Enterprise Security Architecture Concepts and Practice

Transcription

1 Enterprise Architecture Concepts and Practice Jim Whitmore Presentation to Open Group Oct 22, 2003 Enterprise Architecture

2 Abstract In the early 90 s IBM Global Services created a Consultancy to respond to the business opportunity for security services for IBM customers and in support of the IBM business. In 1999 there was an initiative in IBM to establish the security discipline within the IT Architect profession, along with related design methods and practitioner support materials. This presentation and discussion will offer a view of security architecture and security architecture methods. Topic Flow: Roles Methods, Models and Modeling for Elements of Enterprise Architecture 2

3 Roles in solution development projects Project Manager Consultant Architect Specialist A project manager is the person who leads and is accountable for the success of the project. A consultant is an agent of change, who advises and facilitates through: research, data collection, data analysis, preparation and presentation of recommendations, and project design. The IT Architect designs solutions to client business problems through the reasoned application of information technology. IT Specialists develop proof of concepts, design, develop, build, test and implement systems. IT Specialists are the hands on professionals. Business representation of architecture System representation of architecture Physical representation of architecture Stakeholder view Structural view User view Behavior view Environment view Implementation view specialist Operational view architect consultant Project timeline 3

4 in IBM Global Professions Architecture Architecture involves the design of inter- and intraenterprise security solutions to meet client business requirements in application and infrastructure areas. Architects performing Architecture work must be capable of defining detailed technical requirements for security, and designing, documenting and assuring al and operational architectures using appropriate security technology and process components, and validating that the solution meets the security requirements. 4

5 Methods, Models and Modeling 5

6 A design method requires a model and a systematic process with thoughtful constraints Models are developed and applied in several ways: (1) an example is a model with no claims of correctness; (2) a pattern is a model that represents a clear and detailed archetype or prototype; (3) an exemplar is a faultless standard that is the source of comparison; (4) an ideal is the best possible exemplification, either real or conceptual. What category of model is best practice? Modeling is that part of the design process that creates a new form (an instance) from the initial form (a model). It is common practice to iterate through the modeling process several times in order to consider all of the requirements, s and constraints before achieving a balanced solution. On a small scale, modeling can be a mental process for a single individual. Modeling expands dramatically when there are multiple designers and hundreds of diverse requirements that need to be reconciled. 6

7 Modeling lifecycle Custom Integrated sub-assemblies Mass Customization Plug-and-Play Each instance of architecture is one of a kind. Each overall architecture is one-of-a-kind, with recognizable elements. Basic tools and seasoned reference materials that lead to consistent and repeatable instances of architecture. Self-defining, self configuring technologies that can be integrated using intuitive tools. few artifacts or reliable models prototype models based upon artifacts archetype models vetted patterns Embedded Wireless networking Object oriented programming Wired networking Lifecycle timeline 7

8 Models for security 8

9 Depending upon your background, Information Technology may be expressed in various ways. Information Assurance (IA) Information Systems (INFOSEC) 9

10 Here is an alternate view that aligns knowledge and the responsibility to Application Development, Systems Operations and Network Operations organizations / departments. Authentication Authorization Access Control Callable Services Performance Availability Configuration Operations Application and Data System Network Firewalls Encryption Virtual Private Networks Intrusion Detection 10

11 However security is described, an effective Information strategy requires a broad understanding of the business landscape Authentication Authorization Access Control Callable Services Information Assurance (IA) Performance Availability Configuration Operations Application and Data System Network Corporate Information Officer perspective Information Systems (INFOSEC) Firewalls Encryption Virtual Private Networks Intrusion Detection 11

12 and knowledge of how to apply a wide range of security-related technologies. Authentication Authorization Access Control Callable Services Operating Systems Corporate Information Officer perspective Data Applications Application and Data Biometrics Hardware Business Driven Integrated solutions Middleware Cryptographic services Network Perimeters This is not a model! Services System Protocols Performance Availability Configuration Operations Anti-virus Firewalls Encryption Virtual Private Networks Intrusion Detection 12

13 In support of IBM security practitioners, a conceptual model for s has been developed from Common Criteria Functional Requirements. Subsystems Common Criteria Functional Requirements classes Audit (FAU) Communication (FCO) Cryptographic support (FCS) User data protection (FDP) Identification and authentication (FIA) management (FMT) Privacy (FPR) Protection of s (FPT) Resource utilization (FRU) TOE access (FTA) Trusted path/channels (FTP) Patent Pending # Credential Subsystem Access Control Subsystem Information Flow Control Subsystem Audit Subsystem Solution Integrity Subsystem 13 Method for Designing Secure Solutions, IBM Systems Journal, September 2001 (see References page)

14 The model provides a bridge between multiple views of Information Systems and Management tasks of policy definition, enforcement and review. Subsystems Authentication Authorization Access Control Callable Services Performance Availability Configuration Operations Credential Subsystem Applications Data Business Driven Integrated solutions Middleware Services Access Control Subsystem Operating Systems Corporate Information Officer perspective Application and Data Biometrics Hardware Cryptographic services Network Perimeters System Protocols Anti-virus Firewalls Encryption Virtual Private Networks Intrusion Detection Information Flow Control Subsystem Audit Subsystem Solution Integrity Subsystem 14

15 When combined with a thoughtful constraints, this system model can provide a starting point for design as well as a baseline for evaluating the completeness of a design. Output of the design process: 1. Stakeholder view 2. Structural view 3. User view 4. Behavior view 5. Environment view 6. Implementation view 7. Operational view Subsystems Credential Subsystem Access Control Subsystem Some thoughtful constraints: 1. All five subsystems exist in every design 2. All five subsystems are interdependent 3. The strength of security mechanisms and services helps determine trustworthiness of solution 4. The integration of security mechanisms and services with business processes helps determine trustworthiness of solution 5. Some security mechanisms and services may necessarily exist in non-security components Information Flow Control Subsystem Audit Subsystem Solution Integrity Subsystem 15

16 Modeling for security 16

17 Functional modeling vs. Pattern-based modeling Custom Each instance of architecture is one of a kind. Design Traceability via documentation Integrated sub-assemblies Each overall architecture is one-of-a-kind, with recognizable elements. Design by best practice? Mass Customization Basic tools and seasoned reference materials that lead to consistent and repeatable instances of architecture. Plug-and-Play Self-defining, self configuring technologies that can be integrated using Design intuitive Traceability tools. via certification Functional / Operational modeling Pattern-based modeling few artifacts or reliable models prototype models based upon artifacts archetype models vetted patterns Embedded Wireless networking Object oriented programming Wired networking Lifecycle timeline 17

18 Directory -white pages -entitlements ID / passwd JAAS AznAPI Domains Intrusion Detection Biometrics Perimeters Operation practices Service level agreements Storage backup Capacity plan Failover configuration VPN Services -Managed -Emergency Response H/W crypto 4758, TPM -PCIA / PCIC -Tokens/smartcards Monitor - Device - Component - System Testing -Ethical hack Recovery -Disaster plan IBM Functional / Operational Modeling for Credential lifecycle Credential Validation Credential Distribution Enrollment Credential (example) Authorization Authentication Identification Access Control Functional: Technology independent abstraction of security components Attachment Transfer protocol Domain Boundary Flow Control Structural view User view Behavior view Report Analysis Correlation Collection Audit Recovery s Tests Physical and logical Protections Solution Integrity Administration and Policy Mgmt Symmetric and Asymmetric Cryptography Business Driven Solution Packages Middleware Applications Public Key Infrastructure Protocols Privacy Federated Identity Web Services RACF - SAF Identity Mgmt Operational: Technology related mapping of security components Firewalls (example) Kerberos Proxy Access Mgmt Flow Control Environment view Implementation view Operational view Digital Signature Event Mgmt Anti-virus Operational Resilience 18

19 Here is a sample e-business architecture (see reference page) Reporting Event Alerting Audit Event Analyze Event Logging Component logging Enterprise Architecture Flow Control Access Control Trusted Credential E-Business Community Uncontrolled Controlled Restricted Secured External Community External Attachment SSL Gateway Browser Application Client User/group enrollment Controlled Zone Boundary SSL Gateway User/group approval Managed Community Static Attachment Web Portal Static Attachment SSO Portal Authorizations Credenti Storag Credential Creation Restricted Zone Boundary Managed Community Managed Attachment Secured Application Client Authorizations Credential Distribution Storag Authorizations Credential Storage Secured Zone Boundary Static Attachment SSO Services User/system admin Closed Community Static Attachment Secured Application Server Other userid / pswd SSO Digital Sig Solution Integrity System Integrity Software Integrity Data Integrity Availability Management Policy Audit Service Management 19

20 Patterns-based modeling a starting point for architecture IBM Patterns for e-business* Business patterns Composite patterns Integration patterns Examples Self service Collaboration Information Aggregation Extended Enterprise e-commerce Portal Account Access Trading Exchange Sell-side hub Buy-side hub Access Integration Application Integration Web Presence Business-to-Consumer Business-to-Business * 20

21 Patterns-based modeling for IBM Patterns for e-business* Business patterns Composite patterns Integration patterns IBM Business Patterns** Business System Mgmt Self service Collaboration Information Aggregation Extended Enterprise e-commerce Portal Account Access Trading Exchange Sell-side hub Buy-side hub Access Integration Application Integration Integration Web Presence Business-to- Consumer Business-to- Business Operational High Assurance - work in progress * ** 21

22 Patterns-based Modeling Business representation Example Business System using Web Presence model Stakeholder view Business behavior view Information Aggregation Users Users Aggregator Users Data Self Service User Enterprise Systems and Databases Example Business System using Web Presence model System representation with security Business System Management Knowledge processes Policy enforcement processes Structural view System behavior view Information Aggregation Users Users Aggregator Users Data Policy Self Service User Enterprise Systems and Databases Policy 22

23 Patterns-based Modeling Business pattern: Self-service; Application pattern: Stand-Alone Single Channel Application Services: Access Mgmt with Self-service Identity Mgmt Outside world Demilitarized zone Internal Network Runtime View External Application domain Public Key Infrastructure Access Mgmt Service Mgmt domain User Identity Mgmt Service User view Environment view Implementation view Operational view (example) Domain Name Server User Business application Client Internet Application pattern 1: channel authorization encrypt Protocol firewall Packet filter Reverse proxy Server Mgmt domain Authenticate Relay encrypt Domain firewall Connection filter Web Application Server Presentation Database Directory Service Identity Mgmt App Service Application domain Application Legend Business flow flow Business application Client encrypt Application pattern 1a: channel & content authorization Packet filter Authenticate Relay encrypt Connection filter Presentation Authorize Application Approve integration flow policy or rule application Client Identity Mgmt Application pattern: self-service encrypt Packet filter Authenticate Relay encrypt Connection filter Presentation Authorize ID mgmt app ID mgmt Approve 23

24 Summary Architecture has multiple views. A design method requires a model and a systematic process with thoughtful constraints The effective practice of security architecture is dependent upon many aspects of the design process. More work needs to be done in the area of architecture representation and visualization. Business representation of architecture System representation of architecture Physical representation of architecture Stakeholder view Structural view User view Behavior view Environment view Implementation view Operational view 24

25 Selected Resource Links Common Criteria International Telecommunications Union International Organization for Standardisation Internet Engineering Task Force Open Group (TOGAF) IBM Patterns for e-business IBM Systems Journal: Design Method Enterprise Architecture Redbook 25