Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011Domain AgendaSlide 3Common Security Architecture TermsObjectives of Enterprise Security ArchitectureBenefits of an Enterprise Security ArchitectureCharacteristics of a Good Security ArchitectureEffects of Poor Architectural PlanningEnterprise Security Architecture ComponentsZachman FrameworkSABSAISO 7498-2ISO/IEC 4010:2007The Open Group Architecture FrameworkDepartment of Defense Architecture FrameworkWhich Framework is Right?System and Component SecurityCPU and Processor Privilege StatesCPU Process StatesCommon Computer Architecture LayersCommon Computer ArchitectureHardware: ComputersHardware: Communication DevicesHardware: PrintersHardware: WirelessInput/Output (I/O) DevicesFirmware: Pre-programmed ChipsSoftware: Operating SystemCPU and OS Support for ApplicationsCPU and OS Support for Applications - TodayOperating Systems Support for ApplicationsSoftware: VendorSoftware: CustomSoftware: Customer-relationship Management SystemsSystems Architecture ApproachesArchitectures: MiddlewareTypes of System Memory ResourcesRequirements for Memory ManagementThree Types of Memory AddressingMemory Protection BenefitsVirtual MemoryVirtual MachinesSlide 43Ring ProtectionLayering and Data HidingPrivilege LevelsProcess IsolationSecurity ArchitectureTrusted Computing Base (TCB)Slide 50Slide 51Reference Monitor ConceptReference Monitor and Security KernelSlide 54Bell-LaPadula Confidentiality ModelBell and LaPadulaBibaClark Wilson ModelSlide 59Slide 60Slide 61Other Fundamental ModelsSlide 63Evaluation RolesDocuments & OrganizationsTCSEC or Orange BookSecure System Evaluation: TCSECSlide 68Slide 69Slide 70ITSECSecure System Evaluation: ITSECCommon CriteriaSecure System Evaluation: Common CriteriaEAL = $Comparison of Evaluation LevelsCertification and AccreditationPopular Management FrameworksISO 27001 – Stages in Implementing an ISMSIT Infrastructure Library (ITIL)Committee of Sponsoring OrganizationsCapability Maturity ModelOpen vs. Closed SystemSome Security ThreatsDr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)June 2011Security Architecture and DesignDomain Agenda•System and Components Security•Architectural Security Concepts and Models•Information Systems Evaluation ModelsDomain Agenda•System and Components Security–Architectural Concepts and Definitions•Architectural Security Concepts and Models•Information Systems Evaluation ModelsCommon Security Architecture Terms•Information Security Management System•Information Security Architecture•Best Practice•Architecture•Blueprint•Framework•InfrastructureObjectives of EnterpriseSecurity Architecture•Guidance•Strategically aligned business and security decisions•Provide security-related guidance•Apply security best practices•Define security zonesBenefits of an EnterpriseSecurity Architecture•Consistently manage risk•Reduce the costs of managing risk•Accurate security-related decisions•Promote interoperability, integration and ease-of-access•Provide a frame of referenceCharacteristics of a GoodSecurity Architecture•Strategic•Holistic•Multiple implementationsEffects of Poor Architectural Planning•Inability to efficiently support new business services•Unidentified security vulnerabilities•Increased frequency and visibility of security breaches•Poorly understood or coordinated compliance requirements•Poor understanding of security goals and objectivesEnterprise SecurityArchitecture Components•Common Architecture Language•Architecture Model•Zachman FrameworkZachman Framework•Complete overview of IT business alignment•Two-dimensional•Intent•Scope•PrinciplesSABSA•What are the business requirements?–Contextual–Conceptual–Logical–Physical–ComponentISO 7498-2•OSI second part•About secure communications•NOT an implementationISO/IEC 4010:2007•Systems and software engineering•Practice for architectural description of software-intensive systemsThe Open GroupArchitecture Framework•Governance•Business•Application•Data •TechnologyDepartment of DefenseArchitecture Framework•OMB A-130 requirement•All view•Operational view•Systems view•Technical standards viewWhich Framework is Right?•Starting place•Culture•TemplateSystem and Component Security•Components that provide basic security services•Hardware components•Software componentsCPU and Processor Privilege States•Supervisor state•Problem stateCPU Process States•Running•Ready•Blocked•Masked/interruptibleCommon ComputerArchitecture Layers•Application programs•Utilities•Operating system•Computer hardwareCommon Computer Architecture•Program execution•Access to input/output devices•Controlled access to files and data•Error detection and response•Accounting and tracking•Access for maintenance and troubleshootingHardware: Computers•Mainframe•Minicomputer•Desktop / server•Laptop / notebook•EmbeddedHardware: Communication Devices•Modem•Network Interface Card (NIC)Hardware: Printers•Network-aware•More than output device•Full operating systemsHardware: Wireless•Network interface card•Access point•Ethernet bridge•Router•Range extenderInput/Output (I/O) Devices•I/O Controller•Managing memory•Hardware•Operating systemFirmware: Pre-programmed Chips•ROMs (Read-only memory)•PROMs (Programmable read-only memory)•EPROMs (Erasable, programmable, read-only memory)•EEPROMs (Electrically erasable, programmable, read-only memory•Field Programmable Gate Arrays (FPGAs)•Flash chipsSoftware: Operating System•Hardware control•Hardware abstraction•Resource managerCPU and OS Support for Applications•Applications were originally self-contained•OS capable of accommodating more than one application at a timeCPU and OS Support for Applications - Today•Today’s applications are portable•Execute multiple process threads•ThreadsOperating Systems Support for Applications•Multi-tasking•Multi-programming•Multi-processing•Multi-processor•Multi-coreSoftware: Vendor•Commercial off the shelf (COTS)•Function first•EvaluationSoftware: Custom•Minimal scripting•Business application•System life cycleSoftware: Customer-relationship Management Systems•Business to customer interactions•Tracking habitsSystems Architecture Approaches•Open•Closed•Dedicated•Single level•Multi-level•EmbeddedArchitectures:
View Full Document
Unlocking...