Lecture 1a charts - Andrew.cmu.edu
Download
Report
Transcript Lecture 1a charts - Andrew.cmu.edu
95-750
Security Architecture and Analysis
Fall 2001
Instructors:
Rick Linger
301-926-4858
Tom Longstaff
412-268-7074
Nancy Mead
412-268-5756
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
rlinger, tal, [email protected]
Schedule:
Wednesday 5:30-8:20 PM
HBH 1003
Security Architecture Analysis: Course Roadmap
Architecture
Definition &
Analysis
Session 1 (Linger)
What: Methods for defining and reasoning about system architectures.
Why: The architecture level is cost-effective and intellectually manageable for
analysis and design of system security and survivability capabilities.
Survivable
Network
Analysis
Session 2, 3a (Linger)
What: Survivability analysis improves preservation of critical mission capabilities.
Why: No amount of security can guarantee that systems will not be compromised;
essential services and assets must be maintained.
Security
Architectures
Architecture
Development
Management
Sessions 4, 6, 7. 9, 11 (Longstaff)
What: Analysis of vulnerabilities and methods for improving system security.
Why: System security can be improved by a variety of techniques at the
network, operating system, and application level.
Session 13 (Linger)
What: Architecture development with COTS components
Why: Most security vulnerabilities are the result of poor system development
and acquisition practices. From a security perspective, good practices and
management methods are critically important.
Plus:
• Student team project in survivability analysis (Mead)
• Guest lectures on special topics
• Student presentations
Course Objectives
• Understand how to reason about system architectures
• Understand security strategies at the architecture level
• Understand and apply survivability concepts and strategies
• Understand impact of development life cycle practices and
management processes on security and survivability
• Gain experience in summarizing and presenting material
Your presentations
• Why is this important?
In the work environment you will be called upon to:
Evaluate and articulate situations
Explain and defend your ideas
• A presentation strategy:
What is the problem?
What is the current state-of-practice?
What is the solution?
• Am I explaining this well?
Can I summarize the article in one sentence?
What is the “elevator conversation?”
You are the teacher
• Presentation target: 15 minutes/cut off at 20 minutes
Security Architecture and Analysis: Session 1a
• Concepts of System Architectures
• Enterprise/Architecture Matchup
• Architecture and the System Development Life Cycle
• Architectural Styles and Properties
• Architecture Representation
• Architecture Impact of COTS Products
• Architecture Trade-offs
• Reuse and Product Line Architectures
• An Architecture Framework
Concepts of System Architectures
Architecture Definitions:
Architecture: The organizational structure of a system of
components [IEEE Glossary]
The architecture of a system defines that system in terms of
computational components and interactions among those
components. Components are such things as clients and servers,
databases, filters, and layers in a hierarchical system. Interactions
among components at this level of design can be simple and
familiar, such as procedure call and shared variable access. But
they can also be complex and semantically rich, such as clientserver protocols, database accessing protocols, asynchronous
event multicast, and piped streams. [Shaw and Garlan]
The software architecture of a program or computing system is the
structure or structures of the system, which comprise software
components, the externally visible properties of those components,
and the relationships among them. [Bass, Clements, Kazman]
Architectural design: The process of defining a collection of
hardware and software components and their interfaces to
establish the framework for the development of a computer
system. [IEEE Glossary]
Concepts of System Architectures
Other viewpoints [Bass]
Architecture is high-level design (more to it than that)
Architecture is the overall structure of the system (what structure)
Architecture is the structure of the components of a program or
system, their interrelationships, and principles and guidelines
governing their design and evolution over time (process-centric,
includes guidelines and principles)
Architecture is components and connectors (what kinds of
connectors, runtime?)
Architecture is components, connectors, and constraints (lacks
notion of externally visible properties)
Concepts of System Architectures
• Architectures are comprised of components and connectors:
• Components (Computation)
Hardware:
Workstations, servers, mainframes, printers, sensors, actuators, …
Software:
Operating systems, data base systems, middleware,
browsers, applications, utilities, firewalls, ...
• Connectors (Communication)
Hardware:
Communication links: routers, switches, public telephone
network, leased lines, virtual private networks, …
Software:
Communication protocols: TCP/IP, SNMP, HTTP, FTP …, Linkage
conventions: procedure calls, remote procedure calls, thread
initiation, ...
Concepts of System Architectures
• Modern enterprise system architectures integrate
computation and communication:
Computation
Communication
• Moore’s Law
• MIPS
• Processing Costs
• Storage Size and Costs
• Main Memory
• Secondary Storage
Enterprise
System
Architectures
• Metcalf’s Law
• Speed and Cost
• WAN
• LAN
• SAN
Concepts of System Architectures
Architecture properties:
• Functional properties
Must satisfy domain-specific functional requirements
and specifications
• Non-functional properties (the “ilities”)
Must satisfy performance, availability, reliability, safety,
security, survivability, maintainability, usability,
manageability, … properties
Architecture trade-offs:
• Properties can conflict
• Trade-offs seek optimal combinations of properties
based on cost/benefit analysis
Concepts of System Architectures
The Cost of Downtime:
Business
Brokerage Operations
Credit Card / Sales Authorizations
Pay-per-View
Home Shopping
Catalog Sales
Airline Reservations
Tele-ticket Sales
Package Shipping
ATM Fees
Source: Fibre Channel Association
Industry
Finance
Finance
Media
Retail
Retail
Transportation
Media
Transportation
Finance
Hourly Costs
$6,450,000
$2,600,000
$150,000
$113,000
$90,000
$90,000
$69.000
$28,000
$14,500
Concepts of System Architectures
The Stages of Enterprise Information System Architectures:
• Batch – 60s and 70s
– SW enabler: programming languages, job control
– Business motivation: automate clerical tasks
• On-line transaction processing – 80s
– SW enabler: networking, databases, transaction monitors
– Business motivation: automate the front office
• Integrated systems – 90s
– SW enabler: internet standards, middleware, components
– Business motivation: opening the business to the web
• Web services – 00s
– A possible fourth in the near future
– SW enabler: standards for data and services, composability
– Business motivation: efficiency, reduce IT costs?
Enterprise/Architecture Matchup
Example: The Flameout Candle Company
Existing System:
Web
Server
Order
Processing
Static
Documents
File Transfer
Delivery
RPC
Warehouse
Marketing and
Customer data
EDI
File Transfer
Billing
File Transfer
Accounts
Suppliers
Enterprise/Architecture Matchup
Initial thought - Amazon.com wannabe
Web
Commerce
Server
Order
Processing
Web
Server
Static
Documents
File Transfer
Delivery
RPC
Warehouse
Marketing and
Customer data
EDI
File Transfer
Billing
File Transfer
Accounts
Suppliers
Source: C. Britton, IT Architectures and
Midddleware, Addison-Wesley, 2000.
Enterprise/Architecture Matchup
But … What about ?
Web
Commerce
Server
Order
Processing
Collecting
Customer
Information ?
Web
Server
Delivery
Static
Documents
information ?
File Transfer
On-line
Payment ?
Delivery
RPC
Warehouse
Marketing and
Customer data
EDI
File Transfer
Billing
File Transfer
Accounts
Suppliers
Enterprise/Architecture Matchup
User issue: What happened to my order ?
Web
Commerce
Server
Order
Processing
Web
Server
L
File Transfer
i
m
b
o
Static
Documents
Delivery
RPC
Warehouse
Marketing and
Customer data
EDI
File Transfer
Limbo
Billing
File Transfer
Accounts
Suppliers
Enterprise/Architecture Matchup
User issue: System lets me order products that don’t exist !
Web
Web Static
Commerce
Server Documents
Server
Order
Processing
Delivery
RPC
Warehouse
Marketing and
Customer data
EDI
File Transfer
Billing
File Transfer
Accounts
Suppliers
Enterprise/Architecture Matchup
User issue: They keep sending my stuff to the wrong address !
Web
Commerce
Server
Web
Server
Static
Documents
Order
Processing
Delivery
RPC
Warehouse
Marketing and
Customer data
EDI
File Transfer
Billing
File Transfer
Accounts
Suppliers
Enterprise/Architecture Matchup
…and looking even further ahead
Portals
Web
Commerce
Server
Order
Processing
Web
Server
One-to-one
Marketing
Static
Voice
Documents
Interface
File Transfer
B2B
Delivery
RPC
Warehouse
Marketing and
Customer data
EDI
WAP
File Transfer
Billing
File Transfer
Accounts
Suppliers
Enterprise/Architecture Matchup
A better architecture for the Flameout enterprise business model:
Customers:
Web
Voice
WAP
UI Presentation
Layer
Portals
Ordering
B2B
Delivery
…
Business Logic
Layer
Marketing
Billing
Accounting
Customers
Warehousing
Orders
…
Accounts
Inventory
Suppliers
…
Database
Layer
Architecture and the System Development Life Cycle
Requirements
Define concept of operations for the enterprise/
business mission and the system requirements
Specification
Define required system
external behavior
Architecture
Define components and
their connections
Design
(Architecture is the right
level for analysis and
design of security and
survivability)
(Effective life cycle processes are
incremental and iterative)
External behavior
Software and data
Hardware and network
Define component designs
or acquire components
Implementation
Develop code
Testing
Exercise code against
specifications
Operations
Execute the
business mission
Architectural Styles (Shaw and Garlan: “Common Styles”)
• Dataflow systems
Batch sequential
Pipes and filters
• Call-and-return systems
Main program and subroutine
OO systems
Hierarchical layers
• Independent components
Communicating processes
Event systems
• Virtual machines
Interpreters
Rule-based systems
• Data-centered systems
Databases
Hypertext systems
Blackboards
Architectural Styles: Why are They Important?
• An architectural style conveys:
A mental image of a system
A structural template for components and connections
A set of behaviors
A set of constraints
• An architectural style can be instantiated in a variety of contexts
Architectural Styles
To understand any architecture, it is critical to know:
For every component:
• Who are its users? (people and/or other components)
• What do its users expect?
• What are its inputs?
• Where do they come from?
• What are its outputs?
• Where do they go to?
• What is its transition function?
What software does it run?
What does it do to its inputs to produce its outputs?
For every communication link:
• What traffic does it carry?
• What is the volume of traffic?
• What is the distribution of traffic?
Architectural Styles
Example: A Data Management System
Style: Pipeline, pipes and filters, batch sequential, data flow
Users
Source
data
Report
Validate
Sort
Update
Report
Architectural Styles
Example: A compiler
Style: Pipeline, pipes and filters, batch sequential, data flow
Users
Source
code
Object
code
Lexical
Analysis
Parsing
Semantic
Analysis
Code
Generation
Severe Error
Handling
Architectural Styles
Example: An Aircraft Avionics System
Style: Bus, message passing
Pilot
Display
Management
Computer
...
Users
Flight
Management
Computer
Navigation
Computer
Engine
Management
Computer
Bus
...
Sensor
Input
Actuator
Output
...
...
Data
Link I/O
Navigation/
GPS Input
...
Architectural Styles
Example: Software Tools System
Style: Data-centric, blackboard
Users
Users
Tool 1
Users
Tool 8
Users
Tool 7
Tool 2
Blackboard
(project dictionary
and artifacts)
Tool 6
Users
Tool 3
Users
Tool 4
Users
Tool 5
Users
Architectural Styles
Example: Automobile Cruise Control
Style: Control, feedback
Users
Active/inactive
toggle
Driver
Controller
Engine
Wheels
Desired speed
Wheel speed
Sensor
Architectural Styles
Example: Aircraft Flight Simulator
Style: Control, feedback
Users
Cockpit
Display
System
Aircraft
Dynamic
Model
Visual
Cueing
System
Crew
Environment
Dynamic
Model
Motion
Cueing
System
Audio
Cueing
System
Instructor
Instructor
Station
Cockpit
Controls
Architectural Styles
Example: WWW Client-Server Pair
Style: Layered
External
Viewer
Users
Common
Gateway
Interface
Users
Users
WWW client
Presentation
Manager
File
Server
UI
Manager
WWW server
Path
Resolver
Access
Manager
Cache
Manager
Protocol
Manager
Stream
Manager
HTTP
Server
HTTP
Stream
Manager
Access
Control
Architectural Styles
Example: A heterogeneous network (the Internet)
Style: All possible subarchitectures, network
topology unknown and unknowable, dynamic changes
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Architectural Styles
Example: A Bank ATM System
Style: Hierarchical, client server, layered
Domain/Enterprise
Logic/ Data Layer
Users
U
s
e
r
s
Mainframe
...
Infrastructure/
Communications
Layer
Presentation/
User Interface
Layer
ATM
Server
ATM
ATM ... ATM
Server
ATM
ATM
ATM ... ATM
Users
...
Server
ATM
ATM
ATM ... ATM
Architectural Styles
Example: A Bank ATM System
Style: Hierarchical, client server, layered, with redundant components
Users
Mainframe
Mainframe
...
Server
ATM
ATM
Server
ATM ... ATM
Server
ATM
ATM
Server
ATM ... ATM
Users
...
ATM
Server
ATM
Server
ATM ... ATM
Architectural Styles
Gartner’s Two-Tier and Multi-Tier Enterprise Architectures:
Fat Client
Two Tiers
Desktop:
Presentation
Business Rules
Data Access
Server(s):
DBMS
Plump Client
Two Tiers
Presentation
Business Rules
Data Access
DBMS
Thin Client
Multi-tier
Presentation
Ultra-Thin Client
Multi-tier
Browser
Business Rules
Data Access
Business Rules
Data Access
DBMS
DBMS
Architectural Styles
Putting two nodes together: Lots to consider:
Users
Users
1) The communications link
2) The protocol
3) Software and applications
4) The API
5) A common format for data
6) Security
7) Administration
8) Configuration management
Architecture Representation
• Informal diagrams
Boxes and arrows
Good for quick, high-level communication
Implied semantics
Abstract out details (that are important to understanding)
Ineffective as design basis
• Architecture languages
Well-defined semantics and syntax
Generally difficult to use
Effective as design basis
Essential where stakes are high
Examples: Wright (CMU), Z (University of Oxford)
• Advice
You will see thousands of box and arrow diagrams in your
professional careers. Treat them as useful, but also as “artists
conceptions” that lack important information.
Architecture Impact of COTS (Commercial Off The Shelf) Products
• Long history
Started with environment support
Operating systems, data bases, language processors, …
Moving up the food chain
Specialized applications, middleware, network services, ...
• Most architectures today are “assembled” from COTS products
Domain-specific vendors
Bend business processes to match software capabilities
“Glue code” ties incompatible products together
COTS characteristics:
• Ties your system capability and evolution to vendors
• Cost savings possible, but risks must be managed
• Functionality and security are what vendor says they are
Actual capabilities may differ
• Source code usually not available
• Knowledge of quality and reliability difficult to acquire
• Acceptance testing and configuration management are critical
Reuse and Product Line Architectures
• Reuse
Objective
Make new use of existing components in new environments
Motivation
Avoid cost of new development
Leverage previous investments
Problems
Cost of generalizing components for potential reuse
Architectural mismatch in reuse
• Product Line Architectures
Objective
Generalize architectures and components for future
variations
Motivation
Reduce costs of subsequent product development
Problems
How should generalization be done?
Will future product variations come to fruition?
A Bank ATM System: 10 Minute Exercise
For a server node, define:
• its users
• inputs and their source
• outputs and their destination
(Make up your answers based on personal knowledge. 90% of system
development is making sure nothing is left out!)
Domain/Enterprise
Logic/ Data Layer
Infrastructure/
Communications
Layer
Presentation/
User Interface
Layer
ATM
Users
Mainframe
Server
Server
...
Server
...
ATM
ATM ... ATM
ATM
ATM
ATM ... ATM
Users
ATM
ATM
ATM ... ATM
A Bank ATM System: 10 Minute Exercise
Users:
Inputs
Source
Outputs
Dest.
An Architecture Framework
SYSTEM ARCHITECTURE
System Environment: enterprise architecture,
business models, system usage and evolution
An Architecture Framework
SYSTEM ARCHITECTURE
System Environment: enterprise architecture,
business models, system usage and evolution
System Requirements: function, and
properties of reliability, performance,
scalability, security, usability, cost, …
An Architecture Framework
SYSTEM ARCHITECTURE
System Environment: enterprise architecture,
business models, system usage and evolution
System Requirements: function, and
properties of reliability, performance,
scalability, security, usability, cost, …
External Behavior View (System
Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
An Architecture Framework
SYSTEM ARCHITECTURE
System Environment: enterprise architecture,
business models, system usage and evolution
System Requirements: function, and
properties of reliability, performance,
scalability, security, usability, cost, …
External Behavior View (System
Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical
Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
An Architecture Framework
SYSTEM ARCHITECTURE
System Environment: enterprise architecture,
business models, system usage and evolution
System Requirements: function, and
properties of reliability, performance,
scalability, security, usability, cost, …
External Behavior View (System
Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical
Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
Hardware and Network View
(Physical Infrastructure):
Computing hardware: servers,
mainframes, PCs,mass storage, …
Networks, wired & wireless: media,
devices, topology, protocols
An Architecture Framework
SYSTEM ARCHITECTURE
Architecture Fundamentals:
System Environment: enterprise architecture,
business models, system usage and evolution
Architecture role and life cycle
Architecture representation and
reasoning
Architecture processes and work
products
Architecture analysis and design
Architecture modeling and validation
Architecture patterns and properties
COTS evaluation and integration
Ability to
Develop
System Requirements: function, and
properties of reliability, performance,
scalability, security, usability, cost, …
External Behavior View (System
Specification):
User tasks and workflows
Function and information
Stimulus/response behavior
Data and Software View (Logical
Infrastructure):
Middleware and applications
Databases and storage systems
Operating systems
Hardware and Network View
(Physical Infrastructure):
Computing hardware: servers,
mainframes, PCs,mass storage, …
Networks, wired & wireless: media,
devices, topology, protocols
An Architecture Framework
SYSTEM ARCHITECTURE
Architecture Fundamentals:
System Environment: enterprise architecture,
business models, system usage and evolution
Architecture role and life cycle
Architecture representation and
reasoning
Architecture processes and work
products
Ability to
Develop
System Requirements: function, and
properties of reliability, performance,
scalability, security, usability, cost, …
External Behavior View (System
Specification):
Architecture analysis and design
Architecture modeling and validation
User tasks and workflows
Architecture patterns and properties
Function and information
COTS evaluation and integration
Stimulus/response behavior
Architecture Best Practices:
Enterprise modeling and
requirements specification
Application analysis and design
Processes for
Developing
Data and Software View (Logical
Infrastructure):
Middleware and applications
Data analysis and design
Databases and storage systems
System integration
Operating systems
Network analysis and design
Incremental system development
Hardware and Network View
(Physical Infrastructure):
Computing hardware: servers,
mainframes, PCs,mass storage, …
Networks, wired & wireless: media,
devices, topology, protocols
An Architecture Framework
SYSTEM ARCHITECTURE
Architecture Fundamentals:
System Environment: enterprise architecture,
business models, system usage and evolution
Architecture role and life cycle
Architecture representation and
reasoning
Architecture processes and work
products
Ability to
Develop
System Requirements: function, and
properties of reliability, performance,
scalability, security, usability, cost, …
External Behavior View (System
Specification):
Architecture analysis and design
Architecture modeling and validation
User tasks and workflows
Architecture patterns and properties
Function and information
COTS evaluation and integration
Stimulus/response behavior
Architecture Best Practices:
Enterprise modeling and
requirements specification
Application analysis and design
Processes for
Developing
Data and Software View (Logical
Infrastructure):
Middleware and applications
Data analysis and design
Databases and storage systems
System integration
Operating systems
Network analysis and design
Incremental system development
Client Environment:
Client relations, people, and culture
Enterprise architectures, business
models, workflows, & legacy systems
Functional, non-functional, & usage
requirements and constraints
Hardware and Network View
(Physical Infrastructure):
Goals for
Developing
Computing hardware: servers,
mainframes, PCs,mass storage, …
Networks, wired & wireless: media,
devices, topology, protocols
An Architecture Framework
SYSTEM ARCHITECTURE
Architecture Fundamentals:
System Environment: enterprise architecture,
business models, system usage and evolution
Architecture role and life cycle
Architecture representation and
reasoning
Architecture processes and work
products
Ability to
Develop
System Requirements: function, and
properties of reliability, performance,
scalability, security, usability, cost, …
External Behavior View (System
Specification):
Architecture analysis and design
Architecture modeling and validation
User tasks and workflows
Architecture patterns and properties
Function and information
COTS evaluation and integration
Stimulus/response behavior
Architecture Best Practices:
Enterprise modeling and
requirements specification
Application analysis and design
Processes for
Developing
Data and Software View (Logical
Infrastructure):
Middleware and applications
Data analysis and design
Databases and storage systems
System integration
Operating systems
Network analysis and design
Incremental system development
Client Environment:
Client relations, people, and culture
Enterprise architectures, business
models, workflows, & legacy systems
Functional, non-functional, & usage
requirements and constraints
Hardware and Network View
(Physical Infrastructure):
Goals for
Developing
Computing hardware: servers,
mainframes, PCs,mass storage, …
Networks, wired & wireless: media,
devices, topology, protocols
Marketplace Environment:
Parts for
Developing
Partners and alliances
COTS and component products
Service and consultation offerings
User groups and standards
An Architecture Framework
SYSTEM ARCHITECTURE
Architecture Fundamentals:
System Environment: enterprise architecture,
business models, system usage and evolution
Architecture role and life cycle
Architecture representation and
reasoning
Architecture processes and work
products
Ability to
Develop
System Requirements: function, and
properties of reliability, performance,
scalability, security, usability, cost, …
Architecture modeling and validation
User tasks and workflows
Architecture patterns and properties
Function and information
COTS evaluation and integration
Stimulus/response behavior
Processes for
Developing
Framework for EAI architectures
Developing
E-commerce architectures
Middleware and applications
Industry standard architectures
Operating systems
Network analysis and design
Incremental system development
Functional, non-functional, & usage
requirements and constraints
Domain Architectures:
Middleware architectures
System integration
Enterprise architectures, business
models, workflows, & legacy systems
User groups and standards
System management architectures
Databases and storage systems
Client relations, people, and culture
Service and consultation offerings
Data and Software View (Logical
Infrastructure):
Data analysis and design
Client Environment:
COTS and component products
Directory architectures
Architecture Best Practices:
Application analysis and design
Partners and alliances
External Behavior View (System
Specification):
Architecture analysis and design
Enterprise modeling and
requirements specification
Marketplace Environment:
Parts for
Developing
Hardware and Network View
(Physical Infrastructure):
Goals for
Developing
Computing hardware: servers,
mainframes, PCs,mass storage, …
Networks, wired & wireless: media,
devices, topology, protocols
An Architecture Framework
SYSTEM ARCHITECTURE
Architecture Fundamentals:
System Environment: enterprise architecture,
business models, system usage and evolution
Architecture role and life cycle
Architecture representation and
reasoning
Architecture processes and work
products
Ability to
Develop
Marketplace Environment:
Parts for
Developing
COTS and component products
System Requirements: function, and
properties of reliability, performance,
scalability, security, usability, cost, …
Service and consultation offerings
User groups and standards
External Behavior View (System
Specification):
Architecture analysis and design
Architecture modeling and validation
Domain Architectures:
User tasks and workflows
Architecture patterns and properties
Function and information
COTS evaluation and integration
Stimulus/response behavior
Framework for EAI architectures
Developing
E-commerce architectures
Directory architectures
Architecture Best Practices:
Enterprise modeling and
requirements specification
Application analysis and design
System management architectures
Processes for
Developing
Data and Software View (Logical
Infrastructure):
Middleware architectures
Middleware and applications
Industry standard architectures
Data analysis and design
Databases and storage systems
System integration
Operating systems
Enabling Technologies:
Computing & comm. components
Network analysis and design
Incremental system development
Client Environment:
Client relations, people, and culture
Enterprise architectures, business
models, workflows, & legacy systems
Functional, non-functional, & usage
requirements and constraints
Partners and alliances
Hardware and Network View
(Physical Infrastructure):
Goals for
Developing
Tools for
Developing
Microsoft technologies
JAVA technologies
Computing hardware: servers,
mainframes, PCs,mass storage, …
Web technologies
Networks, wired & wireless: media,
devices, topology, protocols
Security technologies
XML technologies
Architecture patterns
Development methods and tools