Agenda Agenda � Security Ratings Security Ratings � ITSEC E3 ITSEC E3 C2 & E3 B1 update on C2 & E3 B1 update on V6 V6.2 .2 OpenVMS Security Update OpenVMS Security Update � TCSEC C2 Ramp TCSEC C2 Ramp - -> Common > Common Criteria Criteria � COE DII COE DII 1M01 1M01 � Current Projects: Current Projects: � Enterprise Security Features & Projects Enterprise Security Features & Projects Helmut Ammer Helmut Ammer – – History History TCSC München TCSC München – Per Per- -Thread Security Profiles Thread Security Profiles – – – External Authentication External Authentication – Authenticated COM + Infrastructure (V7.2 Authenticated COM + Infrastructure (V7.2- -1) 1) – � Future Security Future Security Projects Projects � Kerberos Kerberos for VMS for VMS www.compaq.com www.compaq.com 2 Security Ratings Security Ratings OpenVMS Security Testing OpenVMS Security Testing � Security Testing Procedures Security Testing Procedures � Independent of a rating, the OpenVMS security Independent of a rating, the OpenVMS security testing procedure is as follows testing procedure is as follows � Current Ratings Status Current Ratings Status � All new functionality/changes is documented All new functionality/changes is documented � TCSEC TCSEC � Each one is reviewed for impact to the security Each one is reviewed for impact to the security � ITSEC ITSEC model model � Common Criteria Common Criteria � Tests are created to assure security relevant Tests are created to assure security relevant � New Ratings New Ratings changes behave as documented changes behave as documented � DII COE DII COE � Each release must successfully complete the Each release must successfully complete the Security Test Suite before it is released. Security Test Suite before it is released. www.compaq.com www.compaq.com 3 4 OpenVMS TCSEC Security Ratings OpenVMS TCSEC Security Ratings ITSEC Security Rating ITSEC Security Rating � C2 for OpenVMS VAX and Alpha V6.1 C2 for OpenVMS VAX and Alpha V6.1 � ITSEC Security Ratings “in progress” ITSEC Security Ratings “in progress” – – ITSEC E3/F ITSEC E3/F- -B1 SEVMS (with B3 claims) B1 SEVMS (with B3 claims) � B1 for SEVMS VAX and Alpha V6.1 B1 for SEVMS VAX and Alpha V6.1 – – ITSEC E3/F ITSEC E3/F- -C2 VMS C2 VMS � http://www.itsec.gov.uk/ http://www.itsec.gov.uk/ � Targets: Alpha & VAX Targets: Alpha & VAX � OpenVMS V6.2 OpenVMS V6.2- -1H3 & Y2K Patch Kit 1H3 & Y2K Patch Kit � SEVMS V6.2 SEVMS V6.2- -1H3 & Y2K Patch Kit 1H3 & Y2K Patch Kit www.compaq.com www.compaq.com 5 6 1
OpenVMS OpenVMS Future Security Ratings Future Security Ratings What is DII COE? What is DII COE? � TCSEC/RAMP TCSEC/RAMP - - Going Away Going Away � The Defense Information Infrastructure Common The Defense Information Infrastructure Common � OpenVMS OpenVMS 7.1 C2 RAMP Status 7.1 C2 RAMP Status Operating Environment (DII COE) provides a Operating Environment (DII COE) provides a foundation for building open systems. It is a "plug foundation for building open systems. It is a "plug and play" open architecture designed around a and play" open architecture designed around a client/server model. client/server model. � Independent 3rd party Independent 3rd party evaluations evaluations � CLEF (Commercially Licensed Evaluation Facility) CLEF (Commercially Licensed Evaluation Facility) � Common Criteria Common Criteria Profiles Profiles – C2? Industry Specific? C2? Industry Specific? http://spider.osfl.disa.mil/cm/cm_page.html – http://csrc.nist.gov/cc/ http://csrc.nist.gov/cc/ www.compaq.com www.compaq.com 7 8 COE Application COE Application DII COE 4.1.20 DII COE 4.1.20 compliant compliant OpenVMS OpenVMS Level’s of Compliance Level’s of Compliance Standard (Back Office) API’s – 8 – 8 - - Total COE compliance application does not need to Total COE compliance application does not need to Office Admin Multimedia Communication Network Office Admin Multimedia Communication Workflow Workflow Network know about Platform/OS at all. know about Platform/OS at all. Standard (System Level) API’s – 4 4 - - 50/50 split. COE compliance but Application needs 50/50 split. COE compliance but Application needs – Track Track Data Data Geographic Geographic some system calls. (e.g. Cluster awareness) Alert Alert some system calls. (e.g. Cluster awareness) Communications Communications Management Management Exchange Exchange Information Information Services Services Services Services – – 1 1 - - Application makes no calls to COE Modules in O/S Application makes no calls to COE Modules in O/S Services Services ServicesJ4 Services Services Services J4 J4 but can successfully run in COE O/S environment but can successfully run in COE O/S environment Data Data System System Execution Execution Security Security – – 0 0 - - Application breaks when running in COE compliant Application breaks when running in COE compliant Messaging Messaging Access Access Administration Administration Manager Manager Administration Administration O/S environment O/S environment Services Services Services Services Services Services Services Services Services Services Kernel components OpenVMS Operating System & Alpha HW OpenVMS Operating System & Alpha HW www.compaq.com www.compaq.com 9 10 Security MUPs Security MUPs OpenVMS V7.2 & OpenVMS V7.2 & V7 V7.2 .2- -1 Projects 1 Projects � Per Per- -thread security thread security � OpenVMS Alpha V7.2 OpenVMS Alpha V7.2 � V7 V7.2 .2- -1 Authenticated COM 1 Authenticated COM � DEC DEC- -AXPVMS AXPVMS- -VMS72_SYS VMS72_SYS- -V0100 V0100- -4.PCSI 4.PCSI � Future Security Projects Future Security Projects � DEC DEC- -AXPVMS AXPVMS- -VMS721_SYS VMS721_SYS- -V0100 V0100- -4.PCSI 4.PCSI � LDAP Client investigation � OpenVMS Alpha Security MUP OpenVMS Alpha Security MUP � Cluster Wide Intrusion Detection (A/V) � ALPSMUP01_070 (Versionen V6.1, V6.2 & V7.0) ALPSMUP01_070 (Versionen V6.1, V6.2 & V7.0) � Kerberos V5 � OpenVMS VAX Security MUP OpenVMS VAX Security MUP – GSSAPI (Generic Security Services API) � VAXSMUP03 (All Versions prior to V6.1) VAXSMUP03 (All Versions prior to V6.1) � $ACME Login � CDSA (Common Data Security Architecture) IR � IPSEC support www.compaq.com www.compaq.com 11 12 2
Security Thread Model before V7 V7.2 .2 Security Thread Model before Per- Per -Thread Security Profile Model Thread Security Profile Model • New model solves • The current model Generic pre-emption problem forces user threads to Security Security Security Security Profile Profile 1 Profile 2 Profile 3 as the scheduler manage the security (ARB,PCB,JIB etc.) (PSB) (PSB) (PSB) switches the security profile Profile profile on a context Profile • To really work the switch. Execution security profile must Execution • Now the operating be switched by the system takes care of Thread scheduler Thread Thread Thread Thread Thread Thread Thread the switching of 1 2 3 4 • A single profile fails 1 2 3 4 profile handles when Security Security Security Security with multiple threads profile profile profile profile scheduling. actively using it DATA DATA DATA DATA www.compaq.com www.compaq.com Per- Per -Thread Security: Compatibility Thread Security: Compatibility Security in OpenVMS V7.2- Security in OpenVMS V7.2 -1 1 � Authenticated COM Authenticated COM � PCB/ARB/JIB/PHD maintained while process � PCB/ARB/JIB/PHD maintained while process � Provide necessary NT security infrastructure Provide necessary NT security infrastructure has a single user- -mode persona mode persona has a single user (kernel objects, interfaces, and protocols) to (kernel objects, interfaces, and protocols) to � System services now persona aware � System services now persona aware support strategic technologies support strategic technologies � SDA understands persona structures � SDA understands persona structures � OpenVMS OpenVMS V7 V7.2 .2- -1 support for: 1 support for: Secure DCOM, Secure DCOM, Backward Backward RPC using NTLM- RPC using NTLM -authentication (Authenticated authentication (Authenticated Compatibility Compatibility New New RPC), select Win32 security APIs RPC), select Win32 security APIs � OpenVMS Alpha only! OpenVMS Alpha only! Generic Security Security Profile Profile 2 (PSB) (ARB,PCB,JIB etc.) www.compaq.com www.compaq.com 16 NT Security Infrastructure View NT Security Infrastructure View Future Security Projects Future Security Projects � LDAP V3 Client (Investigation Complete) LDAP V3 Client (Investigation Complete) $PERSONA DCOM � Security Requirement: Security Requirement: Kerberos Kerberos Authentication Authentication System Services � Cluster Wide Intrusion Detection Cluster Wide Intrusion Detection Win32 Low-Level SSPI/NTLM Win32 APIs RPC Security Services System Services � Kerberos Kerberos V5 Client and KDC V5 Client and KDC SYS$ACM � GSSAPI V2 GSSAPI V2 System Service � CDSA (Common Data Security Architecture) CDSA (Common Data Security Architecture) ACME_SERVER � IPSEC Support IPSEC Support Reserved VMS NT interfaces ACME ACME in 7.2 [Cluster IPC to multiple servers] PWRK$LMSRV SAM UAF AdvancedServer www.compaq.com www.compaq.com 17 18 3
Recommend
More recommend