Architecture/Security Roundtable Discussion

architecture

security

Architect and Security are separate topics, architecture is overarching concept.

Team Members

• Bayuk, Jennifer• Brown, Winson• Clarke, Lori• Dauby, Jason• Ergin, Nil• Guckert, Ross• Hamilton, Drew

• Horowitz, Barry• Huang, LiGuo• Mitola, Joe• Sangwan, Ragu• West, Stephen

Facilitators: Bayuk, Jennifer; Hamilton, Drew

Problem Definition

• Model-assisted (using SYSML), lifecycle issues, evolution requirements (e.g. scale)

• Check-the-box approaches do not work. Evaluation criteria are not evident. How to produce feasibility evidence?

• Can architecture be separated from design?• What tools and processes can inform architecture,

how to define attributes like security?• Security attributes cannot be taken out of context.

Need high level principles? Can they be applied to architecture directly?

• Functional requirements usually come first. Is this the right order? Should quality come first? How to reduce ambiguity?

Purpose/Objectives of a Research Effort

– To extract goals for architecture, operational definitions for quality implications for mission.

– Possible to define attributes first prior to functionality? Security, architecture of all scales?

– Motivate better architecture by allowing justification for project costs due to architectural design considerations not currently accounted for by contracting processes.

– Identify out-of-norm detection techniques early in evolution.

– Reduce tendency for humans to grab low-hanging (potentially poisonous) fruit (and commit to poor choices made too early, instead learn from them, metrics?).

Benefits of a Research Effort• Provide potentially better presentation methods for

architecture alternatives.• Catalogue of standard system-to-system and enterprise views

and their relationships. – Allows for human-centric mission-driven views. – Produces rigorous definitions as a basis for measurability.– Provides basis for evaluating systems on the basis of

scenarios.– Allows for plug-and-play testing for components.

• Provide methodology to isolate problematic architectural issues in system components.

• Provide framework to study agility versus evolvability?• Provide migration path via industry standards.• Potential for expansion of computing and communication

facility command and control alternatives.

Approach of a Research Effort

• Cloud computing may allow experimentation with both architecture and security in an economically viable manner.

• Architecture centric engineering using architecture agility principles– Attack complexity issues head-on.– Shadow projects with alternative architectural

approaches. – Make architecture evaluation a formal part.

• Use security benefits as justification for “duplicate” efforts.

• Have separate project to use formal architecture framework reviews of a variety of other projects.

Potential Task Initiatives

• DD R&E – acquisition process• DOD - Commercial system evaluation

– Functional capability specification• DOE - resiliency sourcing area

– DOD overlap for portable power generation systems• NSA - asset protection strategies

– IAD evaluation criteria– DOD, Agency overlap with functional assurance criteria

• DHS - Critical infrastructure protection evaluation criteria• IC - Any command and control function that would benefit from

architecture alternatives• MDA – security architecture

Potential Collaborators

• Bayuk, Jennifer• Brown, Winson• Clarke, Lori• Dauby, Jason• Ergin, Nil• Guckert, Ross• Hamilton, Drew

• Horowitz, Barry• Huang, LiGuo• Mostashari, Ali• Mitola, Joe• Sangwan, Ragu• West, Stephen