Transcript Project Overview - Center for Systems and Software Engineering

FAA Information System Security
R&D Workshop
May 6, 2003
Development of
a Robust Security Infrastructure for Data
Warehousing
James Thomas and John Brackett
AIO-5
NASE Introduction


Our security approach is implemented in NASE
(the NAS Adaptation Services Environment)
NASE
–
–
–
provides portal access to the necessary resources
(applications, services, data, and communities) to
facilitate the “adaptation” of the National Airspace
System (NAS)
is web-accessible over the FAA Intranet
is an application execution platform that enables
new capabilities to be easily added, and new
applications to be rapidly prototyped
2
What is NAS Adaptation?
Adaptation is a unique “fingerprint” of the
airspace, geography, equipment, and
procedures required to make each Air
Traffic Control (ATC) system work properly
(Potter & Mehan)
3
Adaptation Data

Contains Aeronautical Information and Air
Traffic Control Rules
– E.g., Runway, Navaid, and Radar facility coordinates
– E.g., Air Route and Restricted Airspace definitions
– E.g., Operating procedures, controller decision logic,
and operational agreements amongst facilities


Contains hardware, software, performance, and
user preference parameters
This is Sensitive Data that we don’t want to get
into the wrong hands!
4
NASE Concept of Operations
National data
NASR Data
w
e
b
AVN Data
NOAA Data
Terminal Data
a
c
c
e
s
s
HOST
Adaptation
Data Mart
NASE
w
e
b
a
c
c
e
s
s
Terminal
Surface
Surveillance
STARS
CTAS
Project X
(Dev + Ops)
5
The NASE Solution





Create an Adaptation Data Mart for all data
needed to adapt the National Airspace System
Obtain data for the Data Mart from multiple
authorized data providers
Provide community access to the data, tools and
services via a web portal
Process the repository data based upon the
individual needs of each NAS system
Deliver the data in XML
6
NASE Technology


Adaptation Data Mart is in Oracle9i on the
IBM G5 mainframe at FAA Tech Center
Technology used for NASE:
– “E-business” architecture based on Java 2
Enterprise Edition (J2EE)
– Extensible Markup Language (XML) for data
delivery
– Web Portal for customizing access
7
Key NASE Security Design Goals



Provide layered “defense in depth”
Leverage security solutions proven in the
e-business world
Reduce the effort to obtain security
accreditation
8
Defense in Depth
External
• VPN over
public network
• Private Lines
• Encryption
Devices
• Vulnerability
Scanners
Perimeter
• Firewalls
• Intrusion
Detection (IDS)
• Screening
Routers
Internal
• Partitioned
Enclaves
- VLANs
- LANs
- Routing Gaps
with Shared
Storage
- Firewalls
• Vulnerability
Scanners
Operating
System
•Lockdown (Ports
and Services)
• Users IDs and
passwords (I&A)
• Access Control
• Auditing
Middleware
• Encryption Tools
• File Integrity Checking
• Host Intrusion Detection
Application
• Community-Based
Access Control
• Encryption
- Signatures
- Non-repudiation
- Confidentiality
Defense in Depth
Slide by Department of Defense
Our security focus increases as the color gets deeper
• NASE is only accessible over the FAA Intranet (limited VPN’s)
• Data Mart is hosted on a mainframe in a secure data center
9
Security Implementation
(Accredited) Oracle on IBM G5 (RAC-F)
Accreditation Boundary
NASE Application (Sun) Server
(Accredited) FAA Intranet
(Cleared) Users
On (accredited)
NexGen workstations
(Accredited)
Data Providers
(Cleared)
System &
Community
Administrators
b
10
NASE “As-Implemented”
Systems Architecture
11
Leveraging E-Business
Security Solutions




Secure Socket Layer (SSL) used for all
communications to browser clients
Remote Method Invocation (RMI) over SSL
for thick clients
All database access by clients via Framework
Services (no schema visibility)
Use of multi-level access filtering based upon
user group (community) and individual profiles
12
NASE Access Filtering
by NASE Web Portal
13
Key Operational Decisions





Data Mart, running in a G5 partition, provides readonly access to aeronautical and adaptation data
Data providers can connect only via IP addresses
known by NASE
Data providers have no server access other than to
deliver data to a NASE-assigned file
All data input is staged on the NASE server, and only
the NASE administrator (at a specific physical
console) can transfer data to the production Data Mart
Transactional recording/analysis for security events
14
Lessons Learned

Security architectures for most data warehouse system
will be similar and need not be reinvented
– Security accreditation processes assume a custom solution
– Design patterns exist and should be taught


Agency product guidelines on “secure building
materials” are needed (databases, OS, web servers)
Authorized components should be provided to projects
– Implementation of FAA password algorithm
– Transactional security analysis and reporting tools

On-going security engineering services to programs
will be cost reductive (training, reqts/design reviews)
15
R&D Recommendations

Prototype set of:
–
–
–
–


Security architecture design patterns
Agency Product Guidelines
Authorized components
Security engineering design review materials
for building data warehouse applications
Prototype implementation of secure Internet
connectivity based upon FTI for systems such as
NASE
Use of a separate instantiation of NASE as a test
bed in a Security Evaluation Laboratory
16