What are the types of security architecture?

An enterprise security architecture is a strategy for providing comprehensive protection for an organization against cyber threats. The three core principles are consolidation, zero trust, and threat prevention.

#1. Consolidation

According to a survey of 1,200 organizations by Panaseer, the average enterprise has deployed 76 standalone security solutions. Deploying, configuring, and managing all of these solutions consumes significant time and resources, and they generate an overwhelming volume of alerts, impairing security visibility and threat management.

A consolidated security architecture is essential to effectively and scalably managing an organization’s security risk. Security integration enables security visibility and threat management via a centralized, user-friendly interface, eliminating inefficient context switching and improving the performance of the corporate SOC.

#2. Zero Trust

Often, companies take a perimeter-focused approach to security in which insiders are inherently trusted and granted access and permissions that are not required for their role. As a result, the majority of data breaches involve the abuse of privileged accounts.

A zero-trust security strategy tailors the permissions assigned to a user, application, or system to what is necessary for their role. This limits the probability and impact of security incidents by limiting what an attacker can access within an organization’s environment.

An enterprise security architecture makes effective zero trust possible. Company-wide security integration enables consistent enforcement of zero trust access controls across an organization’s environment.

#3. Threat Prevention

Often, corporate security architectures are detection-focused. Once a potential threat has been identified, security tools and personnel take action to block or remediate the intrusion. However, this detection-focused strategy means that the corporate SOC is always reacting to attacks, providing them the opportunity to cause damage or expand their foothold before incident response begins.

Prevention is a strategic approach to threat management. An enterprise security architecture should proactively take steps to block the access vectors used by cyberattackers and identify and block threats before they reach corporate systems. With prevention, an attacker has no opportunity to access or damage corporate systems, minimizing the cost and impact of an attack on the organization.

From Wikibooks, open books for an open world

• A security policy is a document that expresses clearly and concisely what the protection mechanisms are to achieve. Its a statement of the security we expect the system to enforce.
• A security model is a specification of a security policy:
  • it describes the entities governed by the policy,
  • it states the rules that constitute the policy.
• There are various types of security models:
  • Models can capture policies for confidentiality (Bell-LaPadula) or for integrity (Biba, Clark-Wilson).
  • Some models apply to environments with static policies (Bell-LaPadula), others consider dynamic changes of access rights (Chinese Wall).
  • Security models can be informal (Clark-Wilson), semi-formal, or formal (Bell-LaPadula, Harrison-Ruzzo-Ullman).
• Model vs Policy
  • A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques that are necessary to enforce the security policy. A security model is usually represented in mathematics and analytical ideas, which are then mapped to system specifications, and then developed by programmers through programming code
  • For Example, if a security policy states that subjects need to be authorized to access objects, the security model would provide the mathematical relationships and formulas explaining how x can access y only through the outlined specific methods
  • A security policy outlines goals without regard to how they will be accomplished. A model is a framework that gives the policy form and solves security access problems for particular situations.

• A lattice is a mathematical construct that is built upon the notion of a group.
• A lattice is a mathematical construction with:
  • a set of elements
  • a partial ordering relation
  • the property that any two elements must have unique least upper bound and greatest lower bound
• A security lattice model combines multilevel and multilateral security
• Lattice elements are security labels that consist of a security level and set of categories

• In the state machine model, the state of a machine is captured in order to verify the security of a system.
• A given state consists of all current permissions and all current instances of subjects accessing the objects. If the subject can access objects only by means that are concurrent with the security policy, the system is secure.
• The model is used to describe the behavior of a system to different inputs. It provides mathematical constructs that represent sets (subjects, objects) and sequences. When an object accepts an input, this modifies a state variable thus transiting to a different state.
• Implementation tips
  • The developer must define what and where the state variables are.
  • The developer must define a secure state for each state variable.
  • Define and identify the allowable state transition functions.
  • The state transition function should be tested to verify that the overall m/c state will not compromise and the integrity of the system is maintained.

• The model ensures that any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level.
• It is not concerned with the flow of data, but rather with what a subject knows about the state of the system. So if an entity at a higher security level performs an action, it can not change the state for the entity at the lower level.
• The model also addresses the inference attack that occurs when some one has access to some type of information and can infer(guess) something that he does not have the clearance level or authority to know.

Bell—LaPadula Confidentiality Model[edit | edit source]

• It was the first mathematical model with a multilevel security policy that is used to define the concept of a secure state machine and models of access and outlined rules of access.
• It is a state m/c model that enforces the confidentiality aspects of access model.
• The model focuses on ensuring that the subjects with different clearances(top secret, secret, confidential) are properly authenticated by having the necessary security clearance, need to know, and formal access approval-before accessing an object that are under different classification levels (top secret, secret, confidential).
• The rules of Bell-Lapadula model
  • Simple security rule (no read up rule): It states that a subject at a given security level can not read data that resides at a higher security level.
  • Star property rule ( no write down rule): It states that a subject in a given security level can not write information to a lower security levels.
• Strong star property rule: It states a subject that has read and write capabilities can only perform those functions at the same security level, nothing higher and nothing lower.
• Tranquility principle : subjects and objects can not change their security levels once they have been instantiated (created).
• All MAC systems are based on the Bell – Lapadula model because of it multilevel security.
• Designed US govt and mostly adopted by govt agencies

• It is developed after Bell – Lapadula model.
• It addresses integrity of data unlike Bell – Lapadula which addresses confidentiality.
• It uses a lattice of integrity levels unlike Bell – Lapadula which uses a lattice of security levels.
• It is also an information flow model like the Bell – Lapadula because they are most concerned about data flowing from one level to another.
• The rules of Biba model
  • simple integrity rule(no read down) : it states that a subject can not read data from a lower integrity level.
  • star integrity rule(no write up) : it states that a subject can not write data to an object at a higher integrity level.
  • invocation property : it states that a subject can not invoke(call upon) a subject at a higher integrity level.

Clark—Wilson Integrity Model[edit | edit source]

• It was developed after Biba and addresses the integrity of information.
• This model separates data into one subject that needs to be highly protected, referred to as a constrained data item(CDI)and another subset that does not require high level of protection, referred to as unconstrained data items(UDI).
• Components
  • Subjects (users): are active agents.
  • Transformation procedures (TPs): the s/w procedures such as read, write, modify that perform the required operation on behalf of the subject (user).
  • Constrained data items (CDI): data that can be modified only by Tp’s.
  • Unconstrained data items (UDI): data that can be manipulated by subjects via primitive read/write operations.
  • Integrity verification procedure (IVP): programs that run periodically to check the consistency of CDIs with external reality. These integrity rules are usually defined by vendors.
• Integrity goals of Clark – Wilson model
  • Prevent unauthorized users from making modification (addressed by Biba model).
  • Separation of duties prevents authorized users from making improper modifications.
  • Well formed transactions: maintain internal and external consistency i.e. it is a series of operations that are carried out to transfer the data from one consistent state to the other.

• This model addressed in access control.
• Commonly used in OS and applications.

• In this model, data is thought of as being held in individual discrete compartments.
• Information is compartmentalized based on two factors.
  • Classification and
  • Need to know
• The subjects clearance has to dominate the objects classification and the subjects security profile must contain the one of the categories listed in the object label, which enforces need to know.
• For example:
  • Bell – Lapadula which prevents information flowing from higher source level to lower source level.
  • Biba which prevents information flowing from lower integrity level to higher integrity level

Covert channels

• A covert channel is a way for an entity to receive information in an unauthorized manner.
• It is an information flow that is not controlled by a security mechanism.
• It is an unauthorized communication path that is not protected by the system because it was uncovered while developing the system.
• Types of covert channels
  • Covert timing: in this channel, one process relays information to another by modulating its use of system resources.
  • Covert storage: in this channel, one process writes data to a storage location and another process directly, or indirectly reads it.

• This model defines a set of basic rights in terms of commands that a specific subject can execute on an object.
• It proposes the eight primitive protection rights, or rules of how these types of functionalities should take place securely.
  • How to securely create an object.
  • How to securely create a subject.
  • How to securely delete an object.
  • How to securely delete a subject.
  • How to provide read access rights.
  • How to provide grant access rights.
  • How to provide delete access rights.
  • How to provide transfer access rights.

• The HRU security model (Harrison, Ruzzo, Ullman model) is an operating system level computer security model which deals with the integrity of access rights in the system. The system is based around the idea of a finite set of procedures being available to edit the access rights of a subject s on an object o.
• The model also discussed the possibilities and limitations of proving safety of a system using an algorithm.

• This model provides access controls that can change dynamically depending upon a user’s previous actions.
• The main goal of this model is to protect against conflicts of interests by user’s access attempts.
• It is based on the information flow model, where no information can flow between subjects and objects in a way that would result in a conflict of interest.
• The model states that a subject can write to an object if, and only if, the subject can not read another object that is in a different data set.

What are the three security architecture components?

What are the 4 major phase in security architecture and design?

What is architectural security?

What does security architecture consist of?