[Image] --------------------------------------------------------------------------- SAMSON - Security and Management Services in Open Networks (RACE R2058) --------------------------------------------------------------------------- January 1995 Participants * Bull (France) * GMD (Germany) * IBM (France) * ICL (UK) * Siemens AG (Germany, Prime Contractor) * Telia AB (Sweden) * Telesystemes (France, Subcontractor of Bull) Prime Contractor Contact Address: Dr. Michael Steinacker Siemens AG, ZFE ST SN 52 Otto-Hahn-Ring 6 D-81730 Munich, GERMANY Tel.: +49 89 636 2175 Fax: +49 89 636 48000 e-mail: ms@kom42mx1.zfe.siemens.de Project Information The overall objectives of project SAMSON are: * to define the architecture and build a prototype of a system aimed at managing security services in an IBC network, and * to demonstrate its use in a pilot application environment, with the explicit intention to submit contributions to European standards in the area. The results of the conceptual work and prototype can be used for the management of distributed systems and for network management systems (e.g. TMN). The main goals of project SAMSON in the area of security management are two-fold. They cover management of security services as well as security of management operations. Management of Security Services In a distributed environment security services are needed by distributed services and applications as well as by network and system management. The management of security services is part of the corresponding management system. As there already exists a (conceptual) variety of security services, security architec- tures and implementations, there is a strong need to unify their management. For the prototype of SAMSON, management of security services is based on existing security applications in distributed systems. The abstract services that are: managed by SAMSON are * authentication, * access control, * audit, and * key management. The security services in distributed systems chosen for the prototype of SAMSON include DCE security services (DCE authentication, discretionary access control list management), lower layer security services (management of key management service for Transport Layer Security Protocol TLSP and Network Layer Security Protocol NLSP), X.509 strong authentication service and directory access control conforming to the 1992 X.500 standard. Additionally, a small part of the resources is allocated to security policy management. ---------------------------------------------------------------- | | OSF DCE | X.500 | Key Management | | Service | | | for TLSP/NLSP | |---------------+-------------+---------------+----------------| |Authentication | DCE Registry| X.509 Strong | - | | | Service | Authentication| | |---------------+-------------+---------------+----------------| |Access Control | DACLs | X.500 (92) | - | | | | ACLs | | |---------------+-------------+---------------+----------------| |Key Management | - | - | Public Key | | | | | Certificates | |---------------+-------------+---------------+----------------| |Security Policy| DCE Registry| - | Cryptographic | | | Service | |Algorithm Choice| ---------------------------------------------------------------- Table: Targets of the SAMSON prototype Each of the above targets is modelled as (a set of) managed object(s) according to the ISO network management model. On management operations, these managed objects create notifications. SAMSON audit management operates on forwarding discriminators for these notifications and for logs that are created in the system. Security of Management Operations There is a need not only to perform system and network management operations on security services but also to protect these management operations against misuse or modification. For these purposes (conceptually) the same security services that are managed by SAMSON can be used. There are different ways how security can be hooked into system and network management operations. As management systems have the same security requirements as distributed applications, solutions for management systems can be derived from that area. Basically there are two possibilities: * for each new access to a managed object the manager must be authenticated; * the security system is based on the ECMA model for secure distributed systems (or the Kerberos model of OSF). Both solutions are covered by SAMSON. For the exchange of the security parameter there are different ways depending on the concept chosen: * use of the access control parameter in CMIP, * use of authentication parameters in ACSE, and * use of lower layer security protocol. SAMSON will at least implement the third solution. Conceptually, all three solutions are being worked out. Architecture and Environment The SAMSON architecture follows a standardized model (ISO/CCITT). The SAMSON management application (e.g. an authentication manager) provides a unique user interface, independent of the actual kind of target service implementation (e.g. authentication). Thus different services of the same kind can be managed in a unique way through the same interface. Besides the common interface, SAMSON has identified common management requirements between different security services. The respective management operations are transferred via the OSI common management information protocol CMIP. At the agent side, a specific sponsor maps the management request to the respective implementation. The environment that has been chosen to demonstrate SAMSON features is a UNIX platform on which the OSI management protocol CMIP is used. The interface used to base the management application is the X/Open Management Protocol API XMP. The X.509 strong authentication module that will be provided by SAMSON will be addressed by GSS-API. (C) Copyright by Siemens AG, all rights reserved. ------------------------------------------------------------------------------- [Image] stephan.vollmer@darmstadt.gmd.de [Image] Security Home Page ------------------------------------------------------------------------------- last modified: Thursday, 27-Apr-1995