Enterprise Level Security Securing Information Systems in an Uncertain World

Enterprise Level Security: Securing Information Systems in an Uncertain World provides a modern alternative to the fortress approach to security. The new approach is more distributed and has no need for passwords or accounts. Global attacks become much more difficult, and losses are localized, should they occur. The security approach is derived from a set of tenets that form the basic security model requirements. Many of the changes in authorization within the enterprise model happen automatically. Identities and claims for access occur during each step of the computing process. Many of the techniques in this book have been piloted. These techniques have been proven to be resilient, secure, extensible, and scalable. The operational model of a distributed computer environment defense is currently being implemented on a broad scale for a particular enterprise. The first section of the book comprises seven chapters that cover basics and philosophy, including discussions on identity, attributes, access and privilege, cryptography, the cloud, and the network. These chapters contain an evolved set of principles and philosophies that were not apparent at the beginning of the project. The second section, consisting of chapters eight through twenty-two, contains technical information and details obtained by making painful mistakes and reworking processes until a workable formulation was derived. Topics covered in this section include claims-based authentication, credentials for access claims, claims creation, invoking an application, cascading authorization, federation, and content access control. This section also covers delegation, the enterprise attribute ecosystem, database access, building enterprise software, vulnerability analyses, the enterprise support desk, and network defense.

IntroductionProblem DescriptionWhat Is Enterprise Level Security?Distributed versus Centralized SecurityCrafting a Security ModelEntities and ClaimsRobust Assured Information SharingKey ConceptsTwo Steps Forward and One Step BackThe Approximate Time-Based CraftingSummaryBASICS AND PHILOSOPHYIdentityWho Are You?NamingIdentity and Naming: Case StudyImplications for Information SecurityPersonasIdentity SummaryAttributesFacts and DescriptorsAn Attribute EcosystemData SanitizationTemporal DataCredential DataDistributed StoresAccess and PrivilegeAccess ControlAuthorization and Access in GeneralAccess Control ListComplex Access Control SchemasPrivilegeConcept of Least PrivilegeCryptographyIntroductionCryptographic Keys and Key ManagementSymmetric KeysStore KeysDelete KeysEncryptionSymmetric versus Asymmetric Encryption AlgorithmsDecryptionHash FunctionSignaturesA Note on Cryptographic Key LengthsInternet Protocol SecurityOther Cryptographic ServicesThe Java Cryptography ExtensionData at RestData in MotionThe CloudThe Promise of Cloud ComputingBenefits of the CloudDrawbacks of Cloud UsageChallenges for the Cloud and High AssuranceCloud Accountability, Monitoring, and ForensicsStandard Requirements for Cloud ForensicsThe NetworkThe Network EntitiesTECHNICAL DETAILSClaims-Based AuthenticationAuthentication and IdentityCredentials in the EnterpriseAuthentication in the EnterpriseInfrastructure Security Component InteractionsCompliance TestingFederated AuthenticationCredentials for Access ClaimsSecurity Assertion Markup LanguageAccess Control Implemented in the Web ServiceEstablishing Least PrivilegeDefault ValuesCreating an SAML TokenScaling of the STS for High Assurance ArchitecturesRules for Maintaining High Assurance during Scale-UpClaims CreationAccess Control Requirements at the ServicesAccess Control RequirementEnterprise Service RegistryClaims EngineComputed Claims RecordInvoking an ApplicationActive EntitiesClaims-Based Access ControlEstablishing Least PrivilegeAuthorizing the User to the Web ApplicationAuthorizing a Web Service to a Web ServiceInteraction between Security ComponentsCascading AuthorizationBasic Use Case1Standard CommunicationPruning Attributes, Groups, and RolesRequired Escalation of PrivilegeData Requirements for the Pruning of ElementsSaving of the SAML AssertionSAML Token Modifications for Further CallsAn Annotated Notional ExampleAdditional RequirementsService Use Case SummaryFederationFederationElements of Federated CommunicationExample Federation AgreementAccess from Outside the EnterpriseTrusted STS StoreTrusted STS GovernanceContent Access ControlAuthoritative and Nonauthoritative ContentContent Delivery Digital Rights ManagementMandatory Access ControlAccess Control Content Management SystemEnforcing Access ControlLabeling of Content and Information AssetsConveying Restrictions to the RequesterEnforcing/Obtaining Acknowledgment of RestrictionsMetadataContent Management FunctionComponents of a Stored Information AssetAdditional Elements for Stored Information AssetsKey Management SimplificationImport or Export of Information AssetsDelegationDelegation ServiceService Description for DelegationForm of Extended Claims RecordSpecial Delegation ServiceThe Enterprise Attribute EcosystemUser and Data Owner Convenience FunctionsAttribute Ecosystems Use CasesAttribute Ecosystem ServicesDatabase AccessDatabase ModelsDatabase Interfaces and ProtocolsOverall Database ConsiderationsEnterprise Resource Planning Business SoftwareERP as a Legacy SystemHardening of ERP Database SystemsBuilding Enterprise SoftwareServices TypesFunctionality of All ServicesService ModelEnterprise Services ChecklistEnterprise Service RegistryService Discovery: Manual and AutomatedAdditional ConsiderationsOrchestrationELS InterfaceAccess Control ListVulnerability AnalysesVulnerability CausesRelated WorkVulnerability AnalysisFlaw RemediationSummaryAn Enterprise Support DeskMonitoringData Repository SystemInformation for Service MonitoringCentralized RepositoryServices by TypeData Keeping RequirementsNaming SchemaMonitor ActivitiesHelp Desk BreakdownCustomer Support and Help DeskLevels of ServiceUsing the Knowledge RepositoryESD SummaryNetwork DefenseExpected BehaviorIntroductionCurrent Protection ApproachesAn Alternative to Private Key PassingA Distributed Protection SystemNext Steps for AppliancesAppliances That Change ContentAppliances: A Work in ProgressConcluding RemarksWhere We Have Been and Where We Are GoingUnderstanding the ApproachAbout Those TakeawaysAppendixBibliography

Dr. William R. Simpson earned his bachelor of science in aerospace engineering from Virginia Polytechnic Institute and State University, a master of science and a doctor of philosophy in aeronautical and astronautical engineering from Ohio State University, and a master of science in administration from George Washington University. He has held academic positions at George Mason University, Old Dominion University, the University of Maryland, and Ohio State University. He has held industry positions at the US Naval Air Test Center, the Center for Naval Analyses, the ARINC Research Corporation, and the Institute for Defense Analyses.