System Security Engineering Roadmap
Total Page:16
File Type:pdf, Size:1020Kb
UNCLASSIFIED Systems Security Engineering Final Technical Report SERC-2010-TR-005 Principal Investigator: Jennifer Bayuk, Stevens Institute of Technology Team Members Dennis Barnabe, NSA/ESEA Jonathan Goodnight, OUSD(AT&L)/DDRE/SE Drew Hamilton, Auburn University Barry Horowitz, University of Virginia Clifford Neuman, University of Southern California Stas’ Tarchalski, Stevens Institute of Technology Contract Number: H98230-08-D-0171 , DO 001, TO 0002, RT 008 Report No. SERC-2010-TR-005 August 22, 2010 UNCLASSIFIED Page 1 of 78 UNCLASSIFIED This page intentionally left blank Contract Number: H98230-08-D-0171 , DO 001, TO 0002, RT 008 Report No. SERC-2010-TR-005 August 22, 2010 UNCLASSIFIED Page 2 of 78 UNCLASSIFIED System Security Engineering A Research Roadmap Table of Contents 1. Executive Summary ............................................................................................................................... 7 2. Problem Statement ............................................................................................................................... 8 3. Solution Criteria .................................................................................................................................. 11 4. Proposal .............................................................................................................................................. 20 4.1. Security Definition........................................................................................................................... 21 4.2. Frameworks .................................................................................................................................... 22 4.3. Metrics ............................................................................................................................................ 23 4.4. Workforce ....................................................................................................................................... 25 4.5. Systems Engineering Methods, Processes and Tools ..................................................................... 26 4.6. Advanced Research Topics .............................................................................................................. 27 4.7. Coordination ................................................................................................................................... 28 5. Summary and Next Steps .................................................................................................................... 28 6. Contributors ........................................................................................................................................ 29 Appendix A: Additional Detail on Selected Research Modules ................................................................. 33 Security definition (Reference Section: 4.1) ........................................................................................... 34 A. Security Standards Reconciliation ..................................................................................................... 34 B. The Utility of Security Best Practices ................................................................................................. 35 C. Security Policy Compliance ................................................................................................................ 36 D. Adaptation of Security Policy and Mechanism .................................................................................. 37 Security Frameworks (Reference Section: 4.2) ....................................................................................... 38 E. Critical Program Information Protection ............................................................................................ 38 F. System of Systems ............................................................................................................................. 39 G. Configuration Hopping ...................................................................................................................... 41 Contract Number: H98230-08-D-0171 , DO 001, TO 0002, RT 008 Report No. SERC-2010-TR-005 August 22, 2010 UNCLASSIFIED Page 3 of 78 UNCLASSIFIED H. Continuity of Communications .......................................................................................................... 42 I. Data Continuity Checking .................................................................................................................... 44 J. Denial and Deception .......................................................................................................................... 46 K. Shared Command Information Sharing ............................................................................................. 47 L. Physical Security Frameworks ........................................................................................................... 48 Security metrics (Reference Section: 4.3) ............................................................................................... 49 M. Architecture Metrics ......................................................................................................................... 49 N. Risk Metrics ....................................................................................................................................... 51 O. Security versus Convenience ............................................................................................................. 52 P. Security Trade Spaces in Emerging Technologies .............................................................................. 54 Q. Trust Assessment Models .................................................................................................................. 55 Security workforce (Reference Section: 4.4) .......................................................................................... 58 R. Workforce Education ......................................................................................................................... 58 S. Security Requirements Process .......................................................................................................... 59 T. SE Career Path .................................................................................................................................... 61 Security MPTs (Reference Section: 4.5) .................................................................................................. 61 W. Exploring Nearby Disciplines ............................................................................................................ 61 X. BKCASE Security Section .................................................................................................................... 62 Security advanced topics (Reference Section: 4.6) ................................................................................. 64 Y. Agile Architecture ............................................................................................................................... 64 Z. Executable Architecture ..................................................................................................................... 65 AA. Critical Functionality ........................................................................................................................ 67 Security Research Coordination (Reference Section: 4.7) ...................................................................... 68 BB. Coordination .................................................................................................................................... 68 CC. Hypothesis Test ................................................................................................................................ 68 Contract Number: H98230-08-D-0171 , DO 001, TO 0002, RT 008 Report No. SERC-2010-TR-005 August 22, 2010 UNCLASSIFIED Page 4 of 78 UNCLASSIFIED Appendix B: Glossary .................................................................................................................................. 70 Appendix C: SERC Security Research Workshop Agenda ........................................................................... 73 Appendix D: References and Bibliography .................................................................................................. 75 Contract Number: H98230-08-D-0171 , DO 001, TO 0002, RT 008 Report No. SERC-2010-TR-005 August 22, 2010 UNCLASSIFIED Page 5 of 78 UNCLASSIFIED This page intentionally left blank Contract Number: H98230-08-D-0171 , DO 001, TO 0002, RT 008 Report No. SERC-2010-TR-005 August 22, 2010 UNCLASSIFIED Page 6 of 78 UNCLASSIFIED System Security Engineering A Research Roadmap 1. Executive Summary The US needs dramatic improvements in systems security. Current defensive strategies, based principally on strengthening system peripheries, inspections, and similar bolt-on techniques add tremendously to cost and do not respond effectively to the growing sophistication of attacks. Systems cannot be assumed to have static boundaries, static user communities, or even a static set of services. To a great extent, systems engineers are inadequately prepared to address system security requirements. The failure of traditional systems engineering methods to address system security issues is due to the fact that these methods rely heavily on requirements gathering and modeling. In the realm of security, requirements gathering