Virtualization Security Issues in Telemetry Post-Processing Environments

Kalibjian, Jeff

10 1900

ITC/USA 2009 Conference Proceedings / The Forty-Fifth Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2009 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Virtualization technologies have the potential to transform the telemetry post-processing environment. Significant efficiencies can be gained by migrating telemetry post processing activities to virtual computing platforms. However, while facilitating better server utilization, virtualization also presents several challenges; one of the most difficult of those challenges being security. In virtualization, server environments are replicated in software; unfortunately, the security individual servers provide is not replicated in a software stack implementation of a server environment. After reviewing virtualization fundamentals, security issues and their impact on telemetry post processing will be discussed.

Partitioning

hypervisor

virtualization hardware assist

para-virtualization

coordinating virtualization software

FIPS 140-2

Common Criteria

Assuring Post Processed Telemetry Data Integrity With a Secure Data Auditing Appliance

Kalibjian, Jeff, Wierenga, Steven

10 1900

ITC/USA 2005 Conference Proceedings / The Forty-First Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2005 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Recent federal legislation (e.g. Sarbanes Oxley, Graham Leach Bliley) has introduced requirements for compliance including records retention and records integrity. Many industry sectors (e.g. Energy, under the North American Energy Reliability Council) are also introducing their own voluntary compliance mandates to avert possible additional federal regulation. A trusted computer appliance device dedicated to data auditing may soon be required in all corporate IT infrastructures to accommodate various compliance directives. Such an auditing device also may have application in telemetry post processing environments, as it maybe used to guarantee the integrity of post-processed telemetry data.

Compliance

Audit

Hardware Security Modules (HSM)

Common Criteria (CC)

security boundary

key management

Securing Telemetry Post Processing Applications with Hardware Based Security

Kalibjian, Jeff

10 1900

International Telemetering Conference Proceedings / October 18-21, 2004 / Town & Country Resort, San Diego, California / The use of hardware security for telemetry in satellites utilized for intelligence and defense applications is well known. Less common is the use of hardware security in ground-based computers hosting applications that post process telemetry data. Analysis reveals vulnerabilities in software only security solutions that can result in the compromise of telemetry data housed on ground-based computer systems. Such systems maybe made less susceptible to compromise with the use of hardware based security.

Hardware Security Modules (HSM)

Hardware Security Module Hybrids (HSMH)

Common Criteria (CC)

security boundary

key management

Data Security Architecture Considerations for Telemetry Post Processing Environments

Kalibjian, Jeff

10 1900

Telemetry data has great value, as setting up a framework to collect and gather it involve significant costs. Further, the data itself has product diagnostic significance and may also have strategic national security importance if the product is defense or intelligence related. This potentially makes telemetry data a target for acquisition by hostile third parties. To mitigate this threat, data security principles should be employed by the organization to protect telemetry data. Data security is in an important element of a layered security strategy for the enterprise. The value proposition centers on the argument that if organization perimeter/internal defenses (e.g. firewall, IDS, etc.) fail enabling hostile entities to be able to access data found on internal company networks; they will be unable to read the data because it will be encrypted. After reviewing important encryption background including accepted practices, standards, and architectural considerations regarding disk, file, database and application data protection encryption strategies; specific data security options applicable to telemetry post processing environments will be discussed providing tangible approaches to better protect organization telemetry data.

encryption

key management

data security

disk encryption

file encryption

database encryption

application encryption

Hardware Security Module

FIPS 140-2

Common Criteria

tokenization

Format Preserving Encryption (FPE)