15. 고려대학교정보보호대학원
마스터 제목 스타일 편집
15
The error of Applied Cryptography is that I
didn't talk at all about the context. I talked
about cryptography as if it were the answer. I
was pretty naive. The result wasn't pretty.
……
Security is a chain; it's only as secure as the
weakest link. Security is a process, not a
product.
Secrets and Lies : Preface
26. 고려대학교정보보호대학원
마스터 제목 스타일 편집
26
Computer Security Era (the early 1960s
~)
Information Security Era (the 1980s ~)
Information Assurance Era (1998 ~)
Information Assurance!
27. 고려대학교정보보호대학원
마스터 제목 스타일 편집
27
Information Security
Protecting information and information
systems from unauthorized access, use,
disclosure, disruption, modification, or
destruction.
Information Assurance!
28. 고려대학교정보보호대학원
마스터 제목 스타일 편집
28
Information Assurance
Originated in the U.S. DoD in the late 1990's.
Validating that the information is authentic,
trustworthy, and accessible.
IA >> IS!
Also includes reliability and emphasizes strategic
risk management over tools and tactics.
Information Assurance!
29. 고려대학교정보보호대학원
마스터 제목 스타일 편집
29
User's degree of trust in that system
Reflects the extent of the user's confidence
that it will operate as users expect and that
it will not 'fail' in normal use.
against Accidental Failures
“Reliability”
against Intentional Failures
”Security”
IA’s Goal!
Dependability in a Nutshell
30. 고려대학교정보보호대학원
마스터 제목 스타일 편집
30
Dependability covers the related systems
attributes of reliability, availability and
security. These are all inter-dependent.
Dependability in Detail
(Source : Algirdas Avizÿ ienis et al., "Fundamental Concepts of Dependability", UCLA CSD Report no. 010028)
31. 고려대학교정보보호대학원
마스터 제목 스타일 편집
31
Other dependability properties :
Repairability
Maintainability
Survivability
Error tolerance
Dependability in Detail
32. 고려대학교정보보호대학원
마스터 제목 스타일 편집
32
Critical Infrastructures
Infrastructure systems for which continuity
is so important that loss, significant
interruption or degradation of service would
have grave social consequences.
(Source : National Infrastructure Security Coordination Center, UK)
Why We Need Dependability?
33. 고려대학교정보보호대학원
마스터 제목 스타일 편집
33
Critical Infrastructures
Power generation and distribution
Oil and gas refining and distribution
Water and waste systems
Chemical processing and transport
Manufacturing
Telecommunications
Banking
Why We Need Dependability?
36. 고려대학교정보보호대학원
마스터 제목 스타일 편집
36
Security engineering is a specialized field of
engineering that focuses on the security aspects
in the design of systems that need to be able to
deal robustly with possible sources of disruption,
ranging from natural disasters to malicious
acts.
It is similar to other systems engineering
activities in that its primary motivation is to
support the delivery of engineering solutions
that satisfy pre-defined functional and user
requirements,
but with the added dimension of preventing
misuse and malicious behavior. These constraints
and restrictions are often asserted as a security
policy.
(by Wikipedia)
Security Engineering
37. 고려대학교정보보호대학원
마스터 제목 스타일 편집
37
Security engineering is about building
systems to remain dependable in the
face of malice, error and mischance. As a
discipline, it focuses on the tools,
processes and methods needed to
design, implement and test complete
systems, and to adapt existing systems
as their environment evolves.
(by Ross Anderson)
Security Engineering
38. 고려대학교정보보호대학원
마스터 제목 스타일 편집
38
Policy
Mechanisms
Assurance Level of Trust that it really does!
How to Accomplish a Goal : 4 Steps
39. 고려대학교정보보호대학원
마스터 제목 스타일 편집
39
Policy Assurance
Design Assurance
Implementation Assurance
Operational Assurance (also called
‘Administrative Assurance’)
How to Accomplish a Goal : 4 Steps
40. 고려대학교정보보호대학원
마스터 제목 스타일 편집
40
Key Points
Assurance is critical for determining
trustworthiness of systems.
Different levels of assurance, from informal
evidence to rigorous mathematical evidence.
Assurance needed at all stages of system life
cycle.
How to Accomplish a Goal : 4 Steps
41. 고려대학교정보보호대학원
마스터 제목 스타일 편집
41
Security Policy : A subject has read access
to a file only if the permission R was
initially present or has been explicitly
granted by the file’s owner.
Solution Design : For each transition that
gives new read access to an object,
reference monitor (security kernel) checks
that this has been done by the owner of
the object using confer_read command.
Is this solution
right or not?
Design Assurance Example
42. 고려대학교정보보호대학원
마스터 제목 스타일 편집
42
In 1967, realized that time-sharing
computer system posed security issues
that went beyond the traditional
concerns for secure communications.
Bernard Peters (@ NSA) talked 3
important issues :
Reference Monitor
Simplicity & Assurance for End-to-End
Proof
Evaluation & Certification
But Testing Is Still Required…
43. 고려대학교정보보호대학원
마스터 제목 스타일 편집
43
In 1983, DoD’s TCSEC (Trusted Computer
System Evaluation Criteria, a.k.a Orange
Book) was made.
Specifies evaluation classes (C1, C2, B1, B2,
B3, A1)
A1 : Design proof (= design assurance)
rather than code proof
It had been expected that a higher, A2,
incorporating code proof (= implementation
assurance), would eventually be added, but the
addition was never made.
But Testing Is Still Required…
44. 고려대학교정보보호대학원
마스터 제목 스타일 편집
44
Green Books
1989
IT-Security
Criteria
1989
Blue-White-Red
Book
1989
Orange Book
(TCSEC) 1985미 국
영 국
독 일
프랑스
Canadian Criteria
(CTCPEC) 1993
U.S. Federal Criteria
Draft 1993
캐나다
European
ITSEC (1991)
※ 1999년 : ISO/IEC 15408 국제 표준으로 제정
v1.0 1996
v2.0 1998
v2.1 1999
v2.2 2004
v2.3 2005
v3.1 R1 2006.9
v3.1 R2 2007.9
Netherlands
Criteria
1989네덜란드
But Testing Is Still Required…
45. 고려대학교정보보호대학원
마스터 제목 스타일 편집
45
1995. 08 정보화촉진기본법 및 동법 시행령 제정
1998. 02 정보보호시스템 침입차단시스템 평가기준 고시 및 평가시행
2000. 07 정보보호시스템 침입탐지시스템 평가기준 고시 및 평가시행
2000. 08 정보보호시스템 평가·인증 지침 개정
2001. 01 정보통신망이용촉진 및 정보보호 등에 관한 법률 제정
2002. 08
정보보호시스템 공통평가기준 고시
침입차단/침입탐지/가상사설망 평가시행
2003. 11 운영체제보안, 지문인식시스템, 스마트카드 평가시행
2004. 09 CCRA 인증서 발행국 가입신청
2005. 05 CC로 평가기준 일원화, 정보보호시스템 모든 제품으로 평가대상 확대
2006. 05 CCRA 인증서 발행국 가입
2007. 07 / 08 한국산업기술시험원(7월), 한국시스템보증(8월) 민간평가기관 등록
2007. 08
복수 평가기관 제도 도입 근거 마련
정보화촉진기본법 시행령 개정[`07. 8. 17, 대통령령 제 20227호]
But Testing Is Still Required…
46. 고려대학교정보보호대학원
마스터 제목 스타일 편집
46
But Testing Is Still Required…
Theorist (e.g., Cryptographer) Practitioner
(e.g., Hacker)
47. 고려대학교정보보호대학원
마스터 제목 스타일 편집
47
But Testing Is Still Required…
End-to-End
Verified
(Source : Gerwin Klein, “Operating System Verification – An Overview)
53. 고려대학교정보보호대학원
마스터 제목 스타일 편집
53
※ "Certified" for products/PPs that were certified up to 5 years ago and are still supported. "Certified –
Archived" for products/PPs that were certified over 5 years ago or are no longer supported.
Now The World Goes for…
57. 고려대학교정보보호대학원
마스터 제목 스타일 편집
57
Now The World Goes for…
(Source : Gerwin Klein, "The seL4 microkernelverification“, 2014)
How to make not only functionally correct
but also efficient kernel?
58. 고려대학교정보보호대학원
마스터 제목 스타일 편집
58
Now The World Goes for…
(Source : Gerwin Klein et al., "Comprehensive Formal Verification of an OS Microkernel",
ACM Transactions on Computer Systems, Vol. 32, No. 1, Article 2, February 2014)
by Isabelle/HOL
(LLD @ CC)
(HLD @ CC)
(D.Cock et al., 2008)
(S.Winwood et al., 2009)
(8,700 LOC in C)
Show invariants! (Because the Haskell and C implementations share almost identical data and code structures, they spent 80% of
the proof effort on Stage 1, 20% on Stage 2 )
60. 고려대학교정보보호대학원
마스터 제목 스타일 편집
60
Hack-Proof Drones Possible with
DARPA’s HACMS(High Assurance Cyber
Military Systems) Technology
Now The World Goes for…
65. 고려대학교정보보호대학원
마스터 제목 스타일 편집
65
Mixed Security Arts!
Security Management Practices, Physical Security,
Business Continuity & Disaster Recovery Planning,
Access Control Systems & Methodology, Telecommunications & Network Security,
Law & Investigation & Ethics, Operations Security, Security Architecture & Models,
Cryptography, Application & Systems Development
66. 고려대학교정보보호대학원
마스터 제목 스타일 편집
66
Mixed Security Arts!
"
어
느
분
야
든
세
계
수
준
의
전
문
가
가
되
려
면
1
만
시
간
(
하
루
8
시
간
수
면
시
625
일
)의
연
습
이
필
요
하
다
",
신
경
과
학
자
다
니
엘
레
비
틴
74. 고려대학교정보보호대학원
마스터 제목 스타일 편집
74
The CC is not alone.
Many evaluation programs exist (30+).
Let’s take a look at them…. briefly!
Security Assurance Landscape