| Authors: | Richard Veryard & Aidan Ward |
| Date: | July 2002 |
| Version: | 1.0 |
|
|
Security is a serious requirement for business and technology, and there is a wide range of piecemeal solutions claiming to satisfy this requirement. However, many of these solutions focus on a single class of threat, and may create more problems than they resolve unless used within a proper framework. This report outlines an "agile approach" for security to address these threats in an holistic and effective way.
This report is available for purchase. Price for Gold and Silver Members is GBP175 or US$315 and for Bronze Members GBP400 or US$575.
|
|
|
| Management Summary | | 4 |
 |
| Background | | 6 |
| About this Report | | 7 |
|
| Security Overview | | 9 |
| Principles of security engineering | | 9 |
| Agile Security | | 9 |
| Component-Based Security | | 11 |
| Joined-Up Security | | 15 |
| Factors that accentuate security concerns | | 15 |
|
| Process Overview | | 16 |
| The nature of security | | 16 |
| Overview of process | | 18 |
|
| Threat Analysis | | 19 |
| Key Concepts | | 19 |
| Basic Analysis | | 20 |
| Advanced Analysis | | 21 |
| Classification of Threats | | 22 |
| Threat dependency model | | 22 |
| Urgency of threats | | 24 |
|
| Security Requirements Analysis | | 25 |
| Levels of Requirement | | 25 |
| Types of Protection | | 26 |
| Cross-Tabulation - Levels against Types | | 29 |
|
| Security Design & Implementation | | 30 |
| Scope | | 30 |
| Responsibilities | | 30 |
| Three Patterns of Security | | 31 |
| Understand the potential interaction between components | | 32 |
| Create integrity units | | 33 |
|
| Security Management | | 34 |
| Conceptual Security Stack | | 34 |
| Twin-Track Management | | 36 |
| Monitoring | | 37 |
| Detection | | 37 |
| Response | | 38 |
| Troubleshooting | | 38 |
| Managing Vulnerability | | 38 |
| The Interaction between Components | | 39 |
| Security management conflicts | | 39 |
|
| Support | | 40 |
| WS-Security Architecture | | 40 |
| Tools | | 48 |
| Consultancy Services | | 49 |
|
| Conclusions | | 50 |
| Recommendations | | 50 |
| Afterword | | 51 |
|
| Sources and Further Material | | 52 |
| Our material | | 52 |
| Web material | | 52 |
| Relevant standards | | 52 |
| Books | | 52 |
| Acknowledgements | | 52 |
|
| Appendix A - Metamodel | | 53 |
|
| Appendix B - Web Service Stakeholder Checklist | | 54 |
|
| Appendix C- Web Service Threat Checklist | | 56 |
|
| Appendix D - Web Service Security Offerings | | 62 |
|
| Appendix E - Management Policies and Mechanisms | | 65 |
|
| Appendix F - Summary of ISO 17799 | | 66 |
|
Business Security
Security is a serious requirement for business and technology, and there is a wide range of piecemeal solutions claiming to satisfy this requirement. However, many of these solutions focus on a single class of threat, and may create more problems than they resolve unless used within a proper framework.
The business environment contains many threats to business survival and profitability, both from hostile activity and from sheer turbulence in the system. The purpose of security is to protect the enterprise from threats such as these.
Large enterprises typically deploy a range of security measures, both business and technical. However, because these measures are deployed piecemeal, they often leave significant vulnerabilities and weaknesses. Vulnerabilities are often only understood after an attack has exploited them; and in the worst cases attacks take place undetected.
The responsibility for security is typically fragmented between different functional areas. Computer specialists are responsible for the technical security of an ecommerce website; legal experts are responsible for the robustness of commercial contracts and for the protection of IPR; operational management is responsible for the physical security of the working environment and of employees; and the company secretariat is responsible for the integrity of the business and its accounts.
Web Services
Web services remains one of the biggest security challenges for IT professionals, as corporations attempt to link their internal applications with those belonging to external partners and suppliers using XML and SOAP. Security is widely seen as one of the primary enablers of a thriving web service marketplace, and the software industry leaders are paying renewed attention to this topic. IBM, Microsoft and Verisign have recently announced a common Web Services Security Architecture, which attempts to provide a common set of abstractions for the security of web services. We review this and other initiatives in this report.
|
Audience
Security architects, web service architects, people responsible for technical systems security and information security, business people who need to understand or improve security performance, marketing people who need to understand the security implications of markets and channels.
Purpose
This report surveys the high-level requirements for security, and provides a framework for managing these requirements holistically, using a layered security architecture. This framework allows us to map the various vendors offerings, show what the vendors are missing, and show where design issues predominate.
The report takes the view that decisions about how to approach security and about the structure of the chosen security responses have a much greater effect on security outcomes than the technologies chosen as pieces of the solution.
Using this report it is possible to make three key security improvements:
- Prioritise investment in security measures using a big picture view of threats and vulnerabilities
- Determine where information about the environment, markets and value chain is insufficient to implement good security measures
- Understand where new conversations between internal roles and functions will make a significant contribution to both seeing threats and building credible responses
Structure
The report is structured as follows. After a brief overview of the whole process, we explain each of the stages of the process in more detail. The logic of this story is:
1. We explain the sorts of approaches to security that are possible and the different properties they have. The first objective is to understand the type of defences that will be effective in our particular situation and for web services in general.
2. We walk through the process of generating security and the principles that process is founded on. The second objective is to understand the activities that we will undertake and what we will learn as we go through them.
3. We look in more detail at the nature of the threats and the dynamic problem of defending against them. The third objective is to generate a framework within which threats can be understood and even predicted.
4. We take the threats and the business requirement and work towards a set of general security requirements that any security system must fulfil. The fourth objective is to be able to abstract the security requirements from the threats and the solution components.
5. We look at the design and implementation concerns that these requirements lead to. The fifth objective is to have a practical implementation path mapped out.
6. We look at the management of an implemented system to deal with the sort of issues that will surface during operation. The sixth objective is to be able to keep an operational system effective while in use.
As we explain in the report, the journey for someone establishing a system will be iterative, passing through this story more than once before the issues can be considered to be under control.
|
|
Home