Instructors: Rick Linger 301-926-4858 Tom Longstaff412-268-7074 Nancy Mead412-268-5756 CERT...
-
date post
20-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of Instructors: Rick Linger 301-926-4858 Tom Longstaff412-268-7074 Nancy Mead412-268-5756 CERT...
Instructors:
Rick Linger 301-926-4858Tom Longstaff 412-268-7074Nancy Mead 412-268-5756CERT Coordination CenterSoftware Engineering InstituteCarnegie Mellon Universityrlinger, tal, [email protected]
Schedule:
Wednesday 5:30-8:20 PMHBH 1003
95-750 Security Architecture and AnalysisFall 2001
ArchitectureDefinition &Analysis
SurvivableNetworkAnalysis
Security Architectures
Security Architecture Analysis: Course Roadmap
Architecture DevelopmentManagement
Session 1 (Linger)What: Methods for defining and reasoning about system architectures.Why: The architecture level is cost-effective and intellectually manageable for analysis and design of system security and survivability capabilities.
Session 2, 3a (Linger)What: Survivability analysis improves preservation of critical mission capabilities.Why: No amount of security can guarantee that systems will not be compromised; essential services and assets must be maintained.
Sessions 4, 6, 7. 9, 11 (Longstaff)What: Analysis of vulnerabilities and methods for improving system security.Why: System security can be improved by a variety of techniques at the network, operating system, and application level.
Session 13 (Linger)What: Architecture development with COTS componentsWhy: Most security vulnerabilities are the result of poor system development and acquisition practices. From a security perspective, good practices and management methods are critically important.
Plus:• Student team project in survivability analysis (Mead)• Guest lectures on special topics• Student presentations
Course Objectives
• Understand how to reason about system architectures
• Understand security strategies at the architecture level
• Understand and apply survivability concepts and strategies
• Understand impact of development life cycle practices and management processes on security and survivability
• Gain experience in summarizing and presenting material
Your presentations
• Why is this important? In the work environment you will be called upon to:
Evaluate and articulate situations Explain and defend your ideas
• A presentation strategy: What is the problem?What is the current state-of-practice?What is the solution?
• Am I explaining this well?Can I summarize the article in one sentence?What is the “elevator conversation?”You are the teacher
• Presentation target: 15 minutes/cut off at 20 minutes
Security Architecture and Analysis: Session 1a
• Concepts of System Architectures
• Enterprise/Architecture Matchup
• Architecture and the System Development Life Cycle
• Architectural Styles and Properties
• Architecture Representation
• Architecture Impact of COTS Products
• Architecture Trade-offs
• Reuse and Product Line Architectures
• An Architecture Framework
Concepts of System Architectures
Architecture Definitions:
Architecture: The organizational structure of a system ofcomponents [IEEE Glossary]
The architecture of a system defines that system in terms ofcomputational components and interactions among thosecomponents. Components are such things as clients and servers,databases, filters, and layers in a hierarchical system. Interactionsamong components at this level of design can be simple andfamiliar, such as procedure call and shared variable access. Butthey can also be complex and semantically rich, such as client-server protocols, database accessing protocols, asynchronousevent multicast, and piped streams. [Shaw and Garlan]
The software architecture of a program or computing system is thestructure or structures of the system, which comprise softwarecomponents, the externally visible properties of those components,and the relationships among them. [Bass, Clements, Kazman]
Architectural design: The process of defining a collection ofhardware and software components and their interfaces toestablish the framework for the development of a computersystem. [IEEE Glossary]
Concepts of System Architectures
Other viewpoints [Bass]
Architecture is high-level design (more to it than that)
Architecture is the overall structure of the system (what structure)
Architecture is the structure of the components of a program orsystem, their interrelationships, and principles and guidelinesgoverning their design and evolution over time (process-centric,includes guidelines and principles)
Architecture is components and connectors (what kinds ofconnectors, runtime?)
Architecture is components, connectors, and constraints (lacksnotion of externally visible properties)
Concepts of System Architectures
• Architectures are comprised of components and connectors:
• Components (Computation)Hardware:
Workstations, servers, mainframes, printers, sensors, actuators, …Software:
Operating systems, data base systems, middleware, browsers, applications, utilities, firewalls, ...
• Connectors (Communication)Hardware:
Communication links: routers, switches, public telephone network, leased lines, virtual private networks, …
Software:Communication protocols: TCP/IP, SNMP, HTTP, FTP …, Linkageconventions: procedure calls, remote procedure calls, thread initiation, ...
• Modern enterprise system architectures integrate computation and communication:
EnterpriseSystem
Architectures
Computation Communication
• Metcalf’s Law • Speed and Cost
• WAN• LAN• SAN
• Moore’s Law • MIPS• Processing Costs• Storage Size and Costs
• Main Memory• Secondary Storage
Concepts of System Architectures
Concepts of System Architectures
Architecture properties:
• Functional propertiesMust satisfy domain-specific functional requirementsand specifications
• Non-functional properties (the “ilities”)Must satisfy performance, availability, reliability, safety, security, survivability, maintainability, usability, manageability, … properties
Architecture trade-offs:
• Properties can conflict
• Trade-offs seek optimal combinations of properties based on cost/benefit analysis
The Cost of Downtime:
Business Industry Hourly Costs Brokerage Operations Finance $6,450,000 Credit Card / Sales Authorizations Finance $2,600,000 Pay-per-View Media $150,000 Home Shopping Retail $113,000 Catalog Sales Retail $90,000 Airline Reservations Transportation $90,000 Tele-ticket Sales Media $69.000 Package Shipping Transportation $28,000 ATM Fees Finance $14,500
Source: Fibre Channel Association
Concepts of System Architectures
The Stages of Enterprise Information System Architectures:
• Batch – 60s and 70s– SW enabler: programming languages, job control– Business motivation: automate clerical tasks
• On-line transaction processing – 80s– SW enabler: networking, databases, transaction monitors– Business motivation: automate the front office
• Integrated systems – 90s– SW enabler: internet standards, middleware, components– Business motivation: opening the business to the web
• Web services – 00s– A possible fourth in the near future– SW enabler: standards for data and services, composability– Business motivation: efficiency, reduce IT costs?
Concepts of System Architectures
Example: The Flameout Candle Company Existing System:
WebServer
OrderProcessing
Marketing andCustomer data
Warehouse
Delivery
Billing
Accounts
Suppliers
File Transfer
File Transfer
File TransferEDI
RPC
Static Documents
Enterprise/Architecture Matchup
Initial thought - Amazon.com wannabe
WebServer
OrderProcessing
Marketing andCustomer data
Warehouse
Delivery
Billing
Accounts
Suppliers
File Transfer
File Transfer
File TransferEDI
RPC
Static Documents
WebCommerce
Server
Enterprise/Architecture Matchup
Source: C. Britton, IT Architectures and Midddleware, Addison-Wesley, 2000.
But … What about ?
WebServer
OrderProcessing
Marketing andCustomer data
Warehouse
Delivery
Billing
Accounts
Suppliers
File Transfer
File Transfer
File TransferEDI
RPC
Static Documents
WebCommerce
Server Delivery information ?
On-linePayment ?
CollectingCustomerInformation ?
Enterprise/Architecture Matchup
User issue: What happened to my order ?
WebServer
OrderProcessing
Marketing andCustomer data
Warehouse
Delivery
Billing
Accounts
Suppliers
File Transfer
File Transfer
File TransferEDI
RPC
Static Documents
WebCommerce
Server
Limbo Limbo
Enterprise/Architecture Matchup
User issue: System lets me order products that don’t exist !
WebServer
OrderProcessing
Marketing andCustomer data
Warehouse
Delivery
Billing
Accounts
Suppliers
File Transfer
File TransferEDI
RPC
Static Documents
WebCommerce
Server
Enterprise/Architecture Matchup
User issue: They keep sending my stuff to the wrong address !
WebServer
OrderProcessing
Marketing andCustomer data
Warehouse
Delivery
Billing
Accounts
Suppliers
File Transfer
File TransferEDI
RPC
Static Documents
WebCommerce
Server
Enterprise/Architecture Matchup
…and looking even further ahead
WebServer
OrderProcessing
Marketing andCustomer data
Warehouse
Delivery
Billing
Accounts
Suppliers
File Transfer
File Transfer
File TransferEDI
RPC
Static Documents
WebCommerce
Server One-to-oneMarketing
VoiceInterface
WAPPortals
B2B
Enterprise/Architecture Matchup
A better architecture for the Flameout enterprise business model:
Enterprise/Architecture Matchup
DatabaseLayer
Business LogicLayer
UI Presentation Layer
Customers:
Web
Voice
WAP
Portals
B2B
…
Ordering
Delivery
Marketing
Billing
Accounting
Warehousing
…
Customers
Orders
Accounts
Inventory
Suppliers
…
Architecture and the System Development Life Cycle
Define concept of operations for the enterprise/ business mission and the system requirements
Specification
Architecture
Design
Implementa-tion
Operations
Requirements
Define required system external behavior
(Effective life cycle processes areincremental and iterative)
Define component designs or acquire components
Develop code
Testing
Execute the business mission
Exercise code against specifications
Define components and their connections
(Architecture is the right level for analysis and design of security and survivability)
External behaviorSoftware and dataHardware and network
Architectural Styles (Shaw and Garlan: “Common Styles”)
• Dataflow systemsBatch sequentialPipes and filters
• Call-and-return systemsMain program and subroutineOO systemsHierarchical layers
• Independent componentsCommunicating processesEvent systems
• Virtual machinesInterpretersRule-based systems
• Data-centered systemsDatabasesHypertext systemsBlackboards
Architectural Styles: Why are They Important?
• An architectural style conveys:
A mental image of a system
A structural template for components and connections
A set of behaviors
A set of constraints
• An architectural style can be instantiated in a variety of contexts
Architectural Styles
To understand any architecture, it is critical to know:
For every component:• Who are its users? (people and/or other components)• What do its users expect?• What are its inputs?• Where do they come from?• What are its outputs? • Where do they go to?• What is its transition function?
What software does it run? What does it do to its inputs to produce its outputs?
For every communication link:• What traffic does it carry?• What is the volume of traffic?• What is the distribution of traffic?
Example: A Data Management SystemStyle: Pipeline, pipes and filters, batch sequential, data flow
Validate Sort Update Report
Source data Report
Architectural Styles
Users
Example: A compilerStyle: Pipeline, pipes and filters, batch sequential, data flow
LexicalAnalysis
Parsing Semantic Analysis
Code Generation
Severe ErrorHandling
Source code Object
code
Architectural Styles
Users
Example: An Aircraft Avionics System Style: Bus, message passing
FlightManagement Computer
Bus
Engine ManagementComputer
DisplayManagementComputer
SensorInput
...
DataLink I/O
Pilot
Navigation/GPS Input
...
ActuatorOutput
... ... ...
NavigationComputer
Architectural Styles
Users
Example: Software Tools System Style: Data-centric, blackboard
Tool 1
Blackboard(project dictionaryand artifacts)
Architectural Styles
Tool 8
Tool 7 Tool 6 Tool 5
Tool 4
Tool 3Tool 2
Users
Users
Users
Users
Users
Users
Users
Users
Example: Automobile Cruise ControlStyle: Control, feedback
Controller
Architectural Styles
Driver
Active/inactive toggle
Desired speed
Wheel speed
Wheels
Sensor
Engine
Users
Example: Aircraft Flight SimulatorStyle: Control, feedback
Architectural Styles
EnvironmentDynamic Model
AircraftDynamic Model
Cockpit Display System
VisualCueingSystem
MotionCueing System
AudioCueingSystem
Crew Cockpit Controls
Instructor Station
Users
Instructor
Example: WWW Client-Server PairStyle: Layered
PresentationManager
Architectural Styles
ExternalViewer
CacheManager
UIManager
ProtocolManager
AccessManager
StreamManager
FileServer
HTTPServer
CommonGatewayInterface
AccessControl
PathResolver
StreamManager
WWW client
WWW server
HTTP
Users
Users
Users
Example: A heterogeneous network (the Internet)Style: All possible subarchitectures, network topology unknown and unknowable, dynamic changes
...
...
......
...
...
...
......
...
...
...
...
...
...
Architectural Styles
...
Architectural Styles
Example: A Bank ATM SystemStyle: Hierarchical, client server, layered
ATM ATM ATM ATM... ATM ATM ATM ATM... ATM ATM ATM ATM...
Server Server...
Mainframe
Server
Users
Users
Users
...
Presentation/User Interface Layer
Infrastructure/ CommunicationsLayer
Domain/Enterprise Logic/ Data Layer
Architectural Styles
ATM ATM ATM ATM... ATM ATM ATM ATM...
Server Server
Mainframe Mainframe
ATM ATM ATM ATM...
Server Server Server ... Server
Example: A Bank ATM System Style: Hierarchical, client server, layered, with redundant components
Users
Users
...
PresentationBusiness Rules
Data Access
DBMS
Fat ClientTwo Tiers
Desktop:
Server(s):
PresentationBusiness Rules
Data AccessDBMS
Plump ClientTwo Tiers
Presentation
Thin ClientMulti-tier
Ultra-Thin ClientMulti-tier
Browser
Business RulesData Access
DBMS
Business RulesData Access
DBMS
Architectural Styles
Gartner’s Two-Tier and Multi-Tier Enterprise Architectures:
1) The communications link2) The protocol
3) Software and applications 4) The API5) A common format for data
6) Security 7) Administration8) Configuration management
Architectural Styles
Putting two nodes together: Lots to consider:
Users Users
Architecture Representation
• Informal diagramsBoxes and arrowsGood for quick, high-level communicationImplied semanticsAbstract out details (that are important to understanding)Ineffective as design basis
• Architecture languagesWell-defined semantics and syntaxGenerally difficult to useEffective as design basisEssential where stakes are highExamples: Wright (CMU), Z (University of Oxford)
• AdviceYou will see thousands of box and arrow diagrams in your professional careers. Treat them as useful, but also as “artists conceptions” that lack important information.
Architecture Impact of COTS (Commercial Off The Shelf) Products
• Long historyStarted with environment support
Operating systems, data bases, language processors, …Moving up the food chain
Specialized applications, middleware, network services, ...
• Most architectures today are “assembled” from COTS productsDomain-specific vendorsBend business processes to match software capabilities“Glue code” ties incompatible products together
COTS characteristics:• Ties your system capability and evolution to vendors• Cost savings possible, but risks must be managed• Functionality and security are what vendor says they are
Actual capabilities may differ• Source code usually not available• Knowledge of quality and reliability difficult to acquire• Acceptance testing and configuration management are critical
Reuse and Product Line Architectures
• ReuseObjective
Make new use of existing components in new environmentsMotivation
Avoid cost of new developmentLeverage previous investments
ProblemsCost of generalizing components for potential reuse Architectural mismatch in reuse
• Product Line ArchitecturesObjective
Generalize architectures and components for future variations
MotivationReduce costs of subsequent product development
ProblemsHow should generalization be done?Will future product variations come to fruition?
A Bank ATM System: 10 Minute Exercise
For a server node, define:• its users• inputs and their source• outputs and their destination
(Make up your answers based on personal knowledge. 90% of system development is making sure nothing is left out!)
ATM ATM ATM ATM... ATM ATM ATM ATM... ATM ATM ATM ATM...
Server Server...
Mainframe
Server
Users
Users
...
Presentation/User Interface Layer
Infrastructure/ CommunicationsLayer
Domain/Enterprise Logic/ Data Layer
A Bank ATM System: 10 Minute Exercise
Users:
Outputs Source Inputs Dest.
An Architecture Framework
System Environment: enterprise architecture, business models, system usage and evolution
SYSTEM ARCHITECTURE
An Architecture Framework
System Environment: enterprise architecture, business models, system usage and evolution
System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …
SYSTEM ARCHITECTURE
An Architecture Framework
System Environment: enterprise architecture, business models, system usage and evolution
External Behavior View (System Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …
SYSTEM ARCHITECTURE
An Architecture Framework
System Environment: enterprise architecture, business models, system usage and evolution
External Behavior View (System Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …
SYSTEM ARCHITECTURE
An Architecture Framework
System Environment: enterprise architecture, business models, system usage and evolution
External Behavior View (System Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
Hardware and Network View (Physical Infrastructure):
Computing hardware: servers, mainframes, PCs,mass storage, …
Networks, wired & wireless: media, devices, topology, protocols
System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …
SYSTEM ARCHITECTURE
An Architecture Framework
Architecture Fundamentals:
Architecture role and life cycle
Architecture representation and reasoning
Architecture processes and work products
Architecture analysis and design
Architecture modeling and validation
Architecture patterns and properties
COTS evaluation and integration
Ability to Develop
System Environment: enterprise architecture, business models, system usage and evolution
External Behavior View (System Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
Hardware and Network View (Physical Infrastructure):
Computing hardware: servers, mainframes, PCs,mass storage, …
Networks, wired & wireless: media, devices, topology, protocols
System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …
SYSTEM ARCHITECTURE
An Architecture Framework
Architecture Best Practices:
Enterprise modeling and requirements specification
Application analysis and design
Data analysis and design
System integration
Network analysis and design
Incremental system development
Processes for Developing
Architecture Fundamentals:
Architecture role and life cycle
Architecture representation and reasoning
Architecture processes and work products
Architecture analysis and design
Architecture modeling and validation
Architecture patterns and properties
COTS evaluation and integration
Ability to Develop
System Environment: enterprise architecture, business models, system usage and evolution
External Behavior View (System Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
Hardware and Network View (Physical Infrastructure):
Computing hardware: servers, mainframes, PCs,mass storage, …
Networks, wired & wireless: media, devices, topology, protocols
System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …
SYSTEM ARCHITECTURE
An Architecture Framework
Architecture Best Practices:
Enterprise modeling and requirements specification
Application analysis and design
Data analysis and design
System integration
Network analysis and design
Incremental system development
Client Environment:
Client relations, people, and culture
Enterprise architectures, business models, workflows, & legacy systems
Functional, non-functional, & usage requirements and constraints
Processes for Developing
Goals for Developing
Architecture Fundamentals:
Architecture role and life cycle
Architecture representation and reasoning
Architecture processes and work products
Architecture analysis and design
Architecture modeling and validation
Architecture patterns and properties
COTS evaluation and integration
Ability to Develop
System Environment: enterprise architecture, business models, system usage and evolution
External Behavior View (System Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
Hardware and Network View (Physical Infrastructure):
Computing hardware: servers, mainframes, PCs,mass storage, …
Networks, wired & wireless: media, devices, topology, protocols
System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …
SYSTEM ARCHITECTURE
An Architecture Framework
Architecture Best Practices:
Enterprise modeling and requirements specification
Application analysis and design
Data analysis and design
System integration
Network analysis and design
Incremental system development
Client Environment:
Client relations, people, and culture
Enterprise architectures, business models, workflows, & legacy systems
Functional, non-functional, & usage requirements and constraints
Processes for Developing
Goals for Developing
Architecture Fundamentals:
Architecture role and life cycle
Architecture representation and reasoning
Architecture processes and work products
Architecture analysis and design
Architecture modeling and validation
Architecture patterns and properties
COTS evaluation and integration
Ability to Develop
Marketplace Environment:
Partners and alliances
COTS and component products
Service and consultation offerings
User groups and standards
Parts for Developing
System Environment: enterprise architecture, business models, system usage and evolution
External Behavior View (System Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
Hardware and Network View (Physical Infrastructure):
Computing hardware: servers, mainframes, PCs,mass storage, …
Networks, wired & wireless: media, devices, topology, protocols
System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …
SYSTEM ARCHITECTURE
An Architecture Framework
Architecture Best Practices:
Enterprise modeling and requirements specification
Application analysis and design
Data analysis and design
System integration
Network analysis and design
Incremental system development
Domain Architectures:
EAI architectures
E-commerce architectures
Directory architectures
System management architectures
Middleware architectures
Industry standard architectures
Client Environment:
Client relations, people, and culture
Enterprise architectures, business models, workflows, & legacy systems
Functional, non-functional, & usage requirements and constraints
Processes for Developing
Framework for Developing
Goals for Developing
Architecture Fundamentals:
Architecture role and life cycle
Architecture representation and reasoning
Architecture processes and work products
Architecture analysis and design
Architecture modeling and validation
Architecture patterns and properties
COTS evaluation and integration
Ability to Develop
Marketplace Environment:
Partners and alliances
COTS and component products
Service and consultation offerings
User groups and standards
Parts for Developing
System Environment: enterprise architecture, business models, system usage and evolution
External Behavior View (System Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
Hardware and Network View (Physical Infrastructure):
Computing hardware: servers, mainframes, PCs,mass storage, …
Networks, wired & wireless: media, devices, topology, protocols
System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …
SYSTEM ARCHITECTURE
An Architecture Framework
Architecture Best Practices:
Enterprise modeling and requirements specification
Application analysis and design
Data analysis and design
System integration
Network analysis and design
Incremental system development
Enabling Technologies:
Computing & comm. components
Microsoft technologies
JAVA technologies
Web technologies
XML technologies
Security technologies
Architecture patterns
Development methods and tools
Domain Architectures:
EAI architectures
E-commerce architectures
Directory architectures
System management architectures
Middleware architectures
Industry standard architectures
Client Environment:
Client relations, people, and culture
Enterprise architectures, business models, workflows, & legacy systems
Functional, non-functional, & usage requirements and constraints
Processes for Developing
Tools for Developing
Framework for Developing
Goals for Developing
Architecture Fundamentals:
Architecture role and life cycle
Architecture representation and reasoning
Architecture processes and work products
Architecture analysis and design
Architecture modeling and validation
Architecture patterns and properties
COTS evaluation and integration
Ability to Develop
Marketplace Environment:
Partners and alliances
COTS and component products
Service and consultation offerings
User groups and standards
Parts for Developing
System Environment: enterprise architecture, business models, system usage and evolution
External Behavior View (System Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
Hardware and Network View (Physical Infrastructure):
Computing hardware: servers, mainframes, PCs,mass storage, …
Networks, wired & wireless: media, devices, topology, protocols
System Requirements: function, and properties of reliability, performance, scalability, security, usability, cost, …
SYSTEM ARCHITECTURE