Diverse groups share information assurance quandaries

Signal, Aug 2002 by McKendrick, Joseph

The security features of a trusted RDBMS can effectively encapsulate the application layer and limit the access that any one user has to the RDBMS resources. This access is a subset of the privileges associated with the application's anonymous global identification, used when the application software interacts with the RDBMS. As a result, backdoors and data access errors in the application layer are closed in the trusted RDBMS layer. This moves management of the system security policy to the policy's administrator rather than leaving it to the joint management of the software developers.

Government defense and intelligence agencies have been leading the way with the deployment of trusted operating systems and databases. While almost all operational systems within these organizations contain classified data, there also is an increasing requirement to be able to share such data across networks "from the White House to the foxhole," as one Defense Department expert describes it. In addition, most future military actions will likely take place within a coalition framework, requiring secure, dynamic policy-driven data sharing among national governments.

Current multilevel security systems consist of several networks that are operated in system high mode, with various data interconnections. However, even in environments where parties have the ability to authenticate one another and thereby establish a relationship of trust, the computers of both parties are likely to be untrusted and vulnerable to attack.

The U.S. Air Force has put trusted technology to work in its F-22 Integrated Maintenance Information System (IMIS), a distributed task and decisionsupport system for F-22 fighter jet maintenance. By providing diagnostic data and interactive electronic technical order data, IMIS reduces the time needed to service, troubleshoot and repair aircraft systems.

The database segment of the F-22 IMIS consists of all data items allocated to the storage control facilities provided by a Trusted RUBIX database management system. Databases are defined to support specific functional requirements as well as to optimize data availability, security, integrity, decision support, query response time, transaction recovery and transaction throughput performance, Robert Hardin, system architect for the MIS team, says.

The lessons learned by government agencies can be applied across a range of commercial networks. Strict security practices dictate that network information should never be the basis for user-- level access control.

The National Academy of Sciences recently produced a report calling on the U.S. Congress to make it easier to punish companies that produce nonsecure software that puts businesses and consumers at risk. There would be additional criminal penalties beyond the civil liability. For example, the Health Insurance Portability and Accountability Act (HIPAA) mandates that health insurers provide appropriate security for all data that can be individually identifiable with a patient. In the financial services industry, the Gramm-- Leach-Bliley Act signed into law November 1999 requires banks to safeguard customer data.