2001 Conferences

7th CACR Information Security Workshop

Al Miller, Maximus

The Vulnerabilities of Multi-Application Systems

In a multi-application environment like the Department of Defense, end users, local program administrators and enterprise managers all have different challenges to maintain information security and privacy. In a multi-application environment the functional owners of particular data elements may require very tight control of the data elements on users smart cards and the interface unit accessing the data. In contrast, other functional owners of data elements may not have established security policy standards. In this environment several operating systems will be encountered that will drive legacy databases and application access protocols.

The surety of the system becomes an overwhelming task with normal solutions focusing on elements of the system and not the end-to-end vulnerability of the system. The security of such a system starts with authentication in the pre-card issuance process and continues with visual images in the design of the smart cards appearance and continues onto the microprocessor imbedded in the smart card's plastic. Surety must then include the card interface device, for example a smart card reader, the cabling or mounting of this device to a CPU equipped appliance, etc. This analysis continues all the way back to the archive data bases that provide card issuance information and end user permissions, including digital certificates and key sets, both public and private.

Speaker's Bio
Al Miller is currently Vice President of Business Development, in MAXIMUS Intelligent Technologies Division. Al commanded an aircraft carrier based squadron during Desert Storm and has over 20 years of military experience in system integration and sustainment. Al has been a consultant to the Office of the Secretary of Defense on policy, development and strategic planning. His integration experience includes project manager for the 1996 Presidential Inauguration Smart Card, the Housing and Urban Development (HUD) headquarters smart card, the Department of the Navy Recruit Smart Card, the Air Force Battle Lab Deployment Personnel Accountability Readiness Tool (DPART) smart card and numerous other e-GOV projects. He also has a strong background in human factors, operational analysis, systems technology and customer relations. Al currently resides in Woodbridge, Virginia with his wife, Margaret and three children Lauren, Matthew and Jonathan.