mon - am - 3 - whitlock.ppt location unknowable information ephemeralization 4d - soa client-server...
TRANSCRIPT
Gemini Dream:C th T i S O D t ?Can the Twins Save Our Data?
Stephen T. WhitlockStephen T. WhitlockChief StrategistInformation Security
BOEING is a trademark of Boeing Management Company.Copyright © 2008 Boeing. All rights reserved.
The Boeing Company
Setting the SceneBoeing Technology | Information Technology Information Security
Introduction• Introduction1. The value of Information2 Risks to Information2. Risks to Information3. The Twins
Digital Access Management (DAM)Digital Access Management (DAM)Standard Meta Information
• Note 1: I’m using the term DAM (Digital Access Management) to avoid use of the traditional term, DRM. The goals of DAM in this context (Limited E2E Access Control) are different fromcontext (Limited E2E Access Control) are different from multimedia focused DRM goals (play anywhere). What we really need is E2ERM – Enterprise to Enterprise Rights Management.
• Note 2: There are many references to Dan Geer’s recent book, Economics & Strategies of Data Security – they are abbreviated
Copyright © 2008 Boeing. All rights reserved.
g y yas ESDS.
Stage 1: Hand CopyingBoeing Technology | Information Technology Information Security
• Physical object• Physical object• Unique• Theft noticeable• Theft noticeable
Stage 1 Protection - Primitive EncryptionBoeing Technology | Information Technology Information Security
Nebmaatre (Amenhotep III’s Throne Name) encrypted by using -
1) A Moondisk for Ra instead of a Sundisk2) A baboon instead of a goddess for Maat2) A baboon instead of a goddess for Maat
i t n (sundisk)
m i w (cat)
n b (basket == lord)
h s i (vase == favored of)
n b (basket lord)
i m n == Amon: Scarab says “Someone Favored of Amon”
Stage 2: PrintingBoeing Technology | Information Technology Information Security
• Physical object• Not UniqueNot Unique• Theft less noticeable,
depending on number p gof copies
Stage 2 Information ProtectionBoeing Technology | Information Technology Information Security
• Evolutionary from Stage 1• Manual ciphers• Manual ciphers• Simple mechanical devices
Stage 3: Transmission & Transmission ProtectionBoeing Technology | Information Technology Information Security
Data is transmitted• Virtual object• Virtual object• Not Unique• Theft unnoticeableTheft unnoticeable
Protection• Automated mechanical ciphers
inserted in transmission process• Symmetrical encryption required• Symmetrical encryption required
identical machines and settings for decryptionyp
Stage 4: Computer Based AutomationBoeing Technology | Information Technology Information Security
4E Cloud Computing4E - Cloud Computing Externalized SOADATA is trusted to third party servicesData location unknowable
InformationEphemeralization
4D - SOAClient-server with relaxed protocols –User defined to self describing protocolsReturn of time share but DATA is everywhere
4C - Distributed Client-ServerMultiple computersMove Computing to the DATA
Return of time share but DATA is everywhere
4B - Time ShareSingle computer - Time independence
p gData location independence
4A - Stand Alone
gMove DATA to the ComputerData not only had value but lived in the care of others
Single userMinimal DATACreation of concept that data was a repository of value
Time (For definitions of 4A-4D see ESDS, p9-18)
The Value of InformationBoeing Technology | Information Technology Information Security
Some day on the corporate balance sheet thereSome day, on the corporate balance sheet, there will be an entry which reads, “Information.” for in most cases the information is more valuable than the hardware which processes it.p
Adm. Grace Murray Hopper, USN 1987, ESDS p 42
The information about the packages we ship is more valuable than the packages themselvesmore valuable than the packages themselves.
Fred Smith, Federal Express, 1990, ESDS p 43
Copyright © 2008 Boeing. All rights reserved.
The Value of Information Gratuitously IllustratedBoeing Technology | Information Technology Information Security
New technologies will accelerate the needNew technologies will accelerate the need for federating not just identity but also access control.
SOA & Web 2.0 are really federated applications, and mashups aresimply federated informationue
Meta Information Assets(info about the info)simply federated information.
E2E business really needsto federated securityve
Val
u
Information Assets
(info about the info)
to federated securityservices.
Information TechnologyRel
ativ
gyAssets (hardware)
Physical Assets (factories, trucks, etc.)
Copyright © 2008 Boeing. All rights reserved.
Time
Stealing InformationBoeing Technology | Information Technology Information Security
Wh t k i f ti th ft diff tWhat makes information theft different from physical object theft:p y j
1 Information leaves no vacuum when stolen1. Information leaves no vacuum when stolen2. Information theft occurs at the speed of light3 O i f ti i ’t t it3. Once information is gone you can’t get it
back
(paraphrased from Dan Geer)(p p )
Copyright © 2008 Boeing. All rights reserved.
Stealing a Bible – And Other Theft ExamplesBoeing Technology | Information Technology Information Security
PhysicalPhysical Representations of Information Objects
Physical Object
Digital or Information Objects
Copyright © 2008 Boeing. All rights reserved.
60 Seconds Later…Boeing Technology | Information Technology Information Security
Physical Representations of Information Objects
PhysicalObject
Theft easy to noticeTheft easy to notice
InformationTheft hard to notice
Copyright © 2008 Boeing. All rights reserved.
InformationObjects
Classical Information TheftBoeing Technology | Information Technology Information Security
Faster than a Minox, slower than a USB Drive Physical Representations of
Information Objects
Theft hard to notice
Physical Copy off
Theft hard to notice
Physical InformationObject
Copyright © 2008 Boeing. All rights reserved.
Modern Information TheftBoeing Technology | Information Technology Information Security
InformationObjectsObjects
Internet
Copyright © 2008 Boeing. All rights reserved.
Do you know where all the physical or logical copies of your information are?
A Thief’s Perspective on Risk Versus Reward Boeing Technology | Information Technology Information Security
Theft Chance TheftWill B
Chance Property Will Chance of
K i ResaleTheftSpeed Will Be
Noticed
Property WillHave to BeReturned
Keeping aCopy
ResaleValue
PhysicalObjects
PhysicalInformationInformation
Objects
InformationObjects
Copyright © 2008 Boeing. All rights reserved.
An Information Centric Future of Access ControlsBoeing Technology | Information Technology Information Security
Network Controls
sstiv
enes
Host Controls
Effe
c
Host Controls
Data ControlsTime
Copyright © 2008 Boeing. All rights reserved.
See: Dan Hitchcock, Evolution of Information Security Technologies, 2005 at http://movetheworld.wordpress.com
Protecting Information Boeing Technology | Information Technology Information Security
A rising threat requiresA rising threat requires any defensive perimeter to contract, and that ,statement is true for the military, it is true for the
ild b t d it iwildebeeste, and it is true for data.
Data
A contracted perimeter for data shifts the unit of Hostfor data shifts the unit of protection from networks and servers to Network
Host
individual data objects at their point of use.
Copyright © 2008 Boeing. All rights reserved.
Dan Geer, ESDS p176-77
Information Protection Tools TodayBoeing Technology | Information Technology Information Security
• Signature• Signature• Content integrity• Origin attestationg
• Encryption• Signature + Confidentiality
• Appliance based encryption services• PGP Universal• Identity Based Encryption (IBE) several vendors• Identity Based Encryption (IBE) – several vendors
• Rights Management Technology• Encryption + Destination & Operation ControlEncryption Destination & Operation Control
• Limited Technologies• Assured Delete (Sun Microsystems research project)
– Cryptographic based data destruction via key management using ephemeral secret keys
• Constructive Key Management (CKM - TecSec)
Copyright © 2008 Boeing. All rights reserved.
Constructive Key Management (CKM TecSec)– Very fine grained cryptographic based access control
Limitations of EncryptionBoeing Technology | Information Technology Information Security
• Public Key cryptography has solved the key• Public Key cryptography has solved the key distribution problem by creating an unsolved public key identification problemkey identification problem.
• With a few exceptions, cryptographic vendors provide limited scope point solutionslimited scope point solutions
• A typical enterprise will have different encryption products for E-Mail, VPNs, File Encryption, Whole Disk Encryption, etc. all using different sets of keys and all leaving the information unprotected in between. This is expensive.
• Most enterprises decrypt VPN tunnels at the perimeter or• Most enterprises decrypt VPN tunnels at the perimeter – or the most exposed part of their infrastructure. This is bad.
• Data is at risk when and where it changes from at-rest to in-motion… That point-of-use, where that state change occurs, becomes the locus of your data security efforts Dan Geer
Copyright © 2008 Boeing. All rights reserved.
becomes the locus of your data security efforts – Dan Geer
ISO Authorization ModelBoeing Technology | Information Technology Information Security
Access ControlE f t F ti ResourcePrincipal Enforcement Function ResourcePrincipal
AccessRequestRequest,Identity
AdditionalPrincipal
Access
PrincipalAttributes
DecisionRequest,Identity,
Attributes
AccessControl
Resource and Environmental
DecisionSupport
Information
DecisionFunction
Rules Identity and
Information
Copyright © 2008 Boeing. All rights reserved.
Rules, Identity, andAttributes Repository
Rights Management Is Access Control (Authorization)Boeing Technology | Information Technology Information Security
RM ContainerRM C t API InformationPrincipal RM Crypto API Informationp
AuthorConstraintsConstraints,
Identity
AdditionalPrincipal
Access
PrincipalAttributes
AccessAccess
Author
Ri ht M t S i
AccessDecision
ResponseRequestProtocolReader
Rights Management Service
AccessM tManagement
DecisionFunction
Rights, Rules, Identity,Attributes, Meta Data
Repository
DecisionSupport
Information
Copyright © 2008 Boeing. All rights reserved.
Limitations of Current Rights Management TechnologyBoeing Technology | Information Technology Information Security
No interoperability between vendors limits its• No interoperability between vendors limits its usefulness for e-Business
• Limited object granularity• No common information protection modelp• Weak protection, dependent on operating
system health and sound identity managementsystem health and sound identity management
We need a strong, scalable, usable federated i f ti t ti bilitinformation protection capability
Copyright © 2008 Boeing. All rights reserved.
Attack Surface / Trust Boundary Boeing Technology | Information Technology Information Security
Typical EncryptionTypical EncryptionTrust Boundary
IdentityRM
ServersManagement
SystemTypical RightsManagementManagementTrust Boundary
Copyright © 2008 Boeing. All rights reserved.
Digital Access Management (DAM) StandardizationBoeing Technology | Information Technology Information Security
DAM ContainerInformationPrincipal
DAM Crypto APIInformationPrincipal
AuthorConstraintsConstraints,
Identity
AdditionalPrincipal
Access
PrincipalAttributes
DAM
Author
Di it l A M t S i
ProtocolReader
Digital Access Management Service
AccessM tManagement
DecisionFunction
Rights, Rules, Identity,Attributes, Meta Data
Repository
DecisionSupport
Information
Copyright © 2008 Boeing. All rights reserved.
Necessary Rights Management StandardsBoeing Technology | Information Technology Information Security
• An open standard container for encapsulating• An open, standard container for encapsulating protected information
• An open programming interface (API) that can be used• An open programming interface (API) that can be used to apply and query the associated rights
• An open inherently secure protocol forAn open, inherently secure protocol for communicating between consumers of DAM protected data and the server or enterprise that controls thedata and the server or enterprise that controls the data’s DAM attributes
• A standard, extensible set of information classifications (meta data) for information required to ( ) qprocess the document
Copyright © 2008 Boeing. All rights reserved.
E2E DAM - ExamplesBoeing Technology | Information Technology Information Security
Manufacturing Client PEP Applet
Locally Built PEP
ManufacturingSubcontractor
DesignSubcontractor
pp
SharePointOracle IRM
Customer
Lead ContractorEMC IRM
Copyright © 2008 Boeing. All rights reserved.
Microsoft RMSEMC Documentum
Information Attribute StructureBoeing Technology | Information Technology Information Security
Is located in
Belongs to
Defines
Sanctioned by
INDIVIDUALActor Id (FK)
BEMS IdIndividual Name, etc.Individual Country Id (FK)Individual Export Status (FK)
CONTROL CATEGORYExport Control List Id (FK)
CONTROL LISTControl List Id
Control List NameControl List DescriptionCountry Id (FK)
COUNTRYCountry Id
Country Name
Is citizen of
Manages
Owns
Categorizes
Sanctioned byp ( )Individual Environment (FK)
INFORMATION OBJECTInformation Object Id
Information Object NameInformation Object TypeOwning Id (FK)Information Id (FK)
SENSITIVITY VALUEInformation Object Id (FK)Protection Dimension Id (FK)
Sensitivity Value Id (FK)Sensitivity Level Assignment
ORGANIZATIONOrganization Id
Name
Export Control Category Id
Control Category NumberControl Category NameControl Category Description
AccessControl
2 3
INFORMATION INTERRELATIONSHIPParent Information Object Id (FK)Child Information Object Id (FK)
Information Object Interrelationship
NameType Control
DecisionFunction1
1) An Information security governance model defines information attributes, relevant principals and their attributes, and relationships to the information being protected
3) Information attributes drive 2) Standardized information attributes are extracted from the model and populated by
)information access control decisions which enforce confidentiality and integrity
Copyright © 2008 Boeing. All rights reserved.
directly appending to or linking to the information
Ideal Meta Data PropertiesBoeing Technology | Information Technology Information Security
• Most meta data values are automatically created when• Most meta data values are automatically created when information is created
• The information creator/owner/manager has the ability• The information creator/owner/manager has the ability to modify meta data during workflow for entire information lifecycleinformation lifecycle
• The schema structure is extensibleThe schema structure is extensible• The schema structure supports generic, industry, and
enterprise specific tagsenterprise specific tags
• The access control service can obtain and understand the meta data using standard protocols and programming interfaces
Copyright © 2008 Boeing. All rights reserved.
p g g
EXIF as an Information Meta Data ExampleBoeing Technology | Information Technology Information Security
• Produced by the Japan Electronics and Information Technology• Produced by the Japan Electronics and Information Technology Industries Association (JEITA) as CP-3451
• Image and audio tag specifications• Not currently maintained
• Multiple, extensible tag categories with vendor specific fields • Intersecting compatibility with the DPOF (printing) standardIntersecting compatibility with the DPOF (printing) standard
DPOF meta data extracted and used
Meta data saved when photo archived
Photo editormodifies meta data extracted and used
in printingphoto archivedmodifies meta data
EXIF tag createdPhoto specific meta
data added
Copyright © 2008 Boeing. All rights reserved.
Vendor specific meta data added
Meta data deleted when photo deleted
Summary Boeing Technology | Information Technology Information Security
• Information is valuable• Information protection options supporting collaboration are
limited• The TwinsThe Twins
• Current rights management shows promise… (but needs standard access control and information models)
• Meta-Information standards are almost non-existent
Homework Assignment1 Start the DAM trust chain with a protected private key1. Start the DAM trust chain with a protected private key
• Smart Card • TPM (Trusted Platform Module)
2 Create and publish DAM standards:2. Create and publish DAM standards:• Information container• Programming interfaces• Rights management protocols• Rights management protocols
3. Create an E2E information meta model that is• Usable and scalable• Supports collaboration
Copyright © 2008 Boeing. All rights reserved.
• Supports collaboration• Follows entire information workflow life cycle