Introduction
Secure embedded computer and
communications systems are critical
for mission success in today’s
environment of escalating cyber
threats. Data integrity must be
protected as it is processed, stored,
and transmitted. The strategic risk
management of these systems is
known as Information Assurance
(IA), which entails a combination of
physical, technical, and administrative
controls. At the core of an assured
system is an authentic, trusted
foundation based on Anti-Tamper (AT)
safeguards using layered security
features at the hardware, firmware,
and software level. Abaco Systems is
responding to the need for assured
systems by incorporating product
features that enable anti-tamper
safeguards. This paper focuses on the
use of COTS anti-tamper frameworks
to support secure platforms and
provide information assurance.
Information Assurance:
The Big Picture
The concept of Information Assurance
pervades the design, acquisition,
installation, operation, upgrade and
replacement phases of defense-
based information systems. The
goal is to maintain an appropriate
level of confidentiality, integrity,
authentication, non-repudiation, and
availability of information.
The
standards
for
ensuring
Information Assurance and Anti-
Tamper are maintained through
various national and international
channels.
U.S. DoD Instructions and
Directives
The Department of Defense
established Instruction 5200.39 to
mitigate the exploitation of Critical
Program Information (CPI) and
extend the operational effectiveness
of military systems. These systems are
to comply with directive 8500.01E, an
Information Assurance policy, along
with directive 8500.02, prescribed
procedures to protect and defend
information networks and systems,
including anti-tamper capabilities.
Federal Information
Processing Standards
The US government provides publicly-
announced Federal Information
Processing Standards (FIPS) for use
in computer systems by government
contractors, and the National Institute
of Standards and Technology (NIST)
issues the FIPS 140 Publication Series
to coordinate the requirements for
cryptographic modules which includes
hardware and software. FIPS 140-2
establishes the Cryptographic Module
Validation Program (CMVP) as a
Anti-Tamper Technology:
Safeguarding Today’s COTS Platforms
Steve Rohm, Edco Technologies
40 l New-Tech Magazine Europe