Security considerations for critical environments
In today’s digital world, data is the primary asset for most organizations. Access to data and changes of the data need to be restricted to authorized persons, devices or processes. IT devices need to be protected from the execution of non-authorized code as well as from denial of service attacks.
The cost of data breaches is increasing year over year. In a study conducted by the Ponemon Institute and sponsored by IBM, “2018 Cost of Data Breach Study: Impact of Business Continuity Management”, the global average cost of a data breach is $3.86 million, up 6.4 percent over the last result.
Security is critical – with weaknesses in security, companies are potentially not only risking their core assets, their reputation and customer confidence, they also face a direct financial burden from the incident itself or from increasing risk of getting fined by regulations like GDPR when personal client data is lost.
Applications and IT systems in critical domains often need multiple level of security, which means that there can be different security classification levels for information processed within the same system.
The concept of Multiple Independent Levels of Security/Safety (MILS) was published in 2005. It is designed to ensure that security systems cannot be bypassed or evaluated, and are tamper-proof. A MILS system enforces security policies by authorizing information flow only between components in the same security domain or through trustworthy security monitors.
The MILS concept was applied in Europe with the European project EURO-MILS. This project aimed at secure European virtualization applications in critical domains.
The EURO-MILS project has published a protection profile for Operating Systems, which states that it is conformant to the “Assurance package EAL5 augmented with AVA_VAN.5” as defined in the Common Criteria for Information Technology Security Evaluation, Part 3.
The Common Criteria portal contains all published certifications for operating systems. Only versions of PR/SM (Hypervisor of IBM Z and LinuxONE) have ever been certified at EAL5+AVA_VAN.5. That certification level makes IBM LinuxONE relevant for critical systems implementations in Europe.
LinuxONE systems provide hardware assisted pervasive encryption. Cryptographic co-processors integrated in every LinuxONE microprocessor core can fully encrypt all data in-flight and at rest. With pervasive encryption, the risk that hackers can access or modify the data is minimized.
An IBM LinuxONE system with Crypto Express accelerators meets Federal Information Processing Standards (FIPS) 140-2 Level 4. At level 4, the system provides full protection of the cryptographic module. It detects and responds to unauthorized attempts of physical access.
A top concern for many organizations is the protection of encryption keys. Hackers often target encryption keys when they are exposed in memory while being used. LinuxONE can help to protect these keys in tamper-resistant hardware that allows the invalidation of keys in case of a detected intrusion.
Furthermore, an IBM LinuxONE system can establish a secured operating environment to help protect against insider threats from privileged users. The Secure Service Container is a secured deployment of software appliances. Secure Service Containers on LinuxONE deliver protection against internal and external threats by encrypting all data without changing the application. In the x86 world, Software Guard eXtensions require a specific application design, distinguishing small encrypted and trusted and large unencrypted components. They are already known to be vulnerable.
Since many applications in a cloud environment–public or private cloud–tend to become critical to their users, the standards for security should be as high as possible and affordable. IBM LinuxONE plays in its own league offering scalability, performance and response time, uptime and highest certifications. Also, it offers cost advantages for consolidation scenarios. Because of these characteristics, IBM chose to run its IBM Blockchain Platform Enterprise Plan and IBM Hyper Protect services in IBM Cloud on LinuxONE.
 The Security Requirements for Cryptographic Modules – FIPS 140-2 – are published here: https://csrc.nist.gov/publications/detail/fips/140/2/final. Detailed specifications about IBM Crypto Cards are available here: https://www-03.ibm.com/security/cryptocards/index.shtml