Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 1 Integration of Information Assurance (IA) into DoDAF Architectures Annual Computer Security Applications Conference (ACSAC 04) 8 December 2004 Edward Rodriguez Booz Allen Hamilton
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 2 Agenda Enterprise Architecture Overview Problem Statement & Solution Approach Candidate Techniques to Integrate IA into DoDAF architectures Final Thoughts
Architecture Defined "An architecture is the fundamental organization of a system embodied in its components, their relationships to each other, and to the environment, and the principles guiding its design and evolution. IEEE STD 1471-2000 Architecture = Structure Structure of of Components Components Relationships Relationships + + Principles Principles & Guidelines Guidelines Slide courtesy of The MITRE Corporation Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 3
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 4 Purpose of the Enterprise Architecture Inform, guide, and constrain decisions for the enterprise Specifically: Capture facts in an understandable way to promote better planning and decision making (IT investments) Promote better communication (architectural views) Improve consistency, accuracy, timeliness, integrity, quality of information Achieve economies of scale, re-use, standardization, collaboration, shared services Expedite integration of legacy, transition, target systems Ensure legal and regulatory compliance
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 5 These Frameworks Are Focused on the Commercial, DoD/IC, and Federal Domains Zachman Framework Planner s View Owner s View Designer s View Builder s View Sub- Contractors View Data Function Network People Time Motivation List of Locations List of Things List of Processes the List of Organizations Important to Business Important to Business Business Performs Important to Business Entity=Class of Function=Class of Node=Major Business Business Thing Business Process Agent=Major Org Unit Location e.g., Function Flow e.g., Entity e.g., Logistics Network e.g., Organization Diagram Relationship e.g., Entity Chart Diagram Relationship Diagram Node=Business Location Ent=Business Entity Link=Business Agent=Org Unit Function=Business Rel=Business Ent=Business Rule Entity Linkage Work=Work Product Process Rel=Business Rule e.g., Data Model e.g., Human Interface e.g., Data Flow Diagram e.g., Distributed Architecture System Architecture Analyst Engineer Secretary Entity=Data Entity Funct=Appl Function Node=Info Sys Funct Relationship= Data Agent=Role Arg=User Views Link=Line Char Relationship Work=Deliverable e.g., Human/ e.g., Data Design e.g., Structure Chart e.g., System Technology Interface Architecture Analyst Engineer Secretary Entity=Segment/Row Funct=Computer Funct Node=Hardware/ Relationship=Pointer/ Arg=Screen/Device System Software Agent=User Key Formats Link=Line Specification Work=Job e.g., Data Definition e.g., Program e.g., Network e.g., Security Description Architecture Architecture Ent=Fields Funct=Language Stmts Node=Addresses Agent=Identity Rel=Addresses Arg=Control Blocks Link=Protocols Work=Transaction List of Events Significant to Business Time=Major Business Event e.g., Master Schedule Time= Business Event Cycle=Business Cycle e.g., Processing Structure Time=System Event Cycle=Processing Cycle e.g., Control Structure Time=Execute Cycle=Component Cycle e.g., Timing Definition Time=Interrupt Cycle=Machine Cycle List of Business Goals/Strategies End/Means=Major Business Goal/CSF e.g., Business Plan End=Business Objectives Means=Business Strategy Applicable View Applicable View Applicable View All Views All Views All Views All Views All Views All Views Technical Technical Technical Technical Technical Technical DoD Architecture Framework (DoDAF) e.g., Knowledge Architecture End=Criterion Means=Option e.g., Knowledge Design End=Condition Means=Action e.g., Knowledge Definition End=Subcondition Means=Step Framework Product Framework Product Framework Product AV-1 AV-1 AV-1 AV-2 AV-2 AV-2 OV-1 OV-1 OV-1 OV-2 OV-2 OV-2 OV-3 OV-3 OV-3 OV-4 OV-4 OV-4 OV-5 OV-5 OV-5 OV-6a, b, c OV-6a, b, c OV-6a, b, c OV-7 OV-7 OV-7 SV-1 SV-1 SV-1 SV-2 SV-2 SV-2 SV-3 SV-3 SV-3 SV-4 SV-4 SV-4 SV-5 SV-5 SV-5 SV-6 SV-6 SV-6 SV-7 SV-7 SV-7 SV-8 SV-8 SV-8 SV-9 SV-9 SV-9 SV-10a, b, c SV-10a, b, c SV-10a, b, c SV-11 SV-11 SV-11 TV-1 TV-1 TV-1 TV-2 TV-2 TV-2 Framework Product Name Framework Product Name Framework Product Name Overview and Summary Information Overview and Summary Information Overview and Summary Information Integrated Dictionary Integrated Dictionary Integrated Dictionary High-Level Concept Graphic High-Level Concept Graphic High-Level Concept Graphic Node Connectivity Description Node Connectivity Description Node Connectivity Description Information Exchange Matrix Information Exchange Matrix Information Exchange Matrix Organizational Relationships Chart Organizational Relationships Chart Organizational Relationships Chart Activity Model Activity Model Activity Model Activity Sequence and Timing Descriptions Activity Sequence and Timing Descriptions Activity Sequence and Timing Descriptions Logical Data Model Logical Data Model Logical Data Model Interface Description Interface Description Interface Description Communications Description Communications Description Communications Description - Matrix - Matrix - Matrix Functionality Description Functionality Description Functionality Description Activity to Function Traceability Matrix Activity to Function Traceability Matrix Activity to Function Traceability Matrix Data Exchange Matrix Data Exchange Matrix Data Exchange Matrix Performance Parameters Matrix Performance Parameters Matrix Performance Parameters Matrix Evolution Description Evolution Description Evolution Description Technology Forecast Technology Forecast Technology Forecast Functionality Sequence and Timing Descriptions Functionality Sequence and Timing Descriptions Functionality Sequence and Timing Descriptions Physical Schema Physical Schema Physical Schema Technical Standards Profile Technical Standards Profile Technical Standards Profile Technical Standards Forecast Technical Standards Forecast Technical Standards Forecast Federal Enterprise Architecture Framework (FEAF)
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 6 DoDAF Overview Technical
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 7 DoDAF Architecture Views DOD Large & Small Businesses Standards APIs ANSI X12 ICs EDIFACT HL7 XML HTML Proprietary (rare) Warfighters Congress Services & Agencies Infrastructure Services JTA IT Standards View View EAI/ETL Data Repositories GCSS-AF Functional Functional (operational) (operational) requirements requirements Processes Processes and and relationships relationships Information Information needs needs (content, (content, form, form, protection) protection) User User functions functions Performance Performance bounds bounds Applications Perimeter Security Mechanisms Smart Firewall Card VPN COTS Products DII COE View View System System functional functional descriptions descriptions System System interfaces interfaces and and connections connections Operations-to Operations-to to system system traceability traceability Technical Technical View View Technical Technical Architecture Architecture Profile Profile Standards Standards and and Technology Technology Forecast Forecast
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 8 Problem Statement DoD System Development Efforts Require Development Of DoDAF Architecture Early in the Life Cycle + Secure systems are developed most effectively by considering & integrating security early in the development life cycle How do you integrate security architecture guidance into C4ISR/DoDAF architectural products?
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 9 Approach to Solving Problem How do you integrate security architecture guidance into C4ISR/DoDAF architectural products? What best practices exist that address the integration of Information Assurance (IA) into C4ISR/DoDAF architectures? If best practices do not exist, develop candidate strategies for integrating IA into C4ISR/DoDAF architectures.
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 10 Approach to Solving Problem Search for examples of efforts to integrate IA into C4ISR/DoDAF compliant architectures in public domain Search for guidance from DoDAF and C4ISR architecture government documentation Intra-company & community search for feedback on this topic Draw from personal exposure to assignments related to C4ISR/DoDAF products
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 11 Initial Findings Very limited information found via Web searches In some instances IA is important but that was all Search through DoDAF also yielded limited information/guidance OV-2/3: Security/IA attributes included for needlines TV-1: Inclusion of Security/IA standards OV6b/c: Capture security activities & events
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 12 Initial Findings (cont.) One approach was to develop stand-alone narrative documents that describe the application of security services to the architecture and the identification of security oriented components Not integrated into DoDAF framework Another employed approach was to identify some security services (SV-4), some limited OV-5 activities, and some security components (SV-1/2) One framework, TEAF (Treasury Enterprise Architecture Framework), includes some security constructs
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 13 So the question remains Applicable Applicable View Applicable View View All All Views All Views Views All All Views All Views Views Technical Technical Technical Technical Technical Technical Framework Framework Product Framework Product Product AV-1 AV-1 AV-1 AV-2 AV-2 AV-2 OV-1 OV-1 OV-1 OV-2 OV-2 OV-2 OV-3 OV-3 OV-3 OV-4 OV-4 OV-4 OV-5 OV-5 OV-5 OV-6a, OV-6a, b, c OV-6a, b, b, cc OV-7 OV-7 OV-7 SV-1 SV-1 SV-1 SV-2 SV-2 SV-2 SV-3 SV-3 SV-3 SV-4 SV-4 SV-4 SV-5 SV-5 SV-5 SV-6 SV-6 SV-6 SV-7 SV-7 SV-7 SV-8 SV-8 SV-8 SV-9 SV-9 SV-9 SV-10a, SV-10a, b, b, c SV-10a, b, cc SV-11 SV-11 SV-11 TV-1 TV-1 TV-1 TV-2 TV-2 TV-2 Framework Framework Product Name Framework Product Product Name Name Overview Overview and Summary Information Overview and and Summary Summary Information Information Integrated Integrated Dictionary Integrated Dictionary Dictionary High-Level High-Level Concept Graphic High-Level Concept Concept Graphic Graphic Node Connectivity Description Node Node Connectivity Connectivity Description Description Information Exchange Matrix Information Information Exchange Exchange Matrix Matrix Organizational Organizational Relationships Chart Organizational Relationships Relationships Chart Chart Activity Model Activity Activity Model Model Activity Sequence and Timing Descriptions Activity Activity Sequence Sequence and and Timing Timing Descriptions Descriptions Logical Logical Data Model Logical Data Data Model Model Interface Description Interface Interface Description Description Communications Description Communications Communications Description Description - - Matrix - Matrix Matrix Functionality Functionality Description Functionality Description Description Activity Activity to to Function Function Traceability Traceability Matrix Activity to Function Traceability Matrix Matrix Data Data Exchange Exchange Matrix Data Exchange Matrix Matrix Performance Performance Parameters Parameters Matrix Performance Parameters Matrix Matrix Evolution Evolution Description Evolution Description Description Technology Technology Forecast Technology Forecast Forecast Functionality Functionality Sequence Sequence and and Timing Timing Descriptions Functionality Sequence and Timing Descriptions Descriptions Physical Physical Schema Physical Schema Schema Technical Technical Standards Standards Profile Technical Standards Profile Profile Technical Technical Standards Standards Forecast Technical Standards Forecast Forecast + =?
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 14 Proposed Practices for IA Integration into C4ISR/DoDAF Architectures Definition of IA influenced SV-4 hierarchy System Functions Inclusion of IA activities at the Context level for the OV-5 Extension of DoDAF to include a SV-12 Use of IA narrative documentation Activities Security Overlay System View Standalone Documentation
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 15 IA Influenced SV-4 Hierarchy The DoD Information Assurance Technical Framework (IATF) construct for Defense in Depth (DiD) used to organize the required functions Defend the Network & Infrastructure Defend the Enclave Boundary Defend the Computing Environment Supporting Infrastructures Foundational Information Assurance (IA) Security Management Mission Information Assurance (IA)
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 16 IA Influenced OV-5 Construct Inclusion of IA activities at the Context level Major Activity 1 Influenced by the three major groups of users End user (focused on core mission) Security manager System manager / Privileged users Major Activity 2 Candidate grouping of activities Prevent Unauthorized Disclosure Prevent Unauthorized Modifications Manage User Access Maintain Secure Operations Perform IA
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 17 Extension of DoDAF to include a SV-12 DoDAF allows the definition of additional views SV-12, Security Overlay, is a supplemental view focused on IA specific characteristics of the system Uses only data elements currently defined by existing System Views Allow a security oriented view consistent with the rest of the DoDAF architecture Initially performed via Powerpoint Engineering Not an integrated architecture approach Therefore, arguably, not in compliance with DoD direction/guidance regarding the development of integrated architectures
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 18 Notional SV-12 User Login E-Business Public Node E-Business Backend Node Portal Web Server Application Server Business Infrastructure XYZ Corporate Server SV-1 View provides a perspective associated with the physical dimension of the system
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 19 Notional SV-12 User Login Authentication E-Business Public Node E-Business Backend Node Portal Authorization Business Infrastructure Web Server XYZ Application Server Corporate Server Data Store Access SV-4 functions used to accomplish a particular security related activity are overlay on the system elements where the functions are executed For some security functionality, it matters where the function is performed
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 20 Notional SV-12 User Login Authentication E-Business Public Node E-Business Backend Node Portal Authorization Business Infrastructure Web Server XYZ Application Server Corporate Server Data Store Access SV-4 data flows specifically used by the selected functions to accomplish the particular security related activity are added Where functions are fairly complex, it is important to define specific data flows Note: sequencing information not included Separate SV-10c diagram required
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 21 SV-12 Usage Useful to create views for the various topics that Certification and Accreditation (C&A) staff require information and knowledge on Authentication Login for General Users Login for Privileged Users System auditing Etc. Powerful to discuss these topics with artifacts that are consistent and integrated with the overall architecture and underlying data models Also helps to explain how the security requirements are to be met Refinement of SV-12 concept likely as feedback from various stakeholders is received and lessons learned applied
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 22 Use of IA Narrative Documentation Narrative documentation may still be required for those stakeholders that are uncomfortable with C4ISR/DoDAF views May be required to support C&A documentation requirements Nonetheless, opportunity to couple Security documents (e.g., Security CONOPS) to key C4ISR artifacts
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 23 Final Thoughts Why hasn t Security Been More Integrated Into Enterprise Architecture Frameworks? Historically, security awareness has lagged behind emphasis on functionality and performance The importance / business value of security is not easily quantifiable How do you calculate ROI? Other possible hypotheses Limited input by the security community in regards to what is important to capture from an architectural perspective Limited input by the security community in regards to how to capture what is important within the existing architectural frameworks
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 24 Final Thoughts Just a few steps to hopefully move DoDAF community in a constructive direction in the area of integrating IA into C4ISR/DoDAF architectures If security knowledgeable professionals don t actively seek out opportunities to integrate the IA dimension into main stream system engineering processes then it won t naturally happen These ideas are not the product of any one individual, so thanks and acknowledgements are due: Tom Vander Vlis Barry Lewis Frank Kroll
Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 25 Thanks Ed Rodriguez Senior Associate Booz Allen Hamilton Tel (301) 543-4660 rodriguez_ed@bah.com