1 / 84

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011. Security Architecture and Design. Domain Agenda. System and Components Security Architectural Security Concepts and Models Information Systems Evaluation Models. Domain Agenda. System and Components Security

bamy
Download Presentation

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Dr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)June 2011 Security Architecture and Design

  2. Domain Agenda • System and Components Security • Architectural Security Concepts and Models • Information Systems Evaluation Models

  3. Domain Agenda • System and Components Security • Architectural Concepts and Definitions • Architectural Security Concepts and Models • Information Systems Evaluation Models

  4. Common Security Architecture Terms • Information Security Management System • Information Security Architecture • Best Practice • Architecture • Blueprint • Framework • Infrastructure

  5. Objectives of EnterpriseSecurity Architecture • Guidance • Strategically aligned business and security decisions • Provide security-related guidance • Apply security best practices • Define security zones

  6. Benefits of an EnterpriseSecurity Architecture • Consistently manage risk • Reduce the costs of managing risk • Accurate security-related decisions • Promote interoperability, integration and ease-of-access • Provide a frame of reference

  7. Characteristics of a GoodSecurity Architecture • Strategic • Holistic • Multiple implementations

  8. Effects of Poor Architectural Planning • Inability to efficiently support new business services • Unidentified security vulnerabilities • Increased frequency and visibility of security breaches • Poorly understood or coordinated compliance requirements • Poor understanding of security goals and objectives

  9. Enterprise SecurityArchitecture Components • Common Architecture Language • Architecture Model • Zachman Framework

  10. Zachman Framework • Complete overview of IT business alignment • Two-dimensional • Intent • Scope • Principles

  11. SABSA • What are the business requirements? • Contextual • Conceptual • Logical • Physical • Component

  12. ISO 7498-2 • OSI second part • About secure communications • NOT an implementation

  13. ISO/IEC 4010:2007 • Systems and software engineering • Practice for architectural description of software-intensive systems

  14. The Open GroupArchitecture Framework • Governance • Business • Application • Data • Technology

  15. Department of DefenseArchitecture Framework • OMB A-130 requirement • All view • Operational view • Systems view • Technical standards view

  16. Which Framework is Right? • Starting place • Culture • Template

  17. System and Component Security • Components that provide basic security services • Hardware components • Software components

  18. CPU and Processor Privilege States • Supervisor state • Problem state

  19. CPU Process States • Running • Ready • Blocked • Masked/interruptible

  20. Common ComputerArchitecture Layers • Application programs • Utilities • Operating system • Computer hardware

  21. Common Computer Architecture • Program execution • Access to input/output devices • Controlled access to files and data • Error detection and response • Accounting and tracking • Access for maintenance and troubleshooting

  22. Hardware: Computers • Mainframe • Minicomputer • Desktop / server • Laptop / notebook • Embedded

  23. Hardware: Communication Devices • Modem • Network Interface Card (NIC)

  24. Hardware: Printers • Network-aware • More than output device • Full operating systems

  25. Hardware: Wireless • Network interface card • Access point • Ethernet bridge • Router • Range extender

  26. Input/Output (I/O) Devices • I/O Controller • Managing memory • Hardware • Operating system

  27. Firmware: Pre-programmed Chips • ROMs (Read-only memory) • PROMs (Programmable read-only memory) • EPROMs (Erasable, programmable, read-only memory) • EEPROMs (Electrically erasable, programmable, read-only memory • Field Programmable Gate Arrays (FPGAs) • Flash chips

  28. Software: Operating System • Hardware control • Hardware abstraction • Resource manager

  29. CPU and OS Support for Applications • Applications were originally self-contained • OS capable of accommodating more than one application at a time

  30. CPU and OS Support for Applications - Today • Today’s applications are portable • Execute multiple process threads • Threads

  31. Operating Systems Support for Applications • Multi-tasking • Multi-programming • Multi-processing • Multi-processor • Multi-core

  32. Software: Vendor • Commercial off the shelf (COTS) • Function first • Evaluation

  33. Software: Custom • Minimal scripting • Business application • System life cycle

  34. Software: Customer-relationship Management Systems • Business to customer interactions • Tracking habits

  35. Systems Architecture Approaches • Open • Closed • Dedicated • Single level • Multi-level • Embedded

  36. Architectures: Middleware • Interoperability • Post implementation • Distributed

  37. Types of System Memory Resources • CPU registers • Cache • Main memory • Swap space • Disk storage

  38. Requirements forMemory Management • Relocation • Protection • Sharing

  39. Three Types of Memory Addressing • Logical • Relative • Physical

  40. Memory Protection Benefits • Memory reference • Different data classes • Users can share access • Users cannot generate addresses

  41. Virtual Memory • Extends apparent memory • Paging includes • Splitting physical memory • Splitting programs (processes) • Allocating the required number page frames • Swapping

  42. Virtual Machines • Mimic the architecture of the actual system • Provided by the operating system

  43. Domain Agenda • System and Components Security • Architectural Security Concepts and Models • Information Systems Evaluation Models

  44. Ring Protection 0. O/S Kernel • I/O • Utilities • User Apps

  45. Layering and Data Hiding • Layering • Data Hiding

  46. Privilege Levels • Identifying, authenticating and authorizing subjects • Subjects of higher trust • Subjects with lower trust

  47. Process Isolation • Object’s integrity • Prevents interaction • Independent states • Process isolation method

  48. Security Architecture • Security critical components of the system • Trusted Computing Base • Reference Monitor and Security Kernel • Security Perimeter • Security Policy • Least Privilege

  49. Trusted Computing Base (TCB) • Trusted Computing Base • Hardware • Firmware • Software • Processes • Inter-process communications • Simple and Testable

  50. Trusted Computing Base (TCB) • Enforces security policy • Monitors four basic functions • Process activation • Execution domain switching • Memory protection • Input/output operations

More Related