1 / 32

A Security-centric Ring-based Software Architecture

Fighting Mechanism. Population. Infrastructure. Organic Essentials. Leadership. A Security-centric Ring-based Software Architecture. Jay-Evan J. Tevis John A. Hamilton, Jr. Western Illinois University Auburn University

graceland
Télécharger la présentation

A Security-centric Ring-based Software Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fighting Mechanism Population Infrastructure Organic Essentials Leadership A Security-centric Ring-based Software Architecture Jay-Evan J. Tevis John A. Hamilton, Jr. Western Illinois University Auburn University Macomb, IL Auburn, AL A Security-centric Ring-based Software Architecture

  2. Introduction • Software systems are vulnerable to many different forms of attack • Protection of such systems can be improved by viewing their key components from the perspective of an enemy attacker A Security-centric Ring-based Software Architecture

  3. Introduction (continued) • Colonel John Warden developed a five-ring system model for military strategic warfare • It describes the parts of an enemy system as five concentric rings • It is designed for use in planning and conducting strategic targeting against an adversary A Security-centric Ring-based Software Architecture

  4. Introduction (continued) • We apply this model to computer software architecture in a similar manner to identify • What system-level components are essential • How these components can be better protected through a security-focused software architectural design A Security-centric Ring-based Software Architecture

  5. Overview • Security-centric software architectures • Design of a ring-based software architecture • A computer security adaptation using Warden’s concentric rings • Adapting Warden’s model to computer security • Protecting centers of gravity in a software system • Conclusion and future plans A Security-centric Ring-based Software Architecture

  6. 1. Security-centric Software Architectures A Security-centric Ring-based Software Architecture

  7. 1. Security-centric Software Architectures Critical Concepts in the Security Domain [Neumann] • Multi-level security • Restrict flow of information from higher-security entities to lower-security entities • Multi-level integrity • Restrict dependencies between entities of higher integrity with entities of lower integrity • Multi-level availability • Restrict dependencies between entities of higher availability with entities of lower availability A Security-centric Ring-based Software Architecture

  8. 1. Security-centric Software Architectures Multiple Security Rings [Gemini] • High assurance security • Hardware and kernel-enforced protection • Multi-level security • Enforcement of organizational access controls • Cryptographic communication security • IPSec-based authentication, confidentiality, and integrity • Integrated information systems security • Protection at transport and network layers A Security-centric Ring-based Software Architecture

  9. 1. Security-centric Software Architectures Properties of Ring-based Software Architectures [Schell] • Memory segmentation • Three protection rings • (0) Security kernel • Located in the most protected ring • Enforces mandatory access controls • (1) Operating system • (2) Applications • According to Schell, such ring-based architectures are applied in research but are not widely deployed in industry A Security-centric Ring-based Software Architecture

  10. 1. Security-centric Software Architectures Ring-based Program Execution Policy [Nguyen and Levin] • Mandatory access control (All users including root) • Four ring-based execution domains • (0) Operating System • (1) Administration • (2) Privileged application • (3) Unprivileged application • Programs assigned to a less privileged ring are unable to execute or access objects allocated in a more privileged ring A Security-centric Ring-based Software Architecture

  11. 2. Design of a Ring-based Software Architecture A Security-centric Ring-based Software Architecture

  12. 2. Design of a Ring-based Software Architecture Ring 4 Ring 3 Ring 2 Ring 1 Ring 0 Ring-based Architectural Style A Security-centric Ring-based Software Architecture

  13. 2. Design of a Ring-based Software Architecture Ring-based Architectural Style [Bachmann] • A variation of the layered architectural style • Innermost ring is the lowest-numbered layer; outermost ring is the highest-numbered layer • Geometric adjacency of two rings denotes an “ability to use” relation • Each entity in a specific ring can communicate with another entity A Security-centric Ring-based Software Architecture

  14. 2. Design of a Ring-based Software Architecture Ring-based Architectural Style (continued) • Entities within a ring have no inherent adjacency; consequently, they are an unordered set • This tends towards more of a peer-to-peer environment within a ring • Any entity in an inner ring is accessible only by an entity in the closest outer ring • To access an inner ring, an entity in the adjacent outer ring must be used as the mediator or interface A Security-centric Ring-based Software Architecture

  15. 2. Design of a Ring-based Software Architecture Features of Rings as Interfaces • Confidentiality (privacy) • Authentication (who created or sent the data) • Integrity (data has not been altered) • Non-repudiation (responsibility for the request) • Access control (preventing misuse of resources) • Availability (permanence or non-erasure of data) A Security-centric Ring-based Software Architecture

  16. 2. Design of a Ring-based Software Architecture Features of Rings as Gates[Fernandez] • A set of protection rings corresponds to domains of execution with hierarchical levels of trust • Gates serve as protected entry points between rings • Entering a ring is done through a gate that checks the access rights of a process A Security-centric Ring-based Software Architecture

  17. 2. Design of a Ring-based Software Architecture Design Patterns for a Ring-based Software Architecture [Fernandez] • File authorization • Access control for virtual address space • Execution domain • Reference monitor • Controlled execution environment A Security-centric Ring-based Software Architecture

  18. 3. A Computer Security Adaptation using Warden’s Concentric Rings A Security-centric Ring-based Software Architecture

  19. 3. A Computer Security Adaptation using Warden’s Concentric Rings Fighting Mechanism Population Infrastructure Organic Essentials Leadership Warden’s Five-Ring Model [Warden] A Security-centric Ring-based Software Architecture

  20. 3. A Computer Security Adaptation using Warden’s Concentric Rings Body State Drug Cartel Electric Grid Leadership Brain -eyes -nerves Government -comm. -security Leader -comm. -security Central control OrganicEssentials Food and oxygen EnergyMoney Coca source plus conversion Input(Hydro- electric) Infrastructure Vessels, bones, muscles Roads, airfields, factories Roads, airways, sea lanes Transmission lines Population Cells People Growers Workers FightingMechanism Leukocyte Military, firemen Street soldiers Lineman Five-Ring Model Applied to Other Domains [Warden] A Security-centric Ring-based Software Architecture

  21. 3. A Computer Security Adaptation using Warden’s Concentric Rings Software Security Adaptation of Warden’s Model Physical security measures Application software System bus and data controllers BIOS, system utilities, drivers Executable code, sensors A Security-centric Ring-based Software Architecture

  22. 3. A Computer Security Adaptation using Warden’s Concentric Rings Computer Security Rings • (Ring 0) The executable code itself and software controlling the system sensors and I/O sensors • (Ring 1) BIOS, device drivers, system utilities (scheduler, swapper, I/O, memory, file system, power) • (Ring 2) Software controlling the system bus, data lines, antennas, and converters • (Ring 3) Application software (handling and transforming of user data) • (Ring 4) Software controlling physical security measures to deal with an external attack or an intrusion A Security-centric Ring-based Software Architecture

  23. 5. Protecting Centers of Gravity in a Software System A Security-centric Ring-based Software Architecture

  24. 5. Protecting Centers of Gravity in a Software System Centers of Gravity • Centers of gravity are the components that are instrumental to a system’s function and survival • The five rings in Warden’s model constitute five centers of gravity • Each ring is a possible target requiring protection • Without the functioning inner rings, an outer ring becomes a useless appendage • Software engineers should ensure that the security protection for the software in each ring cannot be easily defeated A Security-centric Ring-based Software Architecture

  25. 5. Protecting Centers of Gravity in a Software System (0) Leadership Ring • Consists of the executable code itself and software controlling the system sensors and I/O sensors • Failure of any critical components in the leadership ring leads to failure of the complete system • Critical components must be identified and given the highest level of protection • No vulnerability should exist that would allow changes to the program executable code without approval of the leadership ring • Only the leadership ring should be able to disable or change system sensors • With the innermost ring protected, each remaining ring must also be protected to avoid the threat of strategic paralysis A Security-centric Ring-based Software Architecture

  26. 5. Protecting Centers of Gravity in a Software System (1) Organic Essentials Ring • Consists of the BIOS, device drivers, and system utilities (scheduler, swapper, I/O, memory, file system, power) • The organic essentials ring must be protected through redundancy and system surveillance (alternate software, software checking on each other, and possibly backup devices) A Security-centric Ring-based Software Architecture

  27. 5. Protecting Centers of Gravity in a Software System (2) Infrastructure Ring • Consists of software controlling the system bus, data lines, antennas, and converters • The infrastructure ring must also be protected by redundancyof software, alternate control and alternate data routing • Backup components are needed for each of the major data conduits of the software system • Signals, shared memory, pipes, system bus, communication paths • The protection facilities must detect and minimize lost conduits or a denial of service attack and reroute data or delete data-jamming traffic in order to thwart such an attack A Security-centric Ring-based Software Architecture

  28. 5. Protecting Centers of Gravity in a Software System (3) Population Ring • Consists of application software (handling and transforming of user data) • Attack of the population ring is less of an impact on the inner rings because of the low relationship (i.e., dependency) of the system processes on the the application processes • One major threat is exhaustion of memory or filling up of buffers • Another threat is corruption or destruction of the contents of the data when in transit into and among processes • Approaches for protection include buffer monitoring, parity error-detection mechanisms and sliding window protocols A Security-centric Ring-based Software Architecture

  29. 5. Protecting Centers of Gravity in a Software System (4) Fighting Mechanism Ring • Consists of software controlling physical security measures to deal with an external attack or an intrusion • The fighting mechanism ring is not as critical if each of the inner rings has been equipped with software security protection mechanisms • Nevertheless, centralizing the attacking role in this ring supports the software engineering principle of cohesion • Protection includes not only attacking outward, but also the sending of warnings to inner rings • When designing security measures, the detection and handling of threats should always assume a parallel attack in a ring or among rings and also a diversion attack • System security should not be centered on a single thread of protection located in this outermost ring A Security-centric Ring-based Software Architecture

  30. 6. Conclusion and Future Plans A Security-centric Ring-based Software Architecture

  31. 6. Conclusion and Future Plans Conclusion • The importance of computer system security demands better security-centric software architectures • Warden’s five-ring model provides a way to portray a computer system as viewed by an enemy attacker • This modeling technique identifies the software components of each ring and the centers of gravity needing the most protection • It also points out the need for layered software defenses against computer security threats A Security-centric Ring-based Software Architecture

  32. 6. Conclusion and Future Plans Future Plans • Compare and contrast the ring-based security-centric software architecture to the monolithic software architecture used by the Linux operating system • Implement a prototype operating system that utilizes a security-centric ring-based software architecture approach based on Warden’s model A Security-centric Ring-based Software Architecture

More Related