Introduction

Secure embedded computer and

communications systems are critical

for mission success in today’s

environment of escalating cyber

threats. Data integrity must be

protected as it is processed, stored,

and transmitted. The strategic risk

management of these systems is

known as Information Assurance

(IA), which entails a combination of

physical, technical, and administrative

controls. At the core of an assured

system is an authentic, trusted

foundation based on Anti-Tamper (AT)

safeguards using layered security

features at the hardware, firmware,

and software level. Abaco Systems is

responding to the need for assured

systems by incorporating product

features that enable anti-tamper

safeguards. This paper focuses on the

use of COTS anti-tamper frameworks

to support secure platforms and

provide information assurance.

Information Assurance:

The Big Picture

The concept of Information Assurance

pervades the design, acquisition,

installation, operation, upgrade and

replacement phases of defense-

based information systems. The

goal is to maintain an appropriate

level of confidentiality, integrity,

authentication, non-repudiation, and

availability of information.

The

standards

for

ensuring

Information Assurance and Anti-

Tamper are maintained through

various national and international

channels.

U.S. DoD Instructions and

Directives

The Department of Defense

established Instruction 5200.39 to

mitigate the exploitation of Critical

Program Information (CPI) and

extend the operational effectiveness

of military systems. These systems are

to comply with directive 8500.01E, an

Information Assurance policy, along

with directive 8500.02, prescribed

procedures to protect and defend

information networks and systems,

including anti-tamper capabilities.

Federal Information

Processing Standards

The US government provides publicly-

announced Federal Information

Processing Standards (FIPS) for use

in computer systems by government

contractors, and the National Institute

of Standards and Technology (NIST)

issues the FIPS 140 Publication Series

to coordinate the requirements for

cryptographic modules which includes

hardware and software. FIPS 140-2

establishes the Cryptographic Module

Validation Program (CMVP) as a

Anti-Tamper Technology:

Safeguarding Today’s COTS Platforms

Steve Rohm, Edco Technologies

40 l New-Tech Magazine Europe