• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Berlin 6 Open Access Conference: Christian Zier
 

Berlin 6 Open Access Conference: Christian Zier

on

  • 1,544 views

www.berlin6.org

www.berlin6.org

Statistics

Views

Total Views
1,544
Views on SlideShare
1,513
Embed Views
31

Actions

Likes
0
Downloads
14
Comments
0

4 Embeds 31

http://www.berlin6.org 22
http://oa.mpg.de 7
http://web.archive.org 1
http://irsid.net63.net 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Berlin 6 Open Access Conference: Christian Zier Berlin 6 Open Access Conference: Christian Zier Presentation Transcript

    • Open Document Exchange Formats: Security, Protection & Experiences Christian Zier Federal Office for Information Security Berlin6 Open Access Conference 12.11.2008, Düsseldorf
    • Agenda ➢ My place of work ➢ Standards and Open Standards ➢ Open Document Exchange Formats ➢ Security and Protection ➢ ODF and OOXML ➢ Migration at the BSI
    • My place of work: BSI  Federal Office for Information Security (Bonn, Germany)  Federal public agency within the area of responsibility of the Federal Ministry for the Interior  Founded in 1991 unique as a public agency in comparison to other European establishments  Staff: around 460 employees  Budget: 52 million € Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 3
    • Focus of activities  Internet security  Secure e-government  IT baseline protection  Cryptographic innovation  Biometrics  Security from eavesdropping  Certification and approval  Protection of critical infrastructure  Awareness campaign on IT security  National / international security co-operation Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 4
    • Standards  British Standards Institute:  publicly available technical document  developed in cooperation with interested parties  based on scientific results and technical experiences  intention is to improve the public welfare  Subsystems can communicate via standardized interfaces  Basis for interoperable products  Promote competition between implementations  Multiple competing standards for the same purpose question the meaning of standards Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 6
    • Open Standards  Independent of implementations and manufacturers  Competition between implementations, not standards  Increases interoperability, avoids vendor lock-ins  Facilitates developement of independent + FOSS  Ensures future-proof access to archived data  Makes sure that authors can acess their own documents  There exist various definitions  Standard has to be a common denominator → extensible to additional features Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 7
    • Open Document Exchange Formats Open document exchange formats are  independent  developed in an open process  sufficiently documented Advantages of open document exchange formats:  enhance competition and software diversity  increase interoperability and automation  enhance adaptability  ensure archive security & guarantee future proof  extensible to additional features Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 8
    • Open Document Exchange Formats contd.  Authors retain access to and control over their documents  E-Government needs ODEF for internal / external workflows, ... and secure documents  Process to Open Document Exchange Formats: Not a question of if, it´s a question of how! Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 9
    • Security and Protection  Attacks on IT-Systems increasingly via manipulated binary office documents  Attacks are performed by well organized groups with good technical knowledge.  For protection, we need to inspect documents to detect potentially malicious software (binary code)  In case of critical vulnerability protection might imply blocking all documents of proprietary standard Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 10
    • Security and Protection contd.  ODEF are well structured and meet the requirements:  Structure allows for complete, transparent analyses  Detection of malicious code strongly improved  Possibilities to hide malicious code strongly reduced  Efficient isolation of potentially dangerous code (e.g. macros, pictures, videos ...)  Suspicious content can be filtered out without necessarily losing the information of the entire document Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 11
    • ODF (ISO 26300)  Developed by Sun Microsystems and OASIS  Many idependent implementations (OO, Koffice, AbiWord)  Meets security requirements of eGovernment: structured format, can be scrutinised  Has been examined and tested  Possibility to directly access and edit the XML-files  Macros uniquely identified with tags  No definition for a mathematical formula language reduces interoperability. Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 12
    • OOXML (ISO 29500)  Developed by Microsoft and Ecma International  ISO 29500 has not yet been officially published  There exists no implementation of this standard  Security scans probably more elaborate + costly due to  different tags in different document types for same properties (text color and alignment)  6x more voluminous spec., indicates more complexity  No tags for handling macros, also reduces interoperability  More complex standard might reduce number of independent implementations and interoperability  Only few independent implementations to be expected Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 13
    • Migration in the BSI  In the past few years, BSI has  migrated from Windows to Linux (around 50%)  migrated from Microsoft Exchange to KOLAB Groupware (http://www.kolab.org) with Kontact and Outlook clients  migrated from MS Office to StarOffice (~100%)  About 500 installations of StarOffice  Some installations of MS Office left (stand-alone and TS)  Focus on text-documents as a start  Exchange documents: ODF (and PDF) Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 14
    • Migration in the BSI Experiences  The more recent the software, the less trouble  Positive:  Packaging and rollout easier with Linux  Bugs can be found easier and fixed faster  Better encryption functionality  Negative (Debian Woody):  Detection of printers  Printing PDF-files  Conversion of most templates after analysing for parts problematic to convert  Migration was supported by training for StarOffice Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 15
    • Migration: Lessons learned  „Where can I find this feature, where has that button gone?“  „I want to return to Windows!“  „This document looked fine on the other machine!?“  People only accept a few drawbacks  The every-day-scenarios have to work at least 90%  Very important in administration: document templates  Similarity of StarOffice to MS-Office was helpful Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 16
    • Migration: Lessons learned contd.  Success strongly depends on willingness to engage into new software  Many people care more about (good) applications than document standards → need good implementations of typical workflows for open documents.  Only few severe problems → need more interoperability. Might have read this before: It's not a question of IF, it's a question of HOW! Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 17
    • Contact Federal Office for Information Security (BSI) Christian Zier Godesberger Allee 185-189 53175 Bonn Tel: +49 (0)228-9582-5946 Fax: +49 (0)228-9582-5400 christian.zier@bsi.bund.de www.bsi.bund.de www.bsi-fuer-buerger.de Christian Zier, BSI, Germany Berlin 6 Open Access Conference, 12.11.2008, Düsseldorf Folie 18