Information Technology Reference
In-Depth Information
Critical Information Assurance Challenges for Modern
Large-Scale Infrastructures
Ming-Yuh Huang
The Boeing Company,
P.O. Box 3707, MC 7L-49,
Seattle, WA 98124-2207
ming-yuh.huang@boeing.com
Abstract.
Today's information assurance (IA) is no longer about keeping
people out. It's about letting people in — the right people, securely, to the right
place. In modern military and commercial systems, partners, suppliers, and
customers are all constantly accessing the infrastructure through the network.
Once there, each needs to be taken directly to the appropriate data and
resources. Secure and efficient access control in this context lays the foundation
of next-generation business paradigm shift. Such new paradigms create new
revenues and increase operation efficiency. Those who fail to make the
transition are bound to face daunting challenges in competition. IA is a business
enabler. It is vital piece that allows the paradigm shift to take place. This is the
new but realistic way to look at security. This paper examines a broad range of
critical issues in today's closely knitted environment and discusses potential
architectural and technological directions from the perspective of large and
distributed infrastructures. To fully illustrate the significant issues, this paper
also uses a major cyber crime case that went through the US Federal Court in
2001 for analysis purpose.
1 Background
First international connection to the ARPANET was made by University College of
London (England) via NORSAR (Norway) in 1973. In the same year, Bob Metcalfe's
Harvard Ph.D. thesis outlines idea for Ethernet. The concept was tested on Xerox
PARC's Alto computers, and the first Ethernet network was implemented. In 1978,
TCP split into TCP and IP and, in 1980, ARPANET suffered the first significant
network security failure due to an accidentally-propagated status-message virus. The
network was grinded to a complete halt on October 27th.
It was not until later part of 1980's that a major cut-over to TCP/IP was made and
Internet became truly available. IETF was established and ARPANET creased to exist
in 1990. Nevertheless, prevalent usage of Internet will not come until mid 1990's
when WWW (World Wide Web) became greatly accessible. Since then, computing
and Internet have fundamentally changed human society.
1.1 Castles and Moats
In process of computing technology evolutionary, information assurance (IA) usually
comes along as after-fact patch-up measures. IA is often treated as the necessary evil
