moscow, 2009 accord-thsm accord. reliability in an unreliable world. okb sapr special design bureau...
DESCRIPTION
Are you sure that YOUR PC is only YOUR instrument?TRANSCRIPT
Moscow, 2009
ACCORD-THSM
Accord. Reliability in an unreliable world.
OKB SAPRSpecial Design Bureau for CAD System Design
A personal computer
is only an instrument.
Are you sure that YOUR PC is only YOUR instrument?
Are you sure about it EACH TIME
that you turn it on?
You need the assurance
no PC hardware has been changed; no PC software has been changed; no data, stored on your PC, has been changed or became known to an intruder.
that while you were away
The first task of information protection is
protecting your PC from an unauthorized access (UA).
An UA protection tool must:
allow working on this PC only for those users who have a right to work on this PC, according to the security policy;
control the state of the computer hardware and software for the absence of any unauthorized modifications.
What should an UA protection tool be like?Checking the integrity of the software environment with the help of some program — can we be sure in its own integrity?
First, we need to check that program.
And before that — check the program that is going to check it…
What should an UA protection tool be like?
Can you pull yourself out of a swamp?
You can.
If you have a support point, which is outside of the swamp.
What should an UA protection tool be like? independent from the PC operating and file system
inaccessible for the introduction of modifications
hardware-based.
At the end of last century, we have developed a concept of hardware protection and an information protection tool (IPT),
which became and still remains a standard for all of the developers.
Provides a trusted startup of the operating system, irrespective of its type, for an authenticated user.
Accord-TSHM:
Trusted Startup Hardware Module
What is trusted startup?
the user identification/authentication. integrity checking of the PC hardware and the software utilities, using a step-by-step integrity inspection algorithm; blocking the operating system boot from the external storage mediums;
The operating system boot is performed only after a successful completion of the following procedures:
Accord-TSHM:
has been patented has 18 conformance certificates and has more than 250 000 implementations in the governmental authorities and commercial organizations, as of the end of the year 2007.
An unauthorized access control product Accord-TSHM consists of the hardware and software tools:
Hardware tools: Controller; Contact device; Identifier;
Software tools: BIOS-controller of the Accord-TSHM complex; Firmware, realizing the TSHM functions.
The main versions of Accord-TSHM include the controllers:
for PCs with bussed interface PCI
Accord-5MX,
Accord-5.5 with a powerful cryptographic subsystem.
Accord-TSHM may also include the controllers:
Accord-4.5
for PCs with bussed interface ISA;
Accord-PC104for PCs with PC-104 standard;
Accord-5МХ mini-PCIfor notebooks and other computers with bussed interface mini-PCI;
All of the Accord-TSHM modifications:
may be used at any PC;
use personal TM-identifiers DS 1992 – DS 1996 with the memory volume up to 64 Kbit (or other identifier upon the customer’s request) for the user identification and provide for the registration of up to 128 users at the PC (Accord-PC104 – up to 1024);
use a password up to 12 symbols for the users authentication, entered from the keyboard;
All of the Accord-TSHM modifications:
work with the following types of file systems: FAT 12, FAT 16, FAT 32, NTFS, HPFS, FreeBSD, Ext2FS, Sol86FS, QNXFS, MINIX;
provide the integrity control of the PC hardware before the operating system boot;
provide the integrity control of the programs and data before the operating system boot, as well as the protection from the implementation of the destructive applications (DA);
perform the boot blocking from the alienable carriers (FDD, CD ROM, ZIP-drive);
perform the registration of the users activities in the system log, located in the permanent memory of the controller;
provide the system administration (users and personal identifiers registration, assigning files for integrity control, PC hardware component control, system log display and so on).
All of the Accord-TSHM modifications:
introducing modification into the Accord-TSHM firmware is impossible;
the controller’s even log is accessible only to the information security administrator, that is why concealing an attempt of UA from him is impossible;
on the basis of Accord-TSHM, there have been developed the access delimitation and information protection control systems (when installing special software).
Reliability in an unreliable world:
Individual packaging:
TM-identifiers (standard packaging),smart-cards,fingerprint reading devices,PCDST (personal cryptographic data security tool) SHIPKA.
in accordance with the customer’s requirement, Accord-TSHM and Accord-TSHM-based systems may use various identifiers:
Moscow, 2009
ACCORD-TSHM
Accord. Reliability in an unreliable world.
OKB SAPRSpecial Design Bureau for CAD System Design