Instructors: Rick Linger 301-926-4858 Tom Longstaff412-268-7074 Nancy Mead412-268-5756 CERT...

Instructors:

Rick Linger 301-926-4858Tom Longstaff 412-268-7074Nancy Mead 412-268-5756CERT Coordination CenterSoftware Engineering InstituteCarnegie Mellon Universityrlinger, tal, [email protected]

Schedule:

Wednesday 5:30-8:20 PMHBH 1003

95-750 Security Architecture and AnalysisFall 2001

ArchitectureDefinition &Analysis

SurvivableNetworkAnalysis

Security Architectures

Security Architecture Analysis: Course Roadmap

Architecture DevelopmentManagement

Session 1 (Linger)What: Methods for defining and reasoning about system architectures.Why: The architecture level is cost-effective and intellectually manageable for analysis and design of system security and survivability capabilities.

Session 2, 3a (Linger)What: Survivability analysis improves preservation of critical mission capabilities.Why: No amount of security can guarantee that systems will not be compromised; essential services and assets must be maintained.

Sessions 4, 6, 7. 9, 11 (Longstaff)What: Analysis of vulnerabilities and methods for improving system security.Why: System security can be improved by a variety of techniques at the network, operating system, and application level.

Session 13 (Linger)What: Architecture development with COTS componentsWhy: Most security vulnerabilities are the result of poor system development and acquisition practices. From a security perspective, good practices and management methods are critically important.

Plus:• Student team project in survivability analysis (Mead)• Guest lectures on special topics• Student presentations

Course Objectives

• Understand how to reason about system architectures

• Understand security strategies at the architecture level

• Understand and apply survivability concepts and strategies

• Understand impact of development life cycle practices and management processes on security and survivability

• Gain experience in summarizing and presenting material

Your presentations

• Why is this important? In the work environment you will be called upon to:

Evaluate and articulate situations Explain and defend your ideas

• A presentation strategy: What is the problem?What is the current state-of-practice?What is the solution?

• Am I explaining this well?Can I summarize the article in one sentence?What is the “elevator conversation?”You are the teacher

• Presentation target: 15 minutes/cut off at 20 minutes

Security Architecture and Analysis: Session 1a

• Concepts of System Architectures

• Enterprise/Architecture Matchup

• Architecture and the System Development Life Cycle

• Architectural Styles and Properties

• Architecture Representation

• Architecture Impact of COTS Products

• Architecture Trade-offs

• Reuse and Product Line Architectures

• An Architecture Framework

Concepts of System Architectures

Architecture Definitions:

Architecture: The organizational structure of a system ofcomponents [IEEE Glossary]

The architecture of a system defines that system in terms ofcomputational components and interactions among thosecomponents. Components are such things as clients and servers,databases, filters, and layers in a hierarchical system. Interactionsamong components at this level of design can be simple andfamiliar, such as procedure call and shared variable access. Butthey can also be complex and semantically rich, such as client-server protocols, database accessing protocols, asynchronousevent multicast, and piped streams. [Shaw and Garlan]

The software architecture of a program or computing system is thestructure or structures of the system, which comprise softwarecomponents, the externally visible properties of those components,and the relationships among them. [Bass, Clements, Kazman]

Architectural design: The process of defining a collection ofhardware and software components and their interfaces toestablish the framework for the development of a computersystem. [IEEE Glossary]


Other viewpoints [Bass]

Architecture is high-level design (more to it than that)

Architecture is the overall structure of the system (what structure)

Architecture is the structure of the components of a program orsystem, their interrelationships, and principles and guidelinesgoverning their design and evolution over time (process-centric,includes guidelines and principles)

Architecture is components and connectors (what kinds ofconnectors, runtime?)

Architecture is components, connectors, and constraints (lacksnotion of externally visible properties)


• Architectures are comprised of components and connectors:

• Components (Computation)Hardware:

Workstations, servers, mainframes, printers, sensors, actuators, …Software:

Operating systems, data base systems, middleware, browsers, applications, utilities, firewalls, ...

• Connectors (Communication)Hardware:

Communication links: routers, switches, public telephone network, leased lines, virtual private networks, …

Software:Communication protocols: TCP/IP, SNMP, HTTP, FTP …, Linkageconventions: procedure calls, remote procedure calls, thread initiation, ...

• Modern enterprise system architectures integrate computation and communication:

EnterpriseSystem

Architectures

Computation Communication

• Metcalf’s Law • Speed and Cost

• WAN• LAN• SAN

• Moore’s Law • MIPS• Processing Costs• Storage Size and Costs

• Main Memory• Secondary Storage



Architecture properties:

• Functional propertiesMust satisfy domain-specific functional requirementsand specifications

• Non-functional properties (the “ilities”)Must satisfy performance, availability, reliability, safety, security, survivability, maintainability, usability, manageability, … properties

Architecture trade-offs:

• Properties can conflict

• Trade-offs seek optimal combinations of properties based on cost/benefit analysis

The Cost of Downtime:

Business Industry Hourly Costs Brokerage Operations Finance $6,450,000 Credit Card / Sales Authorizations Finance $2,600,000 Pay-per-View Media $150,000 Home Shopping Retail $113,000 Catalog Sales Retail $90,000 Airline Reservations Transportation $90,000 Tele-ticket Sales Media $69.000 Package Shipping Transportation $28,000 ATM Fees Finance $14,500

Source: Fibre Channel Association


The Stages of Enterprise Information System Architectures:

• Batch – 60s and 70s– SW enabler: programming languages, job control– Business motivation: automate clerical tasks

• On-line transaction processing – 80s– SW enabler: networking, databases, transaction monitors– Business motivation: automate the front office

• Integrated systems – 90s– SW enabler: internet standards, middleware, components– Business motivation: opening the business to the web

• Web services – 00s– A possible fourth in the near future– SW enabler: standards for data and services, composability– Business motivation: efficiency, reduce IT costs?


Example: The Flameout Candle Company Existing System:

WebServer

OrderProcessing

Marketing andCustomer data

Warehouse

Delivery

Billing

Accounts

Suppliers

File Transfer

File Transfer

File TransferEDI

RPC

Static Documents

Enterprise/Architecture Matchup

Initial thought - Amazon.com wannabe

WebServer

OrderProcessing


Warehouse

Delivery

Billing

Accounts

Suppliers

File Transfer

File Transfer

File TransferEDI

RPC

Static Documents

WebCommerce

Server


Source: C. Britton, IT Architectures and Midddleware, Addison-Wesley, 2000.

But … What about ?

WebServer

OrderProcessing


Warehouse

Delivery

Billing

Accounts

Suppliers

File Transfer

File Transfer

File TransferEDI

RPC

Static Documents

WebCommerce

Server Delivery information ?

On-linePayment ?

CollectingCustomerInformation ?


User issue: What happened to my order ?

WebServer

OrderProcessing


Warehouse

Delivery

Billing

Accounts

Suppliers

File Transfer

File Transfer

File TransferEDI

RPC

Static Documents

WebCommerce

Server

Limbo Limbo


User issue: System lets me order products that don’t exist !

WebServer

OrderProcessing


Warehouse

Delivery

Billing

Accounts

Suppliers

File Transfer

File TransferEDI

RPC

Static Documents

WebCommerce

Server


User issue: They keep sending my stuff to the wrong address !

WebServer

OrderProcessing


Warehouse

Delivery

Billing

Accounts

Suppliers

File Transfer

File TransferEDI

RPC

Static Documents

WebCommerce

Server


…and looking even further ahead

WebServer

OrderProcessing


Warehouse

Delivery

Billing

Accounts

Suppliers

File Transfer

File Transfer

File TransferEDI

RPC

Static Documents

WebCommerce

Server One-to-oneMarketing

VoiceInterface

WAPPortals

B2B


A better architecture for the Flameout enterprise business model:


DatabaseLayer

Business LogicLayer

UI Presentation Layer

Customers:

Web

Voice

WAP

Portals

B2B

…

Ordering

Delivery

Marketing

Billing

Accounting

Warehousing

…

Customers

Orders

Accounts

Inventory

Suppliers

…

Architecture and the System Development Life Cycle

Define concept of operations for the enterprise/ business mission and the system requirements

Specification

Architecture

Design

Implementa-tion

Operations

Requirements

Define required system external behavior

(Effective life cycle processes areincremental and iterative)

Define component designs or acquire components

Develop code

Testing

Execute the business mission

Exercise code against specifications

Define components and their connections

(Architecture is the right level for analysis and design of security and survivability)

External behaviorSoftware and dataHardware and network

Architectural Styles (Shaw and Garlan: “Common Styles”)

• Dataflow systemsBatch sequentialPipes and filters

• Call-and-return systemsMain program and subroutineOO systemsHierarchical layers

• Independent componentsCommunicating processesEvent systems

• Virtual machinesInterpretersRule-based systems

• Data-centered systemsDatabasesHypertext systemsBlackboards

Architectural Styles: Why are They Important?

• An architectural style conveys:

A mental image of a system

A structural template for components and connections

A set of behaviors

A set of constraints

• An architectural style can be instantiated in a variety of contexts

Architectural Styles

To understand any architecture, it is critical to know:

For every component:• Who are its users? (people and/or other components)• What do its users expect?• What are its inputs?• Where do they come from?• What are its outputs? • Where do they go to?• What is its transition function?

What software does it run? What does it do to its inputs to produce its outputs?

For every communication link:• What traffic does it carry?• What is the volume of traffic?• What is the distribution of traffic?

Example: A Data Management SystemStyle: Pipeline, pipes and filters, batch sequential, data flow

Validate Sort Update Report

Source data Report


Users

Example: A compilerStyle: Pipeline, pipes and filters, batch sequential, data flow

LexicalAnalysis

Parsing Semantic Analysis

Code Generation

Severe ErrorHandling

Source code Object

code


Users

Example: An Aircraft Avionics System Style: Bus, message passing

FlightManagement Computer

Bus

Engine ManagementComputer

DisplayManagementComputer

SensorInput

...

DataLink I/O

Pilot

Navigation/GPS Input

...

ActuatorOutput

... ... ...

NavigationComputer


Users

Example: Software Tools System Style: Data-centric, blackboard

Tool 1

Blackboard(project dictionaryand artifacts)


Tool 8

Tool 7 Tool 6 Tool 5

Tool 4

Tool 3Tool 2

Users

Users

Users

Users

Users

Users

Users

Users

Example: Automobile Cruise ControlStyle: Control, feedback

Controller


Driver

Active/inactive toggle

Desired speed

Wheel speed

Wheels

Sensor

Engine

Users

Example: Aircraft Flight SimulatorStyle: Control, feedback


EnvironmentDynamic Model

AircraftDynamic Model

Cockpit Display System

VisualCueingSystem

MotionCueing System

AudioCueingSystem

Crew Cockpit Controls

Instructor Station

Users

Instructor

Example: WWW Client-Server PairStyle: Layered

PresentationManager


ExternalViewer

CacheManager

UIManager

ProtocolManager

AccessManager

StreamManager

FileServer

HTTPServer

CommonGatewayInterface

AccessControl

PathResolver

StreamManager

WWW client

WWW server

HTTP

Users

Users

Users

Example: A heterogeneous network (the Internet)Style: All possible subarchitectures, network topology unknown and unknowable, dynamic changes

...

...

......

...

...

...

......

...

...

...

...

...

...


...


Example: A Bank ATM SystemStyle: Hierarchical, client server, layered

ATM ATM ATM ATM... ATM ATM ATM ATM... ATM ATM ATM ATM...

Server Server...

Mainframe

Server

Users

Users

Users

...

Presentation/User Interface Layer

Infrastructure/ CommunicationsLayer

Domain/Enterprise Logic/ Data Layer


ATM ATM ATM ATM... ATM ATM ATM ATM...

Server Server

Mainframe Mainframe

ATM ATM ATM ATM...

Server Server Server ... Server

Example: A Bank ATM System Style: Hierarchical, client server, layered, with redundant components

Users

Users

...

PresentationBusiness Rules

Data Access

DBMS

Fat ClientTwo Tiers

Desktop:

Server(s):

PresentationBusiness Rules

Data AccessDBMS

Plump ClientTwo Tiers

Presentation

Thin ClientMulti-tier

Ultra-Thin ClientMulti-tier

Browser

Business RulesData Access

DBMS

Business RulesData Access

DBMS


Gartner’s Two-Tier and Multi-Tier Enterprise Architectures:

1) The communications link2) The protocol

3) Software and applications 4) The API5) A common format for data

6) Security 7) Administration8) Configuration management


Putting two nodes together: Lots to consider:

Users Users

Architecture Representation

• Informal diagramsBoxes and arrowsGood for quick, high-level communicationImplied semanticsAbstract out details (that are important to understanding)Ineffective as design basis

• Architecture languagesWell-defined semantics and syntaxGenerally difficult to useEffective as design basisEssential where stakes are highExamples: Wright (CMU), Z (University of Oxford)

• AdviceYou will see thousands of box and arrow diagrams in your professional careers. Treat them as useful, but also as “artists conceptions” that lack important information.

Architecture Impact of COTS (Commercial Off The Shelf) Products

• Long historyStarted with environment support

Operating systems, data bases, language processors, …Moving up the food chain

Specialized applications, middleware, network services, ...

• Most architectures today are “assembled” from COTS productsDomain-specific vendorsBend business processes to match software capabilities“Glue code” ties incompatible products together

COTS characteristics:• Ties your system capability and evolution to vendors• Cost savings possible, but risks must be managed• Functionality and security are what vendor says they are

Actual capabilities may differ• Source code usually not available• Knowledge of quality and reliability difficult to acquire• Acceptance testing and configuration management are critical

Reuse and Product Line Architectures

• ReuseObjective

Make new use of existing components in new environmentsMotivation

Avoid cost of new developmentLeverage previous investments

ProblemsCost of generalizing components for potential reuse Architectural mismatch in reuse

• Product Line ArchitecturesObjective

Generalize architectures and components for future variations

MotivationReduce costs of subsequent product development

ProblemsHow should generalization be done?Will future product variations come to fruition?

A Bank ATM System: 10 Minute Exercise

For a server node, define:• its users• inputs and their source• outputs and their destination

(Make up your answers based on personal knowledge. 90% of system development is making sure nothing is left out!)

ATM ATM ATM ATM... ATM ATM ATM ATM... ATM ATM ATM ATM...

Server Server...

Mainframe

Server

Users

Users

...

Presentation/User Interface Layer

Infrastructure/ CommunicationsLayer

Domain/Enterprise Logic/ Data Layer

A Bank ATM System: 10 Minute Exercise

Users:

Outputs Source Inputs Dest.

An Architecture Framework

System Environment: enterprise architecture, business models, system usage and evolution

SYSTEM ARCHITECTURE



System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …

SYSTEM ARCHITECTURE



External Behavior View (System Specification):

User tasks and workflows

Function and information

Stimulus/response behavior


SYSTEM ARCHITECTURE







Data and Software View (Logical Infrastructure):

Middleware and applications

Databases and storage systems

Operating systems


SYSTEM ARCHITECTURE










Operating systems

Hardware and Network View (Physical Infrastructure):

Computing hardware: servers, mainframes, PCs,mass storage, …

Networks, wired & wireless: media, devices, topology, protocols


SYSTEM ARCHITECTURE


Architecture Fundamentals:

Architecture role and life cycle

Architecture representation and reasoning

Architecture processes and work products

Architecture analysis and design

Architecture modeling and validation

Architecture patterns and properties

COTS evaluation and integration

Ability to Develop









Operating systems





SYSTEM ARCHITECTURE


Architecture Best Practices:

Enterprise modeling and requirements specification

Application analysis and design

Data analysis and design

System integration

Network analysis and design

Incremental system development

Processes for Developing









Ability to Develop









Operating systems





SYSTEM ARCHITECTURE






System integration



Client Environment:

Client relations, people, and culture

Enterprise architectures, business models, workflows, & legacy systems

Functional, non-functional, & usage requirements and constraints


Goals for Developing









Ability to Develop









Operating systems





SYSTEM ARCHITECTURE






System integration



Client Environment:














Ability to Develop

Marketplace Environment:

Partners and alliances

COTS and component products

Service and consultation offerings

User groups and standards

Parts for Developing









Operating systems





SYSTEM ARCHITECTURE






System integration



Domain Architectures:

EAI architectures

E-commerce architectures

Directory architectures

System management architectures

Middleware architectures

Industry standard architectures

Client Environment:





Framework for Developing










Ability to Develop















Operating systems





SYSTEM ARCHITECTURE






System integration



Enabling Technologies:

Computing & comm. components

Microsoft technologies

JAVA technologies

Web technologies

XML technologies

Security technologies

Architecture patterns

Development methods and tools

Domain Architectures:

EAI architectures

E-commerce architectures

Directory architectures

System management architectures

Middleware architectures

Industry standard architectures

Client Environment:





Tools for Developing

Framework for Developing










Ability to Develop















Operating systems





SYSTEM ARCHITECTURE

Instructors: Rick Linger 301-926-4858 Tom Longstaff412-268-7074 Nancy Mead412-268-5756 CERT...

Documents

Transcript of Instructors: Rick Linger 301-926-4858 Tom Longstaff412-268-7074 Nancy Mead412-268-5756 CERT...