Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Architecture and Design. 2 Domain Objectives Benefits of a Security Architecture System Level Security Architecture vs. Enterprise Security Architecture.

Similar presentations


Presentation on theme: "Security Architecture and Design. 2 Domain Objectives Benefits of a Security Architecture System Level Security Architecture vs. Enterprise Security Architecture."— Presentation transcript:

1 Security Architecture and Design

2 2 Domain Objectives Benefits of a Security Architecture System Level Security Architecture vs. Enterprise Security Architecture Define a Trusted Computing Base Describe Information Security Architecture Principles and Traditional Models Confidence in Trusted Systems

3 3 Information Security TRIAD Availability Confidentiality Integrity Information Security

4 4 Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models Domain Agenda

5 5 ISMS ISA Best Practice Architecture Blueprint Framework Infrastructure Common Security Architecture Terms

6 6 TCB Ring Protection Kernel Subjects Objects Common Security Architecture Terms

7 7 Guidance Strategically aligned business and security decisions Provide security-related guidance Apply security best practices Define security zones Objectives of an Enterprise Security Architecture

8 8 Benefits of an Enterprise Security Architecture Consistently manage IT risk Reduce the overall costs of managing risk Better and quicker security-related decisions Promote interoperability, integration and ease-of-access Provide a frame of reference

9 9 Characteristics of a Good Security Architecture Strategic Holistic Allows for multiple implementations

10 10 Effects of Poor Architectural Planning Inability to efficiently support new business services Unidentified security vulnerabilities Increased frequency and visibility of security breaches Poorly understood or coordinated compliance requirements Poor understanding of security goals and objectives

11 11 A Common Architecture Language An Established Architecture Model The Zachman Framework Enterprise Security Architecture Components

12 12 Key Components of a Security Program Management Processes Architectures Solution Implementation Compliance / Monitoring

13 13 Senior Management Perspective (People) Financial and Operations Perspective (Processes) Technical Perspective (Technology) Enterprise Architecture Perspectives

14 14 Process Framework for a Security Architecture Environmental Trends Business Drivers IT Security Strategies Security Architecture Business and Security Needs Concept of Operation: Access control, Infrastructure, Management Design: Policies, Standards, Models, Organization Flexible Business Processes

15 15 Are fundamental statements Define the philosophy Require formal commitment Challenging to define IT Security Principles

16 16 Establishing security zones Information classification Enterprise Security Architecture

17 17 IT Security Principles Security Principles Security Architecture Principles Detailed Security Architecture Technical Framework Architecture Definition Process Define the Security Architecture Define the Detailed Security Architecture Technical Framework

18 18 Security Metrics Evolution Initiate Stakeholder Security Program Security Architecture Assurance Security Technical Framework Security Organizational Structure Documented Strategy, Principles, and Policy Compliance and Certification Enterprise Security Controls Security Capability Maturity of a Security Architecture

19 19 The typical representation of a security architecture tends to be technical representing computer and network facilities. Typical IT Security Architecture - A Technical View This should be the “end game”, not the starting point Mail Gateway Server

20 20 Domain Agenda Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models

21 21 Zachman Framework View Complete Overview of IT Business Alignment Two-dimensional Intent Scope Principles

22 22 Popular Management Frameworks ITIL COBIT COSO Basel II Six Sigma CMMI ISO 17799, ISO 27001

23 23 TQM and ISO 9001:2000 Total Quality Management (TQM) Process Model: Plan, Do, Check, Act ISO 9001

24 24 The PDCA Approach and ISO 17799 Benefits of Process Improvement Plan Establish the ISMS Do Implement, operate the ISMS Act Maintain, improve the ISMS Check Monitor, review the ISMS

25 25 Implementing an ISMS Six Stage Process Define an information security policy Define the scope of the ISMS Perform a security risk assessment Manage the identified risks Select controls to be implemented and applied Prepare a statement of applicability

26 26 IT Infrastructure Library (ITIL) Published in the UK (BS 15000) Focuses on IT Services

27 27 COBIT Control objectives for information and related technology (COBIT) Emphasizes regulatory compliance

28 28 COSO Committee of Sponsoring Organizations (COSO) Emphasizes the importance of identifying and managing risks Objectives

29 29 Basel II Establishes basic requirements for risk management Guarantees financial stability standards Considered standard practice

30 30 Six Sigma Data-driven approach Measurement-based Strategy Two Sub-methodologies DMAIC DMADV σ

31 31 Developed by SEI Based on TQM concepts Framework for improving process Capability Maturity Model Integration (CMMI)

32 32 CMMI Maturity Levels

33 33 Linkage (Alignment) of the Frameworks TQM is about planning ITIL is about managing the quality COBIT is about control points Six Sigma is about the skills and disciplines CMM/CMMI is about maturing these processes ISO Standards are the outermost perspective

34 34 Domain Agenda Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models

35 35 Platform Security Architecture Defines the components which provide basic security services Hardware Components Software Components

36 36 Computer Hardware Operating System Utilities Application Programs Common Computer Architecture Layers

37 37 Basic Operating System services include Program execution Access to Input/Output devices Controlled access to files and data System access for maintenance and troubleshooting Error detection and response Accounting and tracking Common Computer Architecture

38 38 Common Computer Architecture Kernel Input Storage Communication Output Memory

39 39 CPU and Processor Privilege States Supervisor State Problem State

40 40 CPU Process States Stopped vs. Operating Wait vs. Running Masked/Interruptible

41 41 Applications were originally self-contained Capable of accommodating more than one application at a time CPU and OS Support for Applications

42 42 CPU and OS support for Applications - Today Threads Today’s applications are portable Execute multiple process threads Threads

43 43 Open Systems Closed Systems Dedicated Systems Single Level Systems Multilevel Systems Systems Architecture Approaches

44 44 Centralized Architecture Distributed Architectures Thin Client Architecture Different System Architectures

45 45 Operating System Support for Applications Multi-tasking Multiprogramming Multiprocessing Multiprocessor

46 46 Types of System Memory Resources Swap Space Disk Storage Main Memory Main Memory Cache CPU registers CPU registers Fastest Highest Cost Lowest Capacity Slowest Lowest Cost Highest Capacity

47 47 Requirements for Memory Management Relocation Protection Sharing

48 48 Three Types of Memory Addressing Logical Relative Physical

49 49 Virtual Memory Extends apparent memory Paging includes Splitting physical memory Splitting programs (processes) Allocating the required number page frames Swapping

50 50 Virtual Memory Applications Data Virtual Memory Secondary Storage DeviceMain Memory Data Free App Memory Manager I/O Controller Swapping

51 51 Hard Drive Swap Space I/O Controller Managing Memory Hardware Operating System Input/Output (I/O) Devices I/O Controller Memory CPU

52 52 Memory Protection Benefits Memory Reference Different Data Classes Users can share access Users cannot generate addresses

53 53 Domain Agenda Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models

54 54 Trusted Computing Base (TCB) Trusted Computing Base Hardware Firmware Software Processes Some Inter-process Communications Simple and Testable

55 55 Trusted Computing Base (TCB) Enforces security policy Monitors four basic functions Process Activation Execution Domain Switching Memory Protection Input/Output Operations

56 56 Objects Requiring Protection Memory File or Data Set Executing Program in Memory Directory of Files Hardware Device Data Structure Operating System Tables Instructions Passwords Authentication Mechanisms Other Protection Mechanisms

57 57 An Abstract Machine Concept Must be tamperproof Always invoked Verifiable Security Kernel Reference Monitor Concept

58 58 Reference Monitor Concept Reference Monitor Subject Object Security Kernel Database (Access Control List…) Audit Log

59 59 Domain Agenda Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models

60 60 Privilege Levels Identifying, authenticating and authorizing subjects Subjects of higher trust Subjects with lower trust

61 61 Process Isolation Object’s integrity Prevents interaction Independent states Process Isolation Methods

62 62 Layering and Data Hiding Layering Data Hiding

63 63 Ring Protection 0. O/S Kernel 1. I/O 2. Utilities 3. User Apps

64 64 Security Domains Sometimes called an ‘execution’ or ‘protection’ domain Responsibility of the Kernel

65 65 Virtual Machines Mimic the architecture of the actual system Provided by the operating system

66 66 Operating System Protection User Identification and Authentication Discretionary Access Control Mandatory Access Control

67 67 Operating System Protection Complete Mediation Multiple Paths to Data Object Reuse Protection Memory Leakage Data Remanence Audit Clipping Levels

68 68 Operating System Protection Audit Log Reduction Trusted Path Intrusion Detection

69 69 Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models Domain Agenda

70 70 Evaluation Criteria Examples Trusted Computer System Evaluation Criteria (TCSEC) - The Orange Book Trusted Network Interpretation (TNI) - The Red Book Information Technology Security Evaluation Criteria (ITSEC) Common Criteria (ISO 15408) Using Product Evaluation Criteria

71 71 Security Evaluation Criteria (TCSEC, TNI, ITSEC) TCSEC (ORANGE BOOK) TNI (RED BOOK) ITSEC (EU)

72 72 Purpose of Common Criteria - ISO 15408 Methodologies Common Structure Common Base International Arrangement

73 73 Common Criteria Flow Protection Profile Security Target Functional Requirements Target of Evaluation Assurance Requirements Category of Product (i.e., “firewalls”) Specific Product (i.e., Cisco PIX 5xx) Vendor claims: Specifications and features

74 74 Implementation of Evaluated Products Evaluation EAL Levels 1 Functionally Tested 2 Structurally Tested 3 Methodically Tested 4 Methodically Designed, Tested, Reviewed 5 Semiformal testing 6 Semiformal verification 7 Formal verification and testing Certification TEST plan based on stated requirements Accreditation Based on production environment

75 75 Common Criteria Evaluation Assurance Levels EAL-1 EAL-2 EAL-3 EAL-4 EALs 5-7

76 76 Comparison of Evaluation Levels Common Criteria US TCSEC European ITSEC –D: Minimal ProtectionEO EAL 1–– EAL 2C1: Discretionary Security ProtectionE1 EAL 3C2: Controlled Access ProtectionE2 EAL 4B1: Labeled Security ProtectionE3 EAL 5B2: Structure ProtectionE4 EAL 6B3: Security DomainsE5 EAL 7A1: Verified DesignE6

77 77 Certification and Accreditation Certification Accreditation

78 78 Common Criteria Recognition Agreement (CCRA) US Australia Austria Finland France Germany Greece Italy Netherlands Spain UK Norway Canada Israel New Zealand

79 79 Terminology and Concepts Enterprise Architecture Frameworks System Level Architecture Concepts Basic System Security Concepts Protection Concepts Establishing Confidence in Trusted Systems Fundamental Security Models Domain Agenda

80 80 Bell-LaPadula Confidentiality Model Hierarchical State Machine Model Three Fundamental Modes Secure State Defines Access Rules

81 81 Bell-LaPadula Confidentiality Model (Graphic) Layer of Higher Secrecy Layer of Lower Secrecy READ ONLY X Unauthorized Access WRITE ONLY X Unauthorized Disclosure READ/WRITE X Unauthorized Disclosure X Unauthorized Access Simple Security Property Star Security Property Strong Star Property Assigned Security Access Level NO Read Up Read Down NO Write Down Write Up Constrained (Tranquility) OK

82 82 Biba Integrity Model Address integrity Based on hierarchical lattice Elements Addresses first goal of integrity Mathematical dual of confidentiality policy

83 83 Biba Integrity Model Layer of Higher Integrity Layer of Lower Integrity READ X Contamination WRITE X Contamination SEND SERVICE COMMAND X Threaten Integrity Simple Integrity Property Star Integrity Property Invocation Property Assigned Integrity Access Level NO Read Down Read Up NO Write Up Write Down Cannot invoke execution at a higher level OK 0.001 0.01 1.0

84 84 Combination of Bell-LaPadula & Biba Layer of Higher Secrecy Layer of Lower Secrecy READ ONLY X Unauthorized Access WRITE ONLY X Unauthorized Disclosure READ/WRITE X Unauthorized Disclosure X Unauthorized Access Simple Security Property Star Security Property Strong Star Property Assigned Security Access Level NO Read Up NO Write Down Constrained (Tranquility) OK Layer of Higher Integrity Layer of Lower Integrity READ XContamination WRITE X Contamination SEND SERVICE COMMAND X Threaten Integrity Simple Integrity Property Star Integrity Property Invocation Property Assigned Integrity Access Level NO Read DownNO Write Up Cannot send messages OK 0.001 0.01 1.0 Biba Bell-LaPadula Confidentiality Integrity Data can only flow UP, from low to high Confidentiality level Data can only flow DOWN, from high to low Integrity level Together, they comprise the Lipner Model

85 85 Clark and Wilson Integrity Model Addresses all three integrity goals Commercial Integrity Model Defines Well-formed transactions Separation of Duties

86 86 Access Triple Subject - Program - Object Clark and Wilson Integrity Model Sales Order Program Sales File Biba Model

87 87 Access Control Matrix ABCDEFGHJKL AlexWWWRRRRRRRR BrookRWWR ChrisRWWRR DennyRWWRWR EddieRRRWWW FranRRRRWW GabrielRRRRWWR HarryRWWRRR JanWWW KimRWW LeeRWW MerylRWW Group 1 Group 4 Group 3 Group 2 Notes: R Read W Write and read Objects Subjects

88 88 Information Flow Model Covert Channel Analysis Customer Database SalesFinanceBilling General Ledger Customer Database Sales Finance Billing General Ledger Information Flow

89 89 Wall Data Client Organization A Data Client Organization B Off Limits due to Conflict of Interest with Client A Chinese Wall Security Policy Designed to prevent conflicts of interests Brewer and Nash Model

90 90 Other Security Models Non-interference Model State Machine Model Graham-Denning Model Harrison-Ruzzo-Ullman Result

91 91 Domain Summary Benefits of a Security Architecture System Level Security Architecture vs. Enterprise Security Architecture Define a Trusted Computing Base Describe Information Security Architecture Principles and Traditional Models Confidence in Trusted Systems

92 “Security TranscendsTechnology”


Download ppt "Security Architecture and Design. 2 Domain Objectives Benefits of a Security Architecture System Level Security Architecture vs. Enterprise Security Architecture."

Similar presentations


Ads by Google