Amund Hunstad

A framework for system security assessment

Security assessment is a central ability in the striving for adequate levels of IT security in information systems and networks. In this paper, the issue of system-wide IT security assessment is addressed. The results include a framework for IT security assessment addressing the need to include the influence of system structure in assessments. The purpose of the framework is twofold, to support the development of system security assessment methods and to enable the categorization of existing methods. Moreover, as an example of a possible approach to system security assessment, the CAESAR method is presented. CAESAR enables the calculation of scalar overall system security values as well as system-dependent security values for technical system entities.

Measuring IT security - a method based on common criteria's security functional requirements

A networked defense, and the networked information society, requires both trustworthy information systems and that users and societies trust these systems. Since the trustworthiness of systems depends on the level of IT security, the ability to assess the IT security ability is vital. Currently, there are no efficient methods for establishing the level of IT security in information systems. The main results described in this paper are: a set of security functions needed in systems, based on the security functional requirements of the Common Criteria (CC, 1999) and a method using the set of security functions to assess the securability of components in distributed information systems. Work in progress focuses on system-wide evaluations.

A service-based command and control systems architecture for crisis management

Societies have always been challenged by different crises, disasters and difficult times although western society for a long time has been considered safe. In recent years, our perception of the world has changed, due to terrorist attacks and other large-scale disasters. To handle uncertain situations where the conditions can change rapidly; effective crisis management is required. To support crisis management, command and control (C2) systems can be used. However, a solid architecture for these systems is needed, if they should meet the requirements of crisis management, e.g., support inter-organisational and situational awareness including crisis, organisational and security awareness. The objective of this paper is to outline an architecture for C2 systems supporting network centric crisis management. The corner-stones of this architecture are: the C2 model, the service structure, the service allocation bridges and the distributed ontologies. Further, the information flow and the IT security aspects are covered as well.

Rationale for and Capabilities of IT Security Assessment

The abundance of security threats makes IT security a prerequisite for the use of information technology (IT). Striving for appropriate security, costs for IT security controls should be related to their impact on the level of IT security. This requires the level of IT security to be assessed. However, this insight is to general to guide the design of methods and tools for IT security assessments. Thereby, there is a necessity to explore what are the rationale for IT security assessments, i.e., why, where, and when is it needed. The objective of this study is to explore the rationale for and capabilities required of methods and tools for IT security assessment. The knowledge, about rationale and needed capabilities, should constitute as a foundation for the future development of methods and tools regarding IT security assessment. The study was performed as a case study within the Swedish Armed Forces. Based on interviews and relevant documents, statements directly or indirectly indicating the need for IT security assessments were identified. These statements were carefully analyzed to identify IT security issues. Thereafter, the IT security issues were categorized into six categories: (1) systems development, (2) system operation, (3) risk management, (4) communication and management of security work, (5) competence regarding IT security and (6) attainment and preservation of trust. From these categories, 18 contributions to the rationale for IT security assessments were identified and used to determine capabilities needed of tools and methods for IT security assessments. These capabilities of IT security assessment are presented by criteria ordered in the categories: security assessment domains, security relevant factors, characteristics of security controls, and assessments results.

Identification of IT security-relevant system characteristics

Information systems are continually integrated into increasingly wide-ranging distributed information systems. These systems are becoming difficult to comprehend and the design, implementation, operation, and maintenance are far from straightforward. To facilitate improved analysis and design methods for these systems, the security-level of systems need to be assessed with a greater precision than currently possible. For this purpose, a set of IT security-relevant system characteristics is required. Furthermore, identification of security-relevant characteristics is needed to support the formulation of adequate modeling techniques and the security requirements engineering processes. We describe an effort to find such a set of characteristics. The resulting set of characteristics contributes to all three tasks discussed above. To build the set of characteristics, four tasks (a literature study, a structured analysis, a brainstorm session, and a crosscheck) have been performed. The results include an initial set of security-relevant characteristics for distributed information systems and a structuring of the identified characteristics.

Live Enrolment for Identity Documents in Europe

Digital image alterations (morphing) of identity document photos is a major concern and may potentially allow citizens with malicious intent to enrol for identity document(s) later to be used also by another individual. Taking the photo in the application office – live enrolment – can address this issue. However, this is a break with tradition and entails a sizeable overhaul in the public sector, which can be reluctant to change and often lacks the necessary formal methods that ensure a smooth transition. The objective of this paper is to map the main barriers and drivers related to live enrolment based on theoretical research and interviews conducted with high-ranking officers at passport authorities in Estonia, Kosovo, Norway and Sweden. These countries have successfully switched to live enrolment. The main driver for live enrolment has been increased security; for Estonia, user convenience was important and was behind the decision of keeping alternative application processes for the citizens around. The absence of legacy systems makes it easier to implement public sector innovations, such as live enrolment. Behind the successful implementation is proper risk management, covering technological, political and organisational risks. Finally, the research results indicate varying experiences, obstacles, cultural differences and trade-offs, emphasizing the need to understand barriers and drivers in a contextualised way.

Future Schemes for Stronger Verification of the Access Rights of Border Control Inspection Systems

As more and more biometric data is stored on ePassports, a reliable method is needed to make sure that only authorized entities have access to the information. In the current border crossing procedure, ePassports verify the access rights of the inspection system requesting access to biometric data stored on the chip of the passport. As passports are constrained devices with limited communication and computation capabilities, the verification process is weak and therefore the information privacy is at risk. We propose four schemes where the verification is performed by more powerful entities and the information privacy of the biometric data is strengthened. These novel schemes also include storing the biometric data on other entities than the passports, more specifically in online databases or mobile phones, and we investigate the privacy and security implications of each of them.