Assuring Post Processed Telemetry Data Integrity With a Secure Data Auditing Appliance

Kalibjian, Jeff, Wierenga, Steven

10 1900

ITC/USA 2005 Conference Proceedings / The Forty-First Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2005 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Recent federal legislation (e.g. Sarbanes Oxley, Graham Leach Bliley) has introduced requirements for compliance including records retention and records integrity. Many industry sectors (e.g. Energy, under the North American Energy Reliability Council) are also introducing their own voluntary compliance mandates to avert possible additional federal regulation. A trusted computer appliance device dedicated to data auditing may soon be required in all corporate IT infrastructures to accommodate various compliance directives. Such an auditing device also may have application in telemetry post processing environments, as it maybe used to guarantee the integrity of post-processed telemetry data.

Compliance

Audit

Hardware Security Modules (HSM)

Common Criteria (CC)

security boundary

key management

Securing Telemetry Post Processing Applications with Hardware Based Security

Kalibjian, Jeff

10 1900

International Telemetering Conference Proceedings / October 18-21, 2004 / Town & Country Resort, San Diego, California / The use of hardware security for telemetry in satellites utilized for intelligence and defense applications is well known. Less common is the use of hardware security in ground-based computers hosting applications that post process telemetry data. Analysis reveals vulnerabilities in software only security solutions that can result in the compromise of telemetry data housed on ground-based computer systems. Such systems maybe made less susceptible to compromise with the use of hardware based security.

Hardware Security Modules (HSM)

Hardware Security Module Hybrids (HSMH)

Common Criteria (CC)

security boundary

key management

Securing Network Connected Applications with Proposed Security Models

Konstantaras, Dimitrios, Tahir, Mustafa

January 2008

<p>In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies.</p><p>However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security</p><p>within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications.</p><p>By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the defined security policies.</p><p>An interesting finding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.</p>

Security service

security mechanism

security protocol

security policy

X.800 standard

attacks

application proxy

firewall

Virtual Private Network (VPN)

plugin

filter

Team Software Process (TSP)

IPsec

Common Criteria (CC)

DMZ

Computer science

Datavetenskap

Securing Network Connected Applications with Proposed Security Models

Konstantaras, Dimitrios, Tahir, Mustafa

January 2008

In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies. However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications. By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the defined security policies. An interesting finding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.

Security service

security mechanism

security protocol

security policy

X.800 standard

attacks

application proxy

firewall

Virtual Private Network (VPN)

plugin

filter

Team Software Process (TSP)

IPsec

Common Criteria (CC)

DMZ

Computer Sciences

Datavetenskap (datalogi)