15 Top Level Security Needs Identified by the Black Forest Group
Articles and Tips: tip
01 Jan 1998
The Black Forest Group (BFG) is a member-sponsored forum of user companies with membership composed from the largest corporations in the world, including consultants, vendors, and academics. The purpose of the Black Forest Group is to foster the exchange of ideas, experiences, and directions among user organizations, vendors, commercial businesses, academic and research organizations in the area of information technology.
Recently, the BFG identified security of computer-mediated communications as a critical need, both for the internal protection of essential business processes and for the protection of individuals who plan to use the global information infrastructure. The BFG's underlying concern with security services is that they ultimately provide the end-user with the protections and accountabilities required to be successful in global, electronically-connected environments. This success will require the ability to accurately manage the choice or whether or not to share information at levels of resolution previously not experienced by most end-users.
Included here is a brief description of the 15 top security needs identified in the BFG report. Individual points will be discussed at greater length in future articles.
International Authentication Framework
An authentication framework will be required for international electronic commerce. It must provide a strong authentication path between user and server. A strong mechanism must exist for initial user logon and for establishing a user client-server session. This mechanism must pass sufficient evidence to the server so that the server can authenticate the user's identity as well.
Without adequate safeguards to protect end-users, business will not be able to accept insecure and compromisable devices, such as commercial workstations, from which to perform their electronic transactions. An evaluated and trustable workstation of known configuration is an essential component of a secure working environment.
Enforceable Accountability Services
The current lack of enforceable accountability services with strong integrity is a significant problem in networked environments. Since accountability without a verifiable level of integrity is worse than no accountability at all, considerable attention needs to be focused upon the design and provision of accountability services at the network level.
Secure Commercial Software Registry Service
The primary need to be met by this service is to permit subscribers to determine (using digital signature technology, or the like) whether a purportedly "branded" software component (transmitted code, DLL, etc.) did, in fact, originate from the business entity claimed.
Ability to Know the Source of Electronically Distributed Software
Currently there is no way for end-users, companies or individuals to know the source of electronically (or even physically) distributed software. This is due to the non-existence of Certificate Attributes such that the quality of confidence (or source) is part of the key.
International Public Key Infrastructure (PKI)
A critical requirement for electronic commerce is a basis for trusting the authenticity of a user's public key (i.e., that it really belongs to the entity claimed to be associated with it). This hinges on the existence of an international public key infrastructure or PKI.
International Network Security Architecture
Due to the lack of an international network security architecture, much effort is being expended in creating, distributing, and employing security services across national boundaries.
International Civil Cryptography Framework
End-users of cryptography, especially businesses, find themselves unable to obtain readily available, scalable and deployable commercial cryptographic software.
Voluntary Key Management Infrastructure
Recognizing the liability in managing the privacy of electronic information or in managing its integrity, optional Key Recovery services may be useful for record retention and data archival, as well as for legal and liability requirements.
Commercially Available, Comprehensive Access Controls
Access controls today are too limiting and difficult to administer comprehensively. The safe administration of confidential information inside large facilities has become problematic.
Improved Discretionary Access Controls (DACs)
Most current designs result in access controls that are hard to manage and interpret. Access controls are "security programs" for a given object: their "language" should be carefully and thoughtfully designed.
Closed User Group Safeguards
While the technologies for maintaining Closed User Group Safeguards have been known for years, these technologies need to be made commercially available and easy to use.
Support for the Notion of a Trusted Session
This problem goes beyond mere authentication to encompass the levels of confidence to be considered in electronic transactions and processing. Additional support is needed for absentee sessions, batch processing, and trusted transactions.
International Independent Evaluations
Even with the technology and infrastructure in place, most end-users and companies do not use independent evaluations. When choosing a software service that makes security claims, there are two problems: (1) How does the customer know that the claims are true? (2) Even assuming complete honesty of intent, how does the software provider know that the claims are true?
System and Application Protection
It is highly desirable for system software of all varieties, from PC operating systems to network system software, to take advantage of existing CPU architectural support for system and application protection. That personal computers have not taken advantage of provided support for the last twenty years is a historical accident, and it is high time to recover from it.
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.