Department of Energy

1.0 Workshop Goals

Encourage interactions between DP and ER security researchers, and between research and operations

Identify DOE mission-critical and/or unique security requirements, and research priorities based on these requirements

A unique meeting bringing together Energy Research, Defense Programs, and HQ personnel in a corporative setting.

2.0 Participants

DOE programs (requirements/R&D areas)

DP: Nuclear weapon information systems, cooperative non-trusting environments & treaty verification

ER: Collaborative environments, control systems for remote scientific instruments, high-performance computing

HQ: Information assurance

NonDOE experts (technology contributions)

Secure distributed systems (Neuman, USC/ISI)

Public-key infrastructure (Ford, Nortel)

Intellectual property rights issues (Lynch, U. Calif.)

INFOSEC research & technology (Maughm, NSA)

3.0 Workshop Format

DOE applications

Survey security requirements

Security technologies

What will be developed elsewhere?

What won't (and so should be addressed by DOE)?

Discussion of research priorities

Identify technologies that are mission-critical and requirements that are DOE-unique.

4.0 Application Requirements

Presentations

Collaborative environments: Rick Stevens, ANL

Remote experiments: Deb Agarwal, LBNL

Control systems? Steve Lewis, LBNL

Secure networking: Hank Shay, LLNL

Weapons program: Judy Moore, SNL

The electric power grid: Bill Johnston, LBNL

Also discussed:

Information archiving and retrieval

High performance computing

4.1 Collaborative Environments

Tools for supporting remote collaboration

Distinctive security concerns:

Authentication of large, fluid community

Fine-grained authorization, multiple media types; proxies

Flexible, dynamic security; negotiating with multiple policies

Realtime, high-speed, privacy-enhanced encrypt/decrypt

Anonymity: anonymous access to documents, email, streams

Secure access for multimedia archiving

Digital signatures for content integrity of multiple media

Support of different security/performance tradeoffs

Secure update of software

Transparency

4.2 Remote Experiments & Control Systems

Remote operation of large-scale scientific instruments

Security issues

A large, fluid, international community from many organizations

Need for complex authorization & credentialling

Need to protect equipment and personnel: high consequence

Low latency, high bandwidth communication; multicast

High reliability - at low cost

Policies vary widely across different experiments, and over time within the same experiment

Need to support many different access levels

Secure sharing and archiving of large amounts of data

Denial of service attacks can be an issue

4.3 Weapons Program

Information surety: privacy, integrity, availability

Very high consequences for failure

Security issues

Fine-grained access controls in distributed multi-level security systems

Sharing information with treaty partners (inc. enemies): exportable?

Secure remote monitoring and control of weapons: secure wireless and secure sensors

Virtual teaming for design and testing

Verification of software used for computational testing

Metrics for all of the above

Integration of common off the shelf (COTS) software

4.4 The North American Electric Power Grid

On-line brokering of power transmission services

Independent from grid control in the short term

Looks like, and has security concerns similar to, financial services online

Economic pressures will probably force coupling of brokering system to on-line control in the future

Security concerns similar to online experiments

4.5 High Performance Computing

In particular, high-performance applications that span multiple systems

Security concerns

Low-latency cryptographic operations

Fast collective operations (relates to key management)

Security in special-purpose parallel computer operating systems

Enforcement of resource allocation

High-performance, distributed secure files systems (Terabyte/day)

Ability to selectively protect control and data channels

Security-enhanced parallel programming tools

Specifying and discovering security characteristics of system

Portable implementations of secure libraries and applications

4.6 Information Archiving & Retrieval

Distinctive security problems

Classification tables -- are Compartmented Mode Workstations enough?

Policy issues when sharing data between sites

Support for need-to-know

Inference of secure information from insecure information

Very large scientific databases; object-oriented databases

Asynchronous notification of data updates, esp. in remote collaborations -- for example, data retraction

Archiving: integrity of copies, enforcing security on copies

Archiving nontraditional data

Archiving data with a view to eventual declassification (e.g., protecting against covert channels in declassified data)

5.0 ER/DP Commonalities and Differences

Most requirements are common across ER and DP

Some common adversaries (although different scale of consequences)

Need for openness on ER side

More frequent international involvement

Need for source code at all levels

Nuclear safety constraints restrict solutions for weapon information systems

6.0 DOE Security Research Priorities

Scalable cryptography performance

Security APIs

Security-enhanced toolkits

Public key infrastructure

Security policy tools

Access control

Secure sensors

Assured software

Security assessment/metrics

High performance defenses

Recurring requirements are for high performance and for protection against high-consequence events

6.1 Scalable cryptology

Ability to trade off security and speed

Message, entity, and group authentication, encryption

6.2 Security APIs for DOE applications

APIs designed for high-performance implementation

Range of API architectures, API security functions

6.3 Security-enhanced application development tools

Support for high performance & real time control

Reduce effort required to incorporate security functions into applications

6.4 Public key infrastructure

Public key certification authorities

Certificates for multi-faceted capabilities

Private key management (e.g., distribution)

6.5 Security policy definition and negotiation

Machine representation & negotiation of policy

Flexible, dynamic policies

6.6 Access control

Fine-grain (temporal & data size) access control

Multi-level security (MLS) mechanisms

Channels for moving data from secure to open networks

6.7 Secure sensors

Low power, tamper resistant

6.8 Assured software

Confidence for high consequence operations

6.9 Security assessment and metrics

Threat/risk analysis

6.10 High performance defenses

Intrusion detection

High performance firewalls (easy to manage, peer-to-peer, responsive, reactive)

7.0 For More Information...

A Web site has been created to serve as a repository for program information and a mechanism for information exchange:

http://www-itg.lbl.gov/DOE_Security_Research