General Version 9 21 09
description
Transcript of General Version 9 21 09
Granite Gate Corporation™
Corporate Capabilities PresentationContent Security
ForSecure Cloud Computing
& Application Development and Integration
Copyright ©2009 Granite Gate Corporation all rights reserved.
September 21, 2009
Briefing OverviewMission and Standards-Based Offering 1Differentiators 2Protecting Content and Processes is the Future of Cybersecurity 3The Integrated Cyber Solution (ICS) & 4Application*SECURE* ICS – TecSec 9ICS – IQware 14Consulting and Training 18Granite Gate Officers and Organization 19Conclusion 20
Corporate Capabilities Presentation
i
Granite Gate Corporation™
Copyright Information ©2009 Granite Gate Corporation. All rights reserved. Produced in the United States of America.All trademarks, service marks, and trade names referenced in this material are the property of their respective owners. • TecSec and CKM are registered trademarks of TecSec, Inc.• IQware is the registered trademark of IQware, Inc.
Granite Gate Corporation™
Granite Gate is a game changer providing a disruptive technology that addresses that address content security and
virus immune rule-based applications.
1
MissionProvide innovative
cybersecurity capabilities that facilitate secure
content sharing and secure applications
Granite Gate Corporation™
Granite Gate Standards-based Content Security Offerings
Computer-based Content Security Training
Cyber Security Services
Integrated Cyber Secure (ICS)*SECURE* Content Applications
Granite Gate Corporation™
Granite Gate’s content security differentiators:
Backed by 32 patents including XML Secure, Digital Signature, Constructive Key Management (CKM), and virus immune rule-based applications architecture.
Standards Based ANSIX9.69, X9.73, X9.84, X9.96, and others
Fits within existing infrastructure and is scalable
Secures data at rest and data in motion over time
Enhances PKI
Integrates secure “front-end” technologies with a secure rule-based system “back-end”
The front-end components provide role-based access control (RBAC), privilege management, ID authentication, key management, and encryption,
The back-end components provides a virus-immune, rule-base, cross-platform software system and business intelligent engine.
Delivers an application platform that is agile, rule based, updates made in real-time, and hacker proof & virus immune.
Cross platform – supports Windows, Apple, Unix, and small format devises.
2
Granite Gate’s INTEGRATION ties the front-end and back-end = “turn-key secure system”
Granite Gate Corporation™
Recent events validate our market - the future of cybersecurity is to supplement network security with protection of the content.
3
The President’s Cyberspace Policy Review Report of May 25, 2009 - Cyberspace touches practically everything and everyone. It provides a platform for innovation and prosperity and the means to improve general welfare around the globe. But with the broad reach of a loose and lightly regulated digital infrastructure, great risks threaten nations, private enterprises, and individual rights. The government has a responsibility to address these strategic vulnerabilities
Lawrence H. Summers, senior White House economic adviser, is pushing for the National Economic Council to have a key role in cybersecurity …
It is a key government responsibility to help secure private-sector networks It discusses the need to provide incentives for greater data sharing and risk management There exists a plethora of security-in-a-box products on the market, but few address
content security in detail.
110th Congress, 2d Session, H, CON. RES September 24, 2008, 425TH, by Republican Rep. Michael Burgess and Democrat Rep. Chuck Gonzalez of Texas cites a litany of losses, exposures and shortfalls in protecting personal information, and notes that 36 states already have taken the lead in passing their own data security legislation.
Nevada law NRS 597.970 of Title 52 of the state code. It says that, 'A business in this State shall not transfer any personal information of a customer through an electronic …unless the business uses encryption to ensure the security of electronic transmission.
Granite Gate Corporation™
Granite Gate provides the Integrated Cyber Secure (ICS) for secure information sharing and secure application development and
integration.
A key product is Application*SECURE*
4
Dedicated Applications
Enterprise Application
Networks
Website
Desktop Applications
Vulnerable
Architecture
Constructive Keys
Secure Rule Data
Privilege Mgt.
ID of Merit
SecureInformation
SharingApplication*SECURE*
Secure Rule Based
Applications
Secure Data at Rest & Datain Motion
Secure Key Management
Positive ID & Privilege
Management
Last Twenty Five Years Next Twenty Five Years
Secure Server
Granite Gate Corporation™
Granite Gate Corporation™
Granite Gate’s Integrated Cyber Secure (ICS) including Application*SECURE* is based on proven technologies from corporate
partner TecSec (www.tecsec.com) and shareholder IQware (www.iqware.us)
5
Access Control Devise
(ID card, biometric, etc.)
Workstation
(Windows, Mac, Linux)
Network, Internet, or
Connection
Secure Server
(DOD rated B2/C2)
Identity of Merit
Role Based
Access Control
Privilege Management TecSec Domain
Business Logic
Rule-Based Applications
Open Office *SECURE*
& Other
Applications
X-Toolkit, X-Intrinsics, X-Lib ,
X-Protocol
Hardware Dependent Graphics
Hardware Dependent inputs
X- Server, X-Protocol, X-Display
Encrypted Data
Encrypted Data
IQware Domain
Granite Gate DomainIntegrated Cyber Secure (ICS) Framework
Constructive Key Management (CKM®TECSEC )
Rule-Based
Applications
Granite Gate Corporation™
Network, Internet, or Connection
Secure Server(DOD Rated B2/C2)
Workstation(Windows, Mac, Linux)
Access Control Devise(Card, biometric, etc.)
Identity of Merit
Architecture
Process
Technology
Integrated Environment
Granite Gate’s Integrated Cyber Secure addresses serious vulnerabilities in government and commercial markets.
6
Authoring (key strokes)
Assignment of Privileges by Role & by Author
Requested Data Deciphered Based on
Approved Role
Constructive Key Management
& Encryption
Open Office*SECURE* & Other
Applications on Server
Virus Immune Rule-based processing
Encrypted Info on Secure Server
Encrypted Data
Encrypted Data
Encrypted Data
Rule-Based
Applications
Granite Gate Corporation™
Network, Internet, or Connection
Secure Server(DOD Rated B2/C2)
Workstation(Windows, Mac, Linux)
Access Control Devise(Card, biometric, etc.) Architecture
Process
Technology
Integrated Environment
TecSec, a Granite Gate partner, provides patented, standards-based technologies that manages credentials and key management.
7
Open Office*SECURE* & Other
Applications on Server
Virus Immune Rule-based processing
Encrypted Info on Secure Server
Constructive Key Management
& Encryption
Encrypted Data
Encrypted Data
Encrypted Data
Identity of Merit
Authoring (key strokes)
Assignment of Privileges by Role & by Author
Requested Data Deciphered Based on
Approved Role
Granite Gate Corporation™ 8
TecSec, a Granite Gate partner provides patented technologies approved by NSA.
Used with permission from TecSec and NSA
Assured Information Sharing Cornerstone
• Labeling of all information and assets– Includes people, devices, services, and information– Information labels will define access and protection requirements
(Differentiated Quality of Protection)• Strong Identification and Authentication of all GIG entities• Shift toward object level access control• Shift toward policy based Risk Adaptive Access Control (RAdAC) model
– Mission need, Information policy, and trust level of people, IT and environmental risk factors affect access decision
Provide ability to dynamically share information at multiple classification levels among U.S., allied, and coalition forces. Information access is based on mission need, information sensitivity (value), service being requested, entity’s identity
and privileges, and level of protection provided by an entity’s environment.
Information Sharing IA Objectives CKM – ANSI X9.69 CKM – a Flexible Solution
Granite Gate Corporation™ 9
Components Needed For IA Objectives
Self Protecting Data ObjectsData Label AwarenessData Label Aware ServicesIdentity Management augmented by Key Management That is:
Role based Fine Grained (objects) Dynamic, not static, keys
COMSEC is traditional point to point, from here to there.The network today speaks in terms of “point of presence” – hard to define “there”
INFOSEC needs to be protecting the information itself, not the channel.Information is stored by content, with signatures to provide validation of content.
Used with permission from TecSec and NSA
TecSec, a Granite Gate partner provides patented technologies approved by NSA.
IA ObjectivesInformation Sharing CKM – ANSI X9.69 CKM – a Flexible Solution
Granite Gate Corporation™ 10
TecSec, a Granite Gate partner provides patented technologies.
Used with permission from TecSec
What is ANSI X9.69? A Process - Called CKM
• CKM, short for Constructive Key Management®, technology provides Role Based Access Control that is enforced via cryptography.
• Published as ANSI Standards– X9.69 Framework For Key Management Extensions– X9.73 Cryptographic Message Syntax– X9.96 Secure XML– ISO 22895 (Draft)
• Properties of CKM Approach:– Key material not specific to individuals– Addresses the one-to-many distribution problem of key management– Access privileges bound to data via cryptography– Built-in key recovery performed by system owner– Modeling Role-Based Access Control (RBAC)– Content-based security– Complementing PKI
C2009 TecSec, Inc. All Rights Reserved
Information Sharing CKM – ANSI X9.69IA Objectives CKM – a Flexible Solution
Granite Gate Corporation™ 11
TecSec, a Granite Gate partner provides patented technologies.
Used with permission from TecSec
C2009 TecSec, Inc. All Rights Reserved
Information Sharing CKM – ANSI X9.69IA Objectives CKM – a Flexible Solution
Digital Signature Applied
Audience Selected
*By Content Rule/Description
*From Organization’s Taxonomy/Permission Board
e.g. Harris/Engineering/Chain/Software Development
CKM Creates Unique (per object) Confidentiality WrapperProtects any digital data, text, graphics,
audio, video in any transmission format
CKM Seals the Object
Encrypted Objects
Data Protected not the network
Any server/servers
Employees with the correct credentials/ Permissions can read the information and reply in a similar fashion as the original Author. Credentials/Permissions Revocations are controlled by the employees’ organization such as Harris/US Navy/NAVAIR etc. Data remains in an encrypted state indefinitely and always available with the proper permissions.
ActiveAttributes chart
CKM is a flexible solution that meets all stated requirements
Information Created
Working key is generated
Granite Gate Corporation™
Network, Internet, or Connection
Secure Server(DOD Rated B2/C2)
Workstation(Windows, Mac, Linux)
Access Control Devise(Card, biometric, etc.)
Identity of Merit
Architecture
Process
Technology
Integrated Environment
12
Authoring (key strokes)
Assignment of Privileges by Role & by Author
Requested Data Deciphered Based on
Approved Role
Constructive Key Management
& Encryption
Encrypted Data
Encrypted Data
Encrypted Data
Rule-Based
Applications
Open Office*SECURE* & Other
Applications on Server
Virus Immune Rule-based processing
Encrypted Info on Secure Server
IQware, a Granite Gate shareholder, provides virus immune, rule-based & cross platform technology for application development/integration, and
master data management/mining .
Granite Gate Corporation™ 13
IQware, a Granite Gate shareholder, provides secure server technologies.
Used with permission from IQware
IQware's Key Features for virus immune applications and data management
● Rule-basedSoftware’s appearance and functionality are 100% controlled by operating rules that can be changed on-the-fly, while the system is running.
● InteroperableUses thin client (Xlib) architecture (obeys IEEE & POSIX standards) which ensures compatibility with and adaptability to new and emerging hand-held & desktop technologies.
● SecureSolves the ENTIRE security problem by monitoring and controlling all access of subjects to objects.
● DisruptiveForces competitors into uncompetitive and uneconomic tradeoffs.
● PatentedUS patent awarded for “Method and System for Providing a Virus-Immune, Rule-Based, Cross-Platform Software System”. Additional patents filed.
Rule - Based Applications Rule - SpecificationKey Features
©2009 IQware, Inc. All Rights Reserved
Granite Gate Corporation™ 14
Used with permission from IQware
IQware, a Granite Gate shareholder, provides secure server technologies.
User InputKey Press
Mouse MovementMouse ClickOther Input
Program ResponsePerform operation(s)
Execute routine(s)Terminate
Business LogicExamine User Input
Examine current program stateExamine other conditions
Make a Decision
“Idle Time”Wait for next
user inputWait for external
event
Rule - Based Applications
• We separate the “user input piece” from the rest of the application so “malware” cannot “infect” the critical business logic and program operation.
• We use a TCB (Trusted Computing Base) that is DoD rated B2/C2 for the secure server.
• We can use any kind of laptop / desktop for the “user input piece” (Windows, Linux, Apple, PDAs, etc.).
• The client piece is very thin and is available as open source freeware (XLIB).
• The secure server handles all program logic, decision making and operation execution.
• All communication to/from client is encrypted.
Invention #1:We “cut” the app along this line for interoperability
This part of the app runs on a DoD secure server
This part of the app runs on ANY client!
Malware stays here
No malware hereInvention #2:We put this piece on a DoD-rated secure server for virus-immunity
New Approach (Patented US #7,322,028)
Rule - SpecificationKey Features
© 2009 IQware, Inc. All Rights Reserved
Granite Gate Corporation™ 15Used with permission from IQware
IQware, a Granite Gate shareholder, provides secure server technologies.
The code is “planar” - its flowchart has no crossing lines. Planar code makes it simple and easy to mathematically verify. Planar code is suitable for DoD “A1” level certification and EAL-7 certification. The reference monitor implemented within OVMS handles security at the lowest layer. Two main loops – the “event loop” and the “action loop”. The event loop gathers events which include UIF (user interface) and rule events. The action loop performs all rule-directed actions. Rules are referenced by a unique ID and are executed in the order determined by their
configuration. Each rule can specify several classes of items:
Events (E) Actions (A)Data Source (DS) Data Destination (DD)Visual Attributes (VA) O/S Permissions (OSP)Access Modes (AM) Audit specifications (AU)
Items are logically independent Not all items are relevant for each rule. Rules are graphically configured by an intuitive editor, IQ-Build. Rules may have dependencies on other rules for increased flexibility.
Rule - Based Applications Rule - SpecificationKey Features
Rules act as the application (process control, integration, data mgt./mining – All are rules)
© 2009 IQware, Inc. All Rights Reserved
Granite Gate Corporation™ 16
Rule-Based
Applications
Network, Internet, or Connection
Secure Server(DOD Rated B2/C2)
Workstation(Windows, Mac, Linux)
Access Control Devise(Card, biometric, etc.)
Identity of Merit
Architecture
Process
Technology
Integrated Environment
Granite Gate’s INTEGRATION ties the front-end and back-end
to provide the turn-key secure system “ICS”
Authoring (key strokes)
Assignment of Privileges by Role & by Author
Requested Data Deciphered Based on
Approved Role
Constructive Key Management
& Encryption
Open Office*SECURE* & Other
Applications on Server
Virus Immune Rule-based processing
Encrypted Info on Secure Server
Encrypted Data
Encrypted Data
Encrypted Data
Granite Gate Corporation™
IQware Proprietary
Components
Patented US #7,322,028Rule Based App Component
“cuts the business logic from the workstation and hosts it on the secure server”
“the application is controlled by rules not hard coded logic”
Platform independent and interoperable
TecSec Proprietary
Components
31 US Patents
Secure access control card
CKM ®TECSEC
CKM ®TECSEC Enabled Smart
Card
Privilege management
Data encryption
Granite Gate Proprietary
ComponentsIntegration with Open Office Open
Office*SECURE* is the first Application*SECURE* Product
Integration of IQware and TecSec technologies to form the ICS 1
Other rule-based secure applications
17
TecSec a partner and IQware a shareholder provides access to patented technologies.
1Exclusive integration rights
Granite Gate Corporation™
Computer-based Training
ICS
TecSec Technologies
IQware Technologies
Security Policy & Practices
Application*SECURE*
Role-Based Application
Cyber Security Services
ICS Implementation
Audit and Assessment
Management and Policy
Technical Implementation
Program Management
Role-Based Application Development
Application Integration
Granite Gate’s services and training capabilities are focused on the Integrated Cyber Secure (ICS) product, TecSec and IQware Technologies.
18
Granite Gate Corporation™
Granite Gate is lead by a team of highly qualified professionals.
19
John Keihm
Board of Directors
Chief ExecutiveEdward Merrill
DirectorFederal Sales
DirectorMarketing
DirectorPR and Programs
DirectorEngineering
DirectorConsulting
DirectorTraining
Vice President Business Development
Executive Vice President Engineering & Operations
Tom Verbeck (BG Ret)
Pending
Bruce Bohn (BG Ret)
Board of Advisors - ChairmanWilliam Donahue (LtG Ret)
John Keihm(Dir DIA Ret)
B. J. Penn*(SECNAV Ret)
* Pending
Granite Gate Corporation™
In Conclusion, Granite Gate is focused on being the leader in secure cyber content products and services. Granite Gate’s offerings are
customer focused and represent best of breed component technologies.
Experience and committed leadership Key corporate shareholder and partner bring technologies to Granite Gate State of the art technologies: ICS and Application*SECURE* Disruptive technologies (makes all others uncompetitive and uneconomical) Compelling computer-based cyber security training content Products and services supplement network security and operate within the
existing infrastructure Standards based processes and products (ANSI, NIST, ITIL, FIPS, HIPAA,
CISSP,) (and CMMI Level 2 pending) TS Facility Clearance (pending)
20
All elements are synergistic within the ICS framework.Together, they create a compelling offer for our
customers, partners, and investors.