Download presentation
Presentation is loading. Please wait.
Published byOlivia Martin Modified over 8 years ago
1
Security Architecture and Design
2
2 Domain Objectives Benefits of a Security Architecture System Level Security Architecture vs. Enterprise Security Architecture Define a Trusted Computing Base Describe Information Security Architecture Principles and Traditional Models Confidence in Trusted Systems
3
3 Information Security TRIAD Availability Confidentiality Integrity Information Security
4
4 Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models Domain Agenda
5
5 ISMS ISA Best Practice Architecture Blueprint Framework Infrastructure Common Security Architecture Terms
6
6 TCB Ring Protection Kernel Subjects Objects Common Security Architecture Terms
7
7 Guidance Strategically aligned business and security decisions Provide security-related guidance Apply security best practices Define security zones Objectives of an Enterprise Security Architecture
8
8 Benefits of an Enterprise Security Architecture Consistently manage IT risk Reduce the overall costs of managing risk Better and quicker security-related decisions Promote interoperability, integration and ease-of-access Provide a frame of reference
9
9 Characteristics of a Good Security Architecture Strategic Holistic Allows for multiple implementations
10
10 Effects of Poor Architectural Planning Inability to efficiently support new business services Unidentified security vulnerabilities Increased frequency and visibility of security breaches Poorly understood or coordinated compliance requirements Poor understanding of security goals and objectives
11
11 A Common Architecture Language An Established Architecture Model The Zachman Framework Enterprise Security Architecture Components
12
12 Key Components of a Security Program Management Processes Architectures Solution Implementation Compliance / Monitoring
13
13 Senior Management Perspective (People) Financial and Operations Perspective (Processes) Technical Perspective (Technology) Enterprise Architecture Perspectives
14
14 Process Framework for a Security Architecture Environmental Trends Business Drivers IT Security Strategies Security Architecture Business and Security Needs Concept of Operation: Access control, Infrastructure, Management Design: Policies, Standards, Models, Organization Flexible Business Processes
15
15 Are fundamental statements Define the philosophy Require formal commitment Challenging to define IT Security Principles
16
16 Establishing security zones Information classification Enterprise Security Architecture
17
17 IT Security Principles Security Principles Security Architecture Principles Detailed Security Architecture Technical Framework Architecture Definition Process Define the Security Architecture Define the Detailed Security Architecture Technical Framework
18
18 Security Metrics Evolution Initiate Stakeholder Security Program Security Architecture Assurance Security Technical Framework Security Organizational Structure Documented Strategy, Principles, and Policy Compliance and Certification Enterprise Security Controls Security Capability Maturity of a Security Architecture
19
19 The typical representation of a security architecture tends to be technical representing computer and network facilities. Typical IT Security Architecture - A Technical View This should be the “end game”, not the starting point Mail Gateway Server
20
20 Domain Agenda Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models
21
21 Zachman Framework View Complete Overview of IT Business Alignment Two-dimensional Intent Scope Principles
22
22 Popular Management Frameworks ITIL COBIT COSO Basel II Six Sigma CMMI ISO 17799, ISO 27001
23
23 TQM and ISO 9001:2000 Total Quality Management (TQM) Process Model: Plan, Do, Check, Act ISO 9001
24
24 The PDCA Approach and ISO 17799 Benefits of Process Improvement Plan Establish the ISMS Do Implement, operate the ISMS Act Maintain, improve the ISMS Check Monitor, review the ISMS
25
25 Implementing an ISMS Six Stage Process Define an information security policy Define the scope of the ISMS Perform a security risk assessment Manage the identified risks Select controls to be implemented and applied Prepare a statement of applicability
26
26 IT Infrastructure Library (ITIL) Published in the UK (BS 15000) Focuses on IT Services
27
27 COBIT Control objectives for information and related technology (COBIT) Emphasizes regulatory compliance
28
28 COSO Committee of Sponsoring Organizations (COSO) Emphasizes the importance of identifying and managing risks Objectives
29
29 Basel II Establishes basic requirements for risk management Guarantees financial stability standards Considered standard practice
30
30 Six Sigma Data-driven approach Measurement-based Strategy Two Sub-methodologies DMAIC DMADV σ
31
31 Developed by SEI Based on TQM concepts Framework for improving process Capability Maturity Model Integration (CMMI)
32
32 CMMI Maturity Levels
33
33 Linkage (Alignment) of the Frameworks TQM is about planning ITIL is about managing the quality COBIT is about control points Six Sigma is about the skills and disciplines CMM/CMMI is about maturing these processes ISO Standards are the outermost perspective
34
34 Domain Agenda Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models
35
35 Platform Security Architecture Defines the components which provide basic security services Hardware Components Software Components
36
36 Computer Hardware Operating System Utilities Application Programs Common Computer Architecture Layers
37
37 Basic Operating System services include Program execution Access to Input/Output devices Controlled access to files and data System access for maintenance and troubleshooting Error detection and response Accounting and tracking Common Computer Architecture
38
38 Common Computer Architecture Kernel Input Storage Communication Output Memory
39
39 CPU and Processor Privilege States Supervisor State Problem State
40
40 CPU Process States Stopped vs. Operating Wait vs. Running Masked/Interruptible
41
41 Applications were originally self-contained Capable of accommodating more than one application at a time CPU and OS Support for Applications
42
42 CPU and OS support for Applications - Today Threads Today’s applications are portable Execute multiple process threads Threads
43
43 Open Systems Closed Systems Dedicated Systems Single Level Systems Multilevel Systems Systems Architecture Approaches
44
44 Centralized Architecture Distributed Architectures Thin Client Architecture Different System Architectures
45
45 Operating System Support for Applications Multi-tasking Multiprogramming Multiprocessing Multiprocessor
46
46 Types of System Memory Resources Swap Space Disk Storage Main Memory Main Memory Cache CPU registers CPU registers Fastest Highest Cost Lowest Capacity Slowest Lowest Cost Highest Capacity
47
47 Requirements for Memory Management Relocation Protection Sharing
48
48 Three Types of Memory Addressing Logical Relative Physical
49
49 Virtual Memory Extends apparent memory Paging includes Splitting physical memory Splitting programs (processes) Allocating the required number page frames Swapping
50
50 Virtual Memory Applications Data Virtual Memory Secondary Storage DeviceMain Memory Data Free App Memory Manager I/O Controller Swapping
51
51 Hard Drive Swap Space I/O Controller Managing Memory Hardware Operating System Input/Output (I/O) Devices I/O Controller Memory CPU
52
52 Memory Protection Benefits Memory Reference Different Data Classes Users can share access Users cannot generate addresses
53
53 Domain Agenda Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models
54
54 Trusted Computing Base (TCB) Trusted Computing Base Hardware Firmware Software Processes Some Inter-process Communications Simple and Testable
55
55 Trusted Computing Base (TCB) Enforces security policy Monitors four basic functions Process Activation Execution Domain Switching Memory Protection Input/Output Operations
56
56 Objects Requiring Protection Memory File or Data Set Executing Program in Memory Directory of Files Hardware Device Data Structure Operating System Tables Instructions Passwords Authentication Mechanisms Other Protection Mechanisms
57
57 An Abstract Machine Concept Must be tamperproof Always invoked Verifiable Security Kernel Reference Monitor Concept
58
58 Reference Monitor Concept Reference Monitor Subject Object Security Kernel Database (Access Control List…) Audit Log
59
59 Domain Agenda Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models
60
60 Privilege Levels Identifying, authenticating and authorizing subjects Subjects of higher trust Subjects with lower trust
61
61 Process Isolation Object’s integrity Prevents interaction Independent states Process Isolation Methods
62
62 Layering and Data Hiding Layering Data Hiding
63
63 Ring Protection 0. O/S Kernel 1. I/O 2. Utilities 3. User Apps
64
64 Security Domains Sometimes called an ‘execution’ or ‘protection’ domain Responsibility of the Kernel
65
65 Virtual Machines Mimic the architecture of the actual system Provided by the operating system
66
66 Operating System Protection User Identification and Authentication Discretionary Access Control Mandatory Access Control
67
67 Operating System Protection Complete Mediation Multiple Paths to Data Object Reuse Protection Memory Leakage Data Remanence Audit Clipping Levels
68
68 Operating System Protection Audit Log Reduction Trusted Path Intrusion Detection
69
69 Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models Domain Agenda
70
70 Evaluation Criteria Examples Trusted Computer System Evaluation Criteria (TCSEC) - The Orange Book Trusted Network Interpretation (TNI) - The Red Book Information Technology Security Evaluation Criteria (ITSEC) Common Criteria (ISO 15408) Using Product Evaluation Criteria
71
71 Security Evaluation Criteria (TCSEC, TNI, ITSEC) TCSEC (ORANGE BOOK) TNI (RED BOOK) ITSEC (EU)
72
72 Purpose of Common Criteria - ISO 15408 Methodologies Common Structure Common Base International Arrangement
73
73 Common Criteria Flow Protection Profile Security Target Functional Requirements Target of Evaluation Assurance Requirements Category of Product (i.e., “firewalls”) Specific Product (i.e., Cisco PIX 5xx) Vendor claims: Specifications and features
74
74 Implementation of Evaluated Products Evaluation EAL Levels 1 Functionally Tested 2 Structurally Tested 3 Methodically Tested 4 Methodically Designed, Tested, Reviewed 5 Semiformal testing 6 Semiformal verification 7 Formal verification and testing Certification TEST plan based on stated requirements Accreditation Based on production environment
75
75 Common Criteria Evaluation Assurance Levels EAL-1 EAL-2 EAL-3 EAL-4 EALs 5-7
76
76 Comparison of Evaluation Levels Common Criteria US TCSEC European ITSEC –D: Minimal ProtectionEO EAL 1–– EAL 2C1: Discretionary Security ProtectionE1 EAL 3C2: Controlled Access ProtectionE2 EAL 4B1: Labeled Security ProtectionE3 EAL 5B2: Structure ProtectionE4 EAL 6B3: Security DomainsE5 EAL 7A1: Verified DesignE6
77
77 Certification and Accreditation Certification Accreditation
78
78 Common Criteria Recognition Agreement (CCRA) US Australia Austria Finland France Germany Greece Italy Netherlands Spain UK Norway Canada Israel New Zealand
79
79 Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models Domain Agenda
80
80 Bell-LaPadula Confidentiality Model Hierarchical State Machine Model Three Fundamental Modes Secure State Defines Access Rules
81
81 Bell-LaPadula Confidentiality Model (Graphic) Layer of Higher Secrecy Layer of Lower Secrecy READ ONLY X Unauthorized Access WRITE ONLY X Unauthorized Disclosure READ/WRITE X Unauthorized Disclosure X Unauthorized Access Simple Security Property Star Security Property Strong Star Property Assigned Security Access Level NO Read Up Read Down NO Write Down Write Up Constrained (Tranquility) OK
82
82 Biba Integrity Model Address integrity Based on hierarchical lattice Elements Addresses first goal of integrity Mathematical dual of confidentiality policy
83
83 Biba Integrity Model Layer of Higher Integrity Layer of Lower Integrity READ X Contamination WRITE X Contamination SEND SERVICE COMMAND X Threaten Integrity Simple Integrity Property Star Integrity Property Invocation Property Assigned Integrity Access Level NO Read Down Read Up NO Write Up Write Down Cannot invoke execution at a higher level OK 0.001 0.01 1.0
84
84 Combination of Bell-LaPadula & Biba Layer of Higher Secrecy Layer of Lower Secrecy READ ONLY X Unauthorized Access WRITE ONLY X Unauthorized Disclosure READ/WRITE X Unauthorized Disclosure X Unauthorized Access Simple Security Property Star Security Property Strong Star Property Assigned Security Access Level NO Read Up NO Write Down Constrained (Tranquility) OK Layer of Higher Integrity Layer of Lower Integrity READ XContamination WRITE X Contamination SEND SERVICE COMMAND X Threaten Integrity Simple Integrity Property Star Integrity Property Invocation Property Assigned Integrity Access Level NO Read DownNO Write Up Cannot send messages OK 0.001 0.01 1.0 Biba Bell-LaPadula Confidentiality Integrity Data can only flow UP, from low to high Confidentiality level Data can only flow DOWN, from high to low Integrity level Together, they comprise the Lipner Model
85
85 Clark and Wilson Integrity Model Addresses all three integrity goals Commercial Integrity Model Defines Well-formed transactions Separation of Duties
86
86 Access Triple Subject - Program - Object Clark and Wilson Integrity Model Sales Order Program Sales File Biba Model
87
87 Access Control Matrix ABCDEFGHJKL AlexWWWRRRRRRRR BrookRWWR ChrisRWWRR DennyRWWRWR EddieRRRWWW FranRRRRWW GabrielRRRRWWR HarryRWWRRR JanWWW KimRWW LeeRWW MerylRWW Group 1 Group 4 Group 3 Group 2 Notes: R Read W Write and read Objects Subjects
88
88 Information Flow Model Covert Channel Analysis Customer Database SalesFinanceBilling General Ledger Customer Database Sales Finance Billing General Ledger Information Flow
89
89 Wall Data Client Organization A Data Client Organization B Off Limits due to Conflict of Interest with Client A Chinese Wall Security Policy Designed to prevent conflicts of interests Brewer and Nash Model
90
90 Other Security Models Non-interference Model State Machine Model Graham-Denning Model Harrison-Ruzzo-Ullman Result
91
91 Domain Summary Benefits of a Security Architecture System Level Security Architecture vs. Enterprise Security Architecture Define a Trusted Computing Base Describe Information Security Architecture Principles and Traditional Models Confidence in Trusted Systems
92
“Security TranscendsTechnology”
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.