Enterprise security architecture represents a holistic approach to incorporate building blocks of security across the enterprise.
Common security services are a number of security functions suitable as foundations for common security services in the enterprise. Examples are access control, boundary control, integrity, cryptographic, and audit monitoring services.
In a security architecture we start with creation and documentation. Capture and analyze functional and non-functional requirements.
Document the security architecture from a business and architect’s view. Think of your physical and component security. Use an architecture to begin building your security program.
Have a Trusted Computing Base (TCB) which is a combination of protection mechanisms within a computer system such as hardware, firmware, and software to provide a secured area.
Build a security perimeter. This will be the frontier between entities inside and outside the TCB. External communication must be ruled and controlled.
Begin to reference and monitor the security kernel. Reference monitor using logical services, object access, and audit logs. Monitor security kernel hardware and software to understand system capabilities.
Use the least privilege concept. Provide only minimal privileges in order to do the job to personnel.
A security model is a way of describing the main objective or workings of an object, system, or concept.
State machine model is a system’s state at a given point in time. The state is always changing with each interaction made to a system. Example, if all possible transitions bring the system from a secure, to a secure state, then the system will always be in a secure state.
Information flow model manages information flow between entities independently of the clearance level or classification. This model prevents information flows that violate security policy.
The Bell-LaPadula model protects the confidentiality of information based on the rank of a person. The model is meant to prevent the leakage of information from personnel of a lower ranks. You can’t read up a level, you can’t write down a level, and users can only access objects at the same level. Purely works with confidentiality protection.
The Biba model allows to read information from a higher level of integrity. It also allows to write information from a lower level of integrity. But this does not authorize to write in a document belonging to a higher integrity level. User cannot write up and cannot read low. Does not provide confidentiality.
The Lipner model combines Bell-LaPadula and Biba. This assigns security levels and functional categories to subjects and objects.
The Clark Wilson model is what is mostly used today. A user cannot access resources directly and they must access resources through application. This is based on the level of security which will authorize the user to write or read only.
The Chinese Wall model prevents conflicts of interest for information access. User access changes according to previous actions. Information cannot flow between object and the user if it can cause a conflict of interest.
The Graham-Denning model deals with user access rights and the integrity of those rights such as Active Directory. Users have transferable rights and cN therefore be delegated.
Having considered these models and patterns we should explore the components of hardware and operating systems and vulnerabilities that these models aim to address and build a model that best protects your organization.
Ring 0 in a operating system architecture is the OS core (Kernel). Ring 1 is OS components. Ring 2 are drivers for inputs and outputs. Ring 3 consists of of programs.
In a physical computer architecture there are covert channels an attacker may pass through to attack your system. They can access your cache, random access memory, virtual memory, flash memory, etc. Removable media are also covert channels.
Overall, tools and techniques that we covered that’s important to note are the tools and techniques of the security architecture that make it whole:
- Operating system architecture
- Trusted Computing Base
- Security perimeter
- Reference model and security kernel
- Domains of access execution
- Security policy, least privilege
- Layering and data hiding