Contributions to an IT Security Architecture for GTRS. Identified security functions and mechanisms

Authors:

  • Amund Gudmundson Hunstad
  • Henrik Karlzén
  • Jacob Löfvenberg

Publish date: 2011-03-09

Report number: FOI-R--3148--SE

Pages: 37

Written in: Swedish

Keywords:

  • GTRS
  • IT security
  • risk inventory
  • vulnerabilities
  • architecture

Abstract

This report accounts for the result of a study performed at the Swedish Defence Research Agency (FOI) regarding IT security architecture for the software defined radio system GTRS. Using FOI's previously presented risk inventory for GTRS, a number of problem areas have been identified by clustering related risk factors. The clustering was done to reduce the number of problem areas to be studied to a manageable level. In their document "Krav på säkerhetsfunktioner" the Swedish Armed Forces have described a number of general security functions for IT systems. We have analyzed these and have described which of the security functions are relevant for which problem areas. In some cases a need for other, new security functions have been identified and these have been presented. The security functions are very general, why a decomposition and specification has been done to reach a level of detail that work as a contribution to a IT security architecture. The result of the specification was a rather comprehensive list of security mechanisms, which correspond to the needs generated by the problem areas more palpably than the security functions do. During the project a number of more specific observations have been done, which do not fit into the report structure described above. These observations, with corresponding discussions, are presented in a separate chapter.