-specific firewall protection mechanisms that would filter and in some cases modify or delete (“sanitize”) specific directory information before release to ensure conformance of the released information with the defined releasability policy. In military/defense, intelligence, diplomatic, and similar communities, in addition to firewall protections, the Secure X.500 Border Directory Proxy Server could also act as a Trusted Guard, with the level of assurance required to maintain the mandatory separation between the “inside” and “outside” domains for everything except the controlled sharing of directory information according to a releasability policy strictly enforced by the Border Directory system. To provide the highest possible level of assurance, the Secure X.500 Border Directory Proxy Server would run on the Wang Government Services XTS-300TM Trusted Computer System, which has been evaluated at the Class B3 level by the National Computer Security Center (NCSC). The Secure X.500 Border Directory Proxy Server would integrate the existing X.500 filtering capabilities and trusted X.500 routing of Wang’s Defense Information Infrastructure (DII) Guard with additional filters that would collectively implement all potentially required directory firewall and Trusted Guard filtering mechanisms.
Research Interests:
This paper is intended to help the reader understand the information assurance (IA) and mission assurance (MA) challenges public CCEs pose and how accounting for those risks through acquisition security measures may affect public CCE... more
This paper is intended to help the reader understand the information assurance (IA) and mission assurance (MA) challenges public CCEs pose and how accounting for those risks through acquisition security measures may affect public CCE options. It discusses security and risk management factors the Government should consider before acquiring public cloud services. For example, it outlines security criteria for evaluating different public CCEs and vendors, as well as the abilities and limitations of service-level agreements (SLA) and memoranda of agreement (MOA) with regard to risk.