IQware and Security

Inflexibility is not the only problem inherent in traditional software packages; traditional software packages are not secure. IQware, on the other hand, is built from the ground up to be secure. Unlike traditional software, IQware is desktop-virus-immune and does not require a "band-aid" or "magic software" in order to be secure.

The Problem

Web-based apps are not completely secure, so trusting them to handle sensitive information (e.g., medical records) is risky. Encryption can help, but it does not make the app completely secure. Poor design of the application also contributes to the lack of security. This is a growing problem, especially with the increased use of offshore development.

Software that has not been engineered and built correctly from the beginning cannot be 100% secured because the flaws are built-in. In order to "fix the problem", all existing applications would have to be discarded and redesigned from the ground up. The huge installed base prevents this activity from happening because of the tremendous cost and inconvenience. Software makers are simply not willing to expend that kind of time and money on this, so their software continues to have flaws and is vulnerable to attacks from computer viruses, cyber attacks, lapses in computer security, etc. Furthermore, no "magic anti-virus protection software" can transform an insecure system into a secure system. There's no "magic bullet" for the security problem.

insecure system plus "magic software" does not equal secure system

 

 

 

The Solution

If a house is built on a faulty foundation, no matter how competent the carpenters, the house can still fail structurally. IQware's foundation is secure and its entire architecture is secure, so using IQware keeps users free of unwanted intrusions and faults. IQware's unique software is architected from the ground up to be secure. It uses the TCB's ("Trusted Computing Base") proven security attributes to ensure compliance with object access and activity audit trail requirements. Other competing MDM/BI systems are not designed this way and so they inherit all the bad attributes of the operating system and any other "built-in" software products that they may have used.

IQware is secure and desktop-virus-immune, meaning that IQware's fundamental operation will not be compromised by any desktop virus, worm, script file or other malicious software. IQware's "Trusted Computing Base" (TCB) is rated DoD B2/C2 (depending on the version). Further, IQware's TCB was rated as "Cool & Unhackable" at DEFCON 2001 held in Las Vegas (see www.defcon.org).

OSI 7-layer Model

IQware is secure and virus-immune because it is designed that way - it is not a security blanket or band-aid to use after the fact. IQware is quite complementary to the various firewall and anti-virus products on the marketplace. As the diagram on the right illustrates, software can be modeled as a 7-layer structure. These layers are logical layers that perform different functions. Each layer performs function to the layer above it in the diagram. The top layer is the application layer - it's the layer that does the useful work. The underlying six layers are only there to support the top, or application layer.

Effective security requires proper architecture, coding and deployment of the O/S, the application, and all layers in between. A secure system must feature:

Policy

  • Security Policy - System must enforce a well-defined security policy.
  • Marketing - System must associate all object with access control labels (sensitivity & access modes).

Accountability

  • Identification - System must identify individuals and their various authorizations in a secure manner.
  • Audit Trail - System must keep & protect audit trail so actions may be traced to responsible party.

Assurance

  • Evaluation - System must have hardware/software mechanisms that can be independently evaluated to assure that policy & accountability are enforced.
  • Continuous Protection - System must continuously protect trusted mechanisms that enforce policy & accountability from tampering.

IQware does all of this.