Contributions to an IT Security Architecture for GTRS. Identified security functions and mechanisms
Publish date: 2011-03-09
Report number: FOI-R--3148--SE
Pages: 37
Written in: Swedish
Keywords:
- GTRS
- IT security
- risk inventory
- vulnerabilities
- architecture
Abstract
This report accounts for the result of a study performed at the Swedish Defence Research Agency (FOI) regarding IT security architecture for the software defined radio system GTRS. Using FOI's previously presented risk inventory for GTRS, a number of problem areas have been identified by clustering related risk factors. The clustering was done to reduce the number of problem areas to be studied to a manageable level. In their document "Krav på säkerhetsfunktioner" the Swedish Armed Forces have described a number of general security functions for IT systems. We have analyzed these and have described which of the security functions are relevant for which problem areas. In some cases a need for other, new security functions have been identified and these have been presented. The security functions are very general, why a decomposition and specification has been done to reach a level of detail that work as a contribution to a IT security architecture. The result of the specification was a rather comprehensive list of security mechanisms, which correspond to the needs generated by the problem areas more palpably than the security functions do. During the project a number of more specific observations have been done, which do not fit into the report structure described above. These observations, with corresponding discussions, are presented in a separate chapter.