Diverse groups share information assurance quandaries

Signal, Aug 2002 by McKendrick, Joseph

Analysis

Open systems require multilevel security solutions.

Government agencies and commercial companies that are striving to share data to protect citizens or improve service to customers are discovering that as access to data increases, information security challenges grow exponentially. To address this concern, trusted security approaches emerging from government applications offer information assurance at both the operating-system and relational-- database-management levels.

Today, companies that open their data to as many end users as possible have the competitive edge. Firms are leveraging previously inaccessible data to support business partners, e-commerce initiatives, business intelligence and analytics, data warehouses and data marts, customer relationship management, and mobile and wireless data access.

The opportunities that Web-enabled openness offers, however, increase risk. Grievous losses of proprietary information have already occurred as a result of breaches launched from outside systems. A recent Evans Data Corporation survey of the managers of 700 databases finds that in more than one of 10 companies' databases were directly breached in 2001.

This figure does not include incidents of internal data corruption by unauthorized employees. Internal violations are just as much of a problem as external threats to databases. And while popular network security tools such as firewalls may offer some protection against outsider intrusions, they provide no protection from security breaches instigated by insiders. Innumerable disgruntled employees have destroyed data.

Some commercially available software packages-both operating and database-management systems-are not properly configured to provide robust, trusted security that will protect valuable corporate data. Many organizations assume that security can be ensured with features within operating or relational database management systems (RDBMS). However, protection at one layer offers no protection at another layer. In addition, most commercially available operating systems and databases do not meet the criteria for trusted security.

Trusted or mandatory security addresses four fundamental elements in computer systems: confidentiality, integrity, authentication and access. Confidentiality controls access to information. Integrity ensures that information and programs are changed only in a specified and authorized manner, that computer resources operate correctly and that the data is not subject to unauthorized changes. Authentication verifies that a claimed identity is legitimate and belongs to the individual accessing the system. Access standards allow authorized users to view information resources on an ongoing basis.

Enterprises are now able to benefit from the technologies and experiences developed within some units of the U.S. Defense Department and the National Security Agency (NSA). These organizations have developed and deployed trusted solutions both at the operating system and RDBMS levels. The NSA's definition of trusted refers to a system component, such as the operating system or RDBMS, that operates according to the mandatory access control policy and is subject to rules for labeling files and accessing records. The NSA also contends that in trusted computing environments, the definition of policy logic and the assignment of security attributes are tightly controlled by a system security policy administrator.

Such policies support a trusted path mechanism that provides a means to ensure that the end user is interacting with trusted software. This prevents users from supplying sensitive data to malicious software that may be spoofing trusted software, or it guarantees a mutually authenticated channel. In addition, data can be maintained at a centralized, integrated database, reducing the need for separate systems at different sensitivity levels. Users and data are assigned varying sensitivity labels. If users have the appropriate sensitivity label, they are allowed access to the data; otherwise, access is denied.

Common security flaws that occur in commercially available operating systems include a lack of sufficient security policies or robust support for these policies and little support for privileged access. In addition, problems exist with inconsistent or insecure password usage, lack of protection from malicious code, misuse of system administrator privileges, little support for trusted path or protected path mechanisms, and access by users who bypass cryptographic-key systems. Vulnerabilities arise in corporate data stores as a result of such flaws.

"The threats posed by the modern computing environment cannot be addressed without support from secure operating systems," NSA officials say. "Any security effort that ignores this fact can only result in a fortress built upon sand."

Because of its popularity, Microsoft's Windows operating system has been the target of attacks from around the world. Recently, after criticism that its products were too vulnerable to attack, Microsoft's Chief Executive Officer Bill Gates announced that security was Microsoft's top priority. However, one month after Gates' directive, critical flaws were discovered in at least six products, including the Windows XP operating system and SQL Server 2000 RDBMS.