Presentation is loading. Please wait.

Presentation is loading. Please wait.

CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Charles Sheehe NASA/Glenn.

Published byBlaise Underwood Modified over 9 years ago

Similar presentations

Presentation on theme: "CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Charles Sheehe NASA/Glenn."— Presentation transcript:

1 CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Charles Sheehe NASA/Glenn

2 Hosted Payloads / Disaggregated functions, Spacecraft's Security Risks Charles Sheehe

3 Objective of the risks discussion To recommend that the threat book be updated with the threats to these emergent threats and technologies. To recommend that a Green Book developed to provide guidance to the users of the emergent technologies.

4 Back Ground

5 Hosted items may become corrupted affecting the host. Disaggregated functions may become corrupted and infecting other functions. Distributed functions between crafts/payloads may propagate failures or viruses. What are the risks

6 Threats

7 Weakest link In distributed systems and functions the weakest function or system is the benchmark for the entire system Multiple platforms, supplied by different vendors, complicate the process of implementing different security policies, and in the absence of standards, proprietary security applications do not interoperate. The result is uneven, uncertain security.

8 CCSDS Relevance

9 Recovery Audit trails in a distributed computing environment are at best difficult.

10 WHAT IS DISTRIBUTED PROCESSING In security terms, one might think of distributed processing as dispersing where and how decisions are made. If all decisions are made at a single central location, that is central processing. If decisions are independently made at multiple locations, that is distributed processing.

11 Distributed Trust Trust is essentially the establishment of trust by interpreting policies to validate credentials

12 Trust Management How should proof of compliance shown? Should polices and credentials be partially or fully programmable? How are responsibilities be managed between the calling application and the trust engine?

13 BACK UP

14 Trust management approach, In order to protect sensitive parameters (i.e. attributes) in trust instances, trust instances should be encrypted and cryptographic protocols such as SSL/TLS should be employed to ensure sensitive trust instances are only exposed to the intended parties. Trust negotiation protocol / negotiation framework be a fully policy-driven approach, where each principal may define its own meta- policies that control the protocol behavior, which gives an increased flexibility.

15 References The Role of Trust Management in distributed System Security; Matt Blaze, Joan Feigenbaum, John Ioannidis and Angelos D. Keromytis http://www.crypto.com/papers/trustmgt.pdfhttp://www.crypto.com/papers/trustmgt.pdf Moving from Security to Distributed Trust in Ubiquitous Computing Environments; Lalana Kagal, Tim Finin and Anupam Joshi. Trust management for widely distributed systems; Walt Yao https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-608.pdf https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-608.pdf mse corporate security http://www.msecorp.net/Distributed_Processing. html http://www.msecorp.net/Distributed_Processing. html

Download ppt "CCSDS Security Working Group Spring 2014 Meeting 31 March – 1 April 2014 Noordwijkerhout, The Netherlands Charles Sheehe NASA/Glenn."

Similar presentations

ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.

Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Electronic Customer Portal System. Reducing Risks – Increasing Efficiency – Lowering Costs Secure Internet based Communication Gateway direct to your.

Electronic Customer Portal System. Reducing Risks – Increasing Efficiency – Lowering Costs Secure Internet based Communication Gateway direct to your.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Your Service The Security mechanisms designed into TETRA – a refresher

Your Service The Security mechanisms designed into TETRA – a refresher

Similar presentations

Ads by Google