Information is an important asset in today’s world. Effective usage puts high demands on security. Perimeter protection and protected networks are no longer sufficient. Protection in depth with configurable and pluggable security mechanisms with high assurance and support for collaboration between organizations and individuals is required. Protection in depth requires strong Authorization (Access Control) to all the services in the collaboration network.
Authorization must be based on strong network authentication (i.e. SECOE SecL). It is no longer sufficient to authenticate the User to the operating system only (e.g. Windows) with no strong authorization to the valuable network services or resources (documents, command and control information, logistics etc.). Weak, although "enhanced" e.g. smart-card login only to Windows, provides no strong insider separation nor protection in depth. The operating systems login only solution often leads to expensive requirements on separate networks or separate infrastructures for e.g. Open, Classified, Restricted, Confidential or Secret information. Next this kind of legacy solutions makes collaboration and controlled information sharing impossible and information or integrity leaks common.
SecS is the standard products family for authorization to network services and resources. SecS (Security Services) will control all access (authorization) to all SECOE services as well as descriptive and configurable access control to user defined services. SecS is the SECOE operating systems independent "Reference Monitor". SecS comes pre-configured for easy and secure deployment with a fine granular, service-oriented, separation of roles for each service, e.g. FooService-User, FooService-Admin, FooService-SecurityAdmin.
SecS - Highlights
- Authorizes users and services (e.g. network or operating systems services, daemons, processes)
- Provides Access Control to services, service interfaces and services operations (methods, functions)
- Provides User defined Access Control Managers, Access Rights and Name Spaces
- User defined and configurable polices, mandatory or user-defined access control
- Multi-tier network services authorization and delegation (consumer - producer/consumer - producer)
- Descriptive and configurable aspect oriented security, no modification of applications code needed
- APIs for easy access check when developing custom specific, security aware, applications
- Unified Authorization management by a service interface or graphical user interface (SecAdm, see picture below)
SecS Product Components
- SecS SecAdm - Authorization, Access Control, Policies management
- SecS ACS - Access Control Services
- SecS CSR - Call Sequence Register - traceability, chained and delegated network authorization
- SecS SCon - Security Context Management - user and services authorization and credentials
- SecS SecP - Security Interface Processor (ADK only)
- SecS SecLog - Security and Audit log
This page is currently under construction. Be sure to be back soon!