security architecture tools and practice - front page | the open group

IBM

Presentation to Open Group | Oct 22, 2003 | Enterprise Security Architecture © 2003 IBM Corporation

Enterprise Security Architecture Concepts and Practice

Jim [email protected]

2

IBM

Enterprise Security Architecture | Concepts and Practice | October 22, 2003 © 2003 IBM Corporation

AbstractIn the early 90’s IBM Global Services created a Security Consultancy to respond to the business

opportunity for security services for IBM customers and in support of the IBM business.

In 1999 there was an initiative in IBM to establish the security discipline within the IT Architect profession, along with related design methods and practitioner support materials.

This presentation and discussion will offer a view of security architecture and security architecture methods.

Topic Flow:• Roles• Methods, Models and Modeling for Security• Elements of Enterprise Security Architecture

3

IBM


Roles in solution development projects

IT Specialists develop proof of concepts, design, develop, build, test and implement systems. IT Specialists are the hands on professionals.

The IT Architect designs solutions to client business problems through the reasoned application of information technology.

A consultant is an agent of change, who advises and facilitates through: research, data collection, data analysis, preparation and presentation of recommendations, and project design.

A project manager is the person who leads and is accountable for the success of the project.

SpecialistArchitectConsultantProject Manager

Business representation of architecture

System representation of architecture

•Structural view•User view•Behavior view

•Stakeholder view

Physical representation of architecture

•Environment view •Implementation view

•Operational view

Project timeline

consultant

architect

specialist

4

IBM


Security in IBM Global Professions

Security ArchitectureSecurity Architecture involves the design of inter- and intra-enterprise security solutions to meet client business requirements in application and infrastructure areas.

Architects performing Security Architecture work must be capable of defining detailed technical requirements for security, and designing, documenting and assuring functional and operational architectures using appropriate security technology and process components, and validating that the solution meets the security requirements.

5

IBM


Methods, Models and Modeling

6

IBM


A design method requires a model and a systematic process with thoughtful constraints

Models are developed and applied in several ways:(1) an “example” is a model with no claims of correctness;

(2) a “pattern” is a model that represents a clear and detailed archetype or prototype;

(3) an “exemplar” is a faultless standard that is the source of comparison;

(4) an “ideal” is the best possible exemplification, either real or conceptual.

Modeling is that part of the design process that creates a new form (an instance) from the initial form (a model).

It is common practice to iterate through the modeling process several times in order to consider all of the requirements, functions and constraints before achieving a balanced solution.

On a small scale, modeling can be a mental process for a single individual. Modeling expands dramatically when there are multiple designers and hundreds of diverse requirements that need to be reconciled.

What category of model is “best practice?”

7

IBM


Modeling lifecycle

Self-defining, self configuring technologies that can be integrated using intuitive tools.

Basic tools and seasoned reference materials that lead to consistent and repeatable instances of architecture.

Each overall architecture is one-of-a-kind, with recognizable elements.

Each instance of architecture is one of a kind.

Plug-and-PlayMass CustomizationIntegrated sub-assemblies

Custom

archetypemodels

vetted patterns

few artifactsor reliable models

prototype modelsbased upon artifacts Embedded function

Lifecycle timelineWired networking

Object oriented programming

SecurityWireless networking

8

IBM


Models for security

9

IBM


Depending upon your background, Information Technology Security may be expressed in various ways.

Information Assurance (IA)

Information Systems Security (INFOSEC)

10

IBM


Here is an alternate view that aligns knowledge and the responsibility to Application Development, Systems Operations and Network Operations organizations / departments.

Network Security

System Security

FirewallsEncryptionVirtual Private NetworksIntrusion Detection

AuthenticationAuthorizationAccess ControlCallable Security Services

PerformanceAvailabilityConfigurationOperations

Application and Data Security

11

IBM


However security is described, an effective Information Securitystrategy requires a broad understanding of the business landscape…

Network Security




Application and Data Security System Security

Information Assurance (IA)

Information Systems Security (INFOSEC)Corporate Information Security Officer

perspective

12

IBM


… and knowledge of how to apply a wide range of security-related technologies.

Cryptographic

Network Security




Corporate Information Security Officer

perspective

Hardware

MiddlewareServicesApplications

Business Driven Integrated solutions

SecurityProtocols

services

Biometrics

Operating Systems

Perimeters

Anti-virus


Data

System Security

This is not a model !

13

IBM


In support of IBM security practitioners, a conceptual model forSecurity functions has been developed from Common Criteria Security Functional Requirements.

Common Criteria Functional Requirements classes

Security Audit (FAU)Communication (FCO)Cryptographic support (FCS)User data protection (FDP)Identification and authentication (FIA)Security management (FMT)Privacy (FPR)Protection of functions (FPT)Resource utilization (FRU)TOE access (FTA)Trusted path/channels (FTP)

Security Subsystems

Security Audit Subsystem

Solution Integrity Subsystem

Information Flow Control Subsystem

Access Control Subsystem

Credential Subsystem

Patent Pending # 20020157015 Method for Designing Secure Solutions, IBM Systems Journal, September 2001 (see References page)

14

IBM


The model provides a bridge between multiple views of Information Systems Security and Security Management tasks of policy definition, enforcement and review.

Network Security

System Security




Corporate Information Security Officer perspective

Hardware

Middleware

ServicesApplications

Business Driven Integrated solutions

SecurityProtocols

Cryptographicservices

Biometrics

Operating Systems

Perimeters

Anti-virus


Data

Security Subsystems






15

IBM


When combined with a thoughtful constraints, this Security system model can provide a starting point for design as well as a baseline for evaluating the completeness of a design.

Some thoughtful constraints:1. All five subsystems exist in every design2. All five subsystems are interdependent3. The strength of security mechanisms and services

helps determine trustworthiness of solution4. The integration of security mechanisms and services

with business processes helps determine trustworthiness of solution

5. Some security mechanisms and services may necessarily exist in “non-security” components

Output of the design process:1. Stakeholder view2. Structural view3. User view4. Behavior view5. Environment view6. Implementation view7. Operational view

Security Subsystems






16

IBM


Modeling for security

17

IBM


Functional modeling vs. Pattern-based modeling

Self-defining, self configuring technologies that can be integrated using intuitive tools.

Basic tools and seasoned reference materials that lead to consistent and repeatable instances of architecture.

Each overall architecture is one-of-a-kind, with recognizable elements.

Each instance of architecture is one of a kind.

Plug-and-PlayMass CustomizationIntegrated sub-assemblies

Custom

Functional / Operational modeling Pattern-based modeling

Design Traceability via documentation

Design Traceability via certificationDesign by “best practice” ?

archetypemodels

vetted patterns

few artifactsor reliable models

prototype modelsbased upon artifacts Embedded function

Lifecycle timelineWired networking

Object oriented programming

SecurityWireless networking

18

IBM


Functional / Operational Modeling for Security

Collection function

Correlation function

Report function

Analysis function

Domain Boundary function

Transfer protocol

Identification function

Authentication function

Authorization function

Enrollment function

CredentialDistribution function

CredentialValidation function

Credential lifecycle function

Physical and logical Protections

Credential

Access Control

Flow Control

Audit

Solution Integrity

(exa

mple

)

Attachment function

Tests Recovery functions

Functional: Technology independent abstraction of security components


Applications

Middlew

are

Business D

rivenS

olution Packages

Digital S

ignatureP

ublic Key Infrastructure

Sym

metric and A

symm

etric Cryptography

Directory-white pages-entitlements

Intrusion Detection

Federa te d Ide nt ity

Priv ac yJAAS

Web S

er vic es

Security A

dministration and P

olicy Mgm

t

Services-Managed Security-Emergency Response

Kerbe ros

RA

CF - S

AF

Monitor- Device- Component - System

Operation practicesService level agreementsStorage backup Capacity planFailover configuration

AznAPI

VPN

Proxy

Anti-virus

Security P

rotocols

Firewalls

Perimeters

Domains

Testing-Ethical hack

Recovery-Disaster plan

ID / passwd

Biometrics

H/W crypto4758, TPM-PCIA / PCIC-Tokens/smartcards

Identity Mgmt

Access Mgmt

Flow Control

Event Mgmt

Operational Resilience

(exa

mple

)

Operational: Technology related mapping of security components

•Environment view •Implementation view •Operational view

19

IBM


Here is a sample e-Business architecture (see reference page)E

nter

pris

e S

ecur

ity A

rchi

tect

ure

SolutionIntegrity

AccessControl

FlowControl

SecurityAudit

TrustedCredential

Uncontrolled Controlled Restricted Secured

Event Logging Component logging

Event Analyze

Event AlertingReporting

ControlledZone

Boundary

RestrictedZone

Boundary

SecuredZone

BoundaryClosed CommunityManaged CommunityManaged CommunityExternal Community

E-Business Community

ExternalAttachment

SSLGateway

SSLGateway

BrowserApplication

Client

WebPortal

SSOPortal

StaticAttachment

SecuredApplication

Server

ManagedAttachment

SecuredApplication

Client

StaticAttachment

StaticAttachment

SSOServices

StaticAttachment

ServiceManagement

PolicyAuditAvailability

ManagementData

IntegritySoftwareIntegrity

SystemIntegrity

User/systemadmin

CredentiStorag

AuthorizationsCredential

Distribution

Otheruserid /pswdSSO

Digital SigCredentiStorag

AuthorizationsCredential

CreationCredentiAuthorizationsCredentialStorage

User/groupenrollment

User/groupapproval

20

IBM


Patterns-based modeling…a starting point for architecture

Y

Y

+/-

Extended

Enterprise

Y

Y

Y

Information

Aggregation

Y

Y

Collaboration

Y

Y

Y

Self service

Business patterns

Y

Y

e-Com

merce

Y

Y

Y

Portal

Integration patterns

Composite patterns

IBM Patterns for e-business*

Y

Y

Y

Access

Integration

YWeb Presence

YYYBusiness-to-Consumer

YYYYYBusiness-to-Business

Account A

ccess

Trading E

xchange

Sell-side hub

Buy-side hub

Application

Integration

Examples

* http://www.ibm.com/developerworks/patterns/

21

IBM


Patterns-based modeling for Security

Y

Y

Y

Y

Y

Business

System

Mgm

t

+/-

+/-

Y

Y

+/-

Extended

Enterprise

+/-

+/-

Y

Y

Y

Information

Aggregation

+/-

+/-

Y

Y

Collaboration

+/-

+/-

Y

Y

Y

Self service

Business patterns

+/-

+/-

Y

Ye-C

omm

erce

+/-

+/-

Y

Y

YP

ortal

Integration patternsComposite patterns

IBM Patterns for e-business*

Y

Y

Y

Y

Y

Access

Integration

YY+/-+/-+/-+/-Operational Security

YYWeb Presence

YYYYBusiness-to-Consumer

YYYYYYBusiness-to-Business

+/-

Account A

ccess

+/-

Trading E

xchange

+/-

Sell-side hub

+/-

Buy-side hub

Y

Application

Integration

YHigh Assurance

Security

Integration

IBM Business Security

Patterns**

* http://www.ibm.com/developerworks/patterns/ ** http://www.ibm.com/security/patterns/intro.pdf- work in progress

22

IBM


Patterns-based Modeling…

Business representation

System representation with security

•Stakeholder view•Business behavior view

•Structural view•System behavior view

Self ServiceEnterprise

Systems and Databases

User

Business System Management

Knowledge processes

Information Aggregation

Aggregator

Example Business System using “Web Presence” model

UsersUsers UsersData

Policy enforcement

processes

Policy

Policy

Example Business System using “Web Presence” model

Self Service UserEnterprise

Systems and Databases

Information Aggregation

Users AggregatorUsers UsersData

23

IBM


Patterns-based Modeling…Business pattern: Self-service; Application pattern: Stand-Alone Single Channel Security Application Services: Access Mgmt with Self-service Identity Mgmt

Runtime View

•User view•Environment view •Implementation view •Operational view

(example)

Business flowSecurity flow

Approve

Legend

Security integration flow

Security policy or rule

External Application domain

Reverse proxyServer

Outside world Demilitarized zone Internal Network

Domain Name Server

User

Internet

Access MgmtService Security

User

Security Mgmt domain

Public Key Infrastructure

Security Mgmt domain

Identity Mgmt App Service

DirectoryService

Identity Mgmt Service

ID mgmt app

Authenticate Authorize

Identity Mgmt Application pattern: self-service

ID mgmtApprove

encryptPresentationencrypt

Client

Pack

et filt

er

RelayCo

nnec

tion

filter

Presentation Application

Application pattern 1: channel authorization

Client

Pack

et filt

er

Conn

ectio

n filt

er Authenticate

encryptencryptRelay

Business application

Presentation Application

Authorize

Application pattern 1a: channel & content authorization

Client

Pack

et filt

er

Conn

ectio

n filt

er Authenticate

encryptencryptRelay

Business application

Security application

Web Application Server

Application domainPr

otoc

ol fi

rewa

ll

Dom

ain fi

rewa

ll

Database

24

IBM


Summary…

Architecture has multiple views.

A design method requires a model and a systematic process with thoughtful constraints

The effective practice of security architecture is dependent upon many aspects of the design process.

More work needs to be done in the area of architecture representation and visualization.

Business representation of architecture

System representation of architecture


•Stakeholder view

Physical representation of architecture

•Environment view •Implementation view

•Operational view

25

IBM


Selected Resource LinksCommon Criteria http://www.commoncriteria.org/

International Telecommunications Union http://www.itu.int/home/index.html

International Organization for Standardisation http://www.iso.ch

Internet Engineering Task Force http://www.ietf.org/

Open Group (TOGAF) http://www.opengroup.org/togaf/start.htm

IBM Patterns for e-business http://www.ibm.com/developerworks/patterns/

IBM Systems Journal: Security Design Method http://researchweb.watson.ibm.com/journal/sj/403/whitmore.html

Enterprise Security Architecture Redbook http://www.redbooks.ibm.com/redbooks/pdfs/sg246014.pdf

http://www.commoncriteria.org/

http://www.itu.int/home/index.html

http://www.itu.int/home/index.html

http://www.iso.ch/

http://www.ietf.org/

http://www.opengroup.org/togaf/start.htm

http://www.ibm.com/developerworks/patterns

http://researchweb.watson.ibm.com/journal/sj/403/whitmore.html

http://www.redbooks.ibm.com/redbooks/pdfs/sg246014.pdf

http://www.redbooks.ibm.com/redbooks/pdfs/sg246014.pdf

security architecture tools and practice - front page | the open group

Documents