DCSS Cyber Assessment Report

PDF

Authors
  1. Sues, M.
  2. Henderson, G.
  3. Magar, A.
  4. Clason, A.
Corporate Authors
Defence R&D Canada - Centre for Security Science, Ottawa ONT (CAN);Cord3 Innovation, Ottawa ON (CAN)
Abstract
DCSS is a security overlay: a set of interconnected services that communicate through the exchange of messages on top of an existing network deployment. Any network security or application security based environment can be enabled for data-centric protection without the need to remove or de-emphasize existing security protections. In this way, an environment protected by DCSS retains the existing safeguards that were in place prior to the deployment of the security overlay. Additionally, DCSS itself is able to leverage existing physical, administrative, network and application safeguards as part of its deployment profile. Most significantly, the deployment of DCSS does not change the underlying accreditation of the target network by modifying the security architecture that was initially certified. This study examined the architecture of the security overlay represented by the DCSS components and how they may be compromised or used in the context of the CWIX 2015 environment to compromise other partners or derive information about other partner’s activities. For each attack scenario found in the study procedures to test for the existence of the vulnerability and its impact were also developed along with the means to mitigate each issue. In this way we have been able to enumerate the potential attack surface of the DCSS when deployed in the context of the CWIX 2015 environment and provide a means of both testing and resolving these issues to decrease the attack surface and op
Keywords
CWIX;trusted information exchange;trust model;coalition information sharing
Report Number
DRDC-RDDC-2016-C102 — Contract Report
Date of publication
01 Mar 2015
Number of Pages
39
DSTKIM No
CA042457
CANDIS No
803640
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: