Criteria for selecting the mandatory security

[biran@il.ibm.com]

The main security open issue out of Minneapolis is the 'mandatory
to implement' method. The first step is to agree on the criteria
for selecting it. Following is an initial proposed list (thanks to
Steve Senum on his help) - any comments / additional criteria /
order of importance are welcome.

Regards,
  Ofer


  Criteria for selecting the mandatory security method

1. Suitability for iSCSI implementation scenarios
The role of iSCSI initiator / target / proxy target from the security
aspect. Is the method suitable for the typical scenarios. e.g., should
initiators be defined as 'users' on target systems. Which identity
should be authenticated for doing the authorization decisions.
Naming and Discovery considerations. iSNS requirements / interoperability.
Is a central security server appropriate ?  Corporate intranet aspects -
firewalls etc.

2. Administration
The ease of security administration is probably the most important
issue for customers and system administrators. If we consider only
the authentication and privacy aspects of a security platform, the
administration includes:
  - Getting the system into operational state (i.e., initial
    configuration).
  - Adding / removing users and service principals.
  - Maintenance (password replacements, certificate revocations,
    security servers, security databases)
  - Policy (e.g. password expiration/ certificate revocation)
There are other aspects related to authorization and setting of
services that may need to be considered.

3. Standardization, existing code & implementations
Is the security method based on a formal standard. Are there existing
code (open source, commercial libraries) and implementations. How much
experience and acceptance it has.

4. Code complexity
What is the code complexity for implementation ?  (code size,
programming & testing effort).

5. Performance / hardware acceleration
Authentication performance is less an issue since occur only once per
iSCSI connection. Performance of generation and verification of digests
for message authentication/integrity, and encryption performance (if
used)  are very important for iSCSI requirements. Are there existing
hardware accelerators for the involved digest / encryption algorithms ?

6. Security considerations
This criterion is about the security quality achieved by the method.
Which attacks are the protected, are there known deficiencies in
the cryptographic algorithms that are used, other security problems
with the method scheme.

7. Licensing
Does implementation of the method involve licensing / royalties for
patents ?





Ofer Biran
Storage and Systems Technology
IBM Research Lab in Haifa
biran@il.ibm.com  972-4-8296253