Cover
Volume 01
Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
List of Figures
List of Tables
Foreword
Preface
Acknowledgments
Author
1 Introduction
1.1 Problem Description
1.1.1 Success beyond Anticipation
1.1.2 But, It Started Long before That
1.1.2.1 A Brief History of the Development of the WWW
1.1.3 Fast-Forward to Today
1.2 What Is Enterprise Level Security?
1.3 Distributed versus Centralized Security
1.3.1 Case Study: Boat Design
1.3.2 Case Study Enterprise Information Technology Environment
1.3.3 Security Aspects
1.3.3.1 Confidentiality
1.3.3.2 Integrity
1.3.3.3 Availability
1.3.3.4 Authenticity
1.3.3.5 Nonrepudiation
1.4 Crafting a Security Model
1.4.1 The Assumptions
1.4.2 Tenets: Digging beneath the Security Aspects
1.5 Entities and Claims
1.5.1 Credentialing
1.6 Robust Assured Information Sharing
1.6.1 Security Requirements
1.6.2 Security Mechanisms
1.6.3 Goals and Assumptions of IA Architecture
1.6.4 Assumptions
1.6.5 A Framework for Entities in Distributed Systems
1.7 Key Concepts
1.7.1 ELS-Specific Concepts
1.7.2 Mapping between Tenets and Key Concepts
1.7.3 Enterprise-Level Derived Requirements
1.7.4 Mapping between Key Concepts and Derived Requirements
1.8 Two Steps Forward and One Step Back
1.9 The Approximate Time-Based Crafting
1.10 Summary
Section I Basics and Philosophy
2 Identity
2.1 Who Are You?
2.2 Naming
2.3 Identity and Naming: Case Study
2.4 Implications for Information Security
2.5 Personas
2.6 Identity Summary
3 Attributes
3.1 Facts and Descriptors
3.2 An Attribute Ecosystem
3.3 Data Sanitization
3.3.1 Guarded and Filtered Inputs
3.3.2 Guard Administrator Web Interface
3.3.3 Integrity in Attribute Stores
3.3.4 Secure Data Acquisition
3.3.5 Integrity at the Source
3.4 Temporal Data
3.5 Credential Data
3.6 Distributed Stores
4 Access and Privilege
4.1 Access Control
4.2 Authorization and Access in General
4.3 Access Control List
4.3.1 Group Requirements
4.3.2 Role Requirements
4.3.3 ACRs and ACLs
4.3.4 Discretionary Access Control and Mandatory Access Control
4.4 Complex Access Control Schemas
4.5 Privilege
4.6 Concept of Least Privilege
4.6.1 Least Privilege Case Study
5 Cryptography
5.1 Introduction
5.2 Cryptographic Keys and Key Management
5.2.1 Asymmetric Key Pairs
5.2.1.1 RSA Key Generation
5.3 Symmetric Keys
5.3.1 TLS Mutual Authentication Key Production
5.3.2 Other Key Production
5.4 Store Keys
5.5 Delete Keys
5.6 Encryption
5.7 Symmetric versus Asymmetric Encryption Algorithms
5.7.1 Asymmetric Encryption
5.7.2 RSA Asymmetric Encryption
5.7.3 Combination of Symmetric and Asymmetric Encryption
5.7.4 Symmetric Encryption
5.7.4.1 Stream Ciphers
5.7.4.2 Block Ciphers
5.7.5 AES/Rijndael Encryption
5.7.5.1 Description of the AES Cipher
5.7.6 Data Encryption Standard
5.7.6.1 Triple DES
5.7.6.2 Description of the Triple DES Cipher
5.8 Decryption
5.8.1 Asymmetric Decryption
5.8.2 Symmetric Decryption
5.9 Hash Function
5.9.1 Hash Function Algorithms
5.9.2 Hashing with Cryptographic Hash Function
5.9.2.1 MD-5
5.9.2.2 SHA-3-Defined SHA-512
5.10 Signatures
5.10.1 XML Signature
5.10.2 S/MIME Signature
5.10.3 E-Content Signature
5.11 A Note on Cryptographic Key Lengths
5.11.1 Encryption Key Discovery
5.11.2 The High-Performance Dilemma
5.11.3 Parallel Decomposition of Key Discovery
5.12 Internet Protocol Security
5.13 Other Cryptographic Services
5.14 The Java Cryptography Extension
5.15 Data at Rest
5.16 Data in Motion
6 The Cloud
6.1 The Promise of Cloud Computing
6.2 Benefits of the Cloud
6.3 Drawbacks of Cloud Usage
6.3.1 Differences from Traditional Data Centers
6.3.2 Some Changes in the Threat Scenario
6.4 Challenges for the Cloud and High Assurance
6.5 Cloud Accountability, Monitoring, and Forensics
6.5.1 Accountability
6.5.2 Monitoring
6.5.3 Knowledge Repository
6.5.4 Forensic Tools
6.6 Standard Requirements for Cloud Forensics
7 The Network
7.1 The Network Entities
7.1.1 Most Passive Elements
7.1.2 Issues of the Most Passive Devices
7.1.3 The Convenience Functions
7.1.4 Issues for the Convenience Functions
7.1.5 Content Analyzers
7.1.6 Issues for Content Analyzers
Section II Technical Details
8 Claims-Based Authentication
8.1 Authentication and Identity
8.2 Credentials in the Enterprise
8.3 Authentication in the Enterprise
8.3.1 Certificate Credentials
8.3.2 Registration
8.3.3 Authentication
8.4 Infrastructure Security Component Interactions
8.4.1 Interactions Triggered by a User Request for Service
8.4.2 Interaction Triggered by a Service Request
8.5 Compliance Testing
8.6 Federated Authentication
8.6.1 Naming and Identity
8.6.2 Translation of Claims or Identities
8.6.3 Data Requirements
8.6.4 Other Issues
9 Credentials for Access Claims
9.1 Security Assertion Markup Language
9.2 Access Control Implemented in the Web Service
9.3 Establishing Least Privilege
9.4 Default Values
9.5 Creating an SAML Token
9.6 Scaling of the STS for High Assurance Architectures
9.7 Rules for Maintaining High Assurance during Scale-Up
10 Claims Creation
10.1 Access Control Requirements at the Services
10.1.1 Discretionary Access Control List
10.1.2 Mandatory Access Control
10.1.3 Access Control Logic
10.2 Access Control Requirement
10.3 Enterprise Service Registry
10.4 Claims Engine
10.5 Computed Claims Record
11 Invoking an Application
11.1 Active Entities
11.2 Claims-Based Access Control
11.2.1 Authorization in the Enterprise Context
11.3 Establishing Least Privilege
11.4 Authorizing the User to the Web Application
11.5 Authorizing a Web Service to a Web Service
11.6 Interaction between Security Components
11.6.1 Access from within the Enterprise
11.6.2 Disconnected, Intermittent, or Limited Environments
11.6.2.1 Prioritization of Communications
11.6.2.2 Reduction of the Need for Capacity
11.6.2.3 Asset Requirements
12 Cascading Authorization
12.1 Basic Use Case
12.2 Standard Communication
12.3 Pruning Attributes, Groups, and Roles
12.4 Required Escalation of Privilege
12.5 Data Requirements for the Pruning of Elements
12.6 Saving of the SAML Assertion
12.7 SAML Token Modifications for Further Calls
12.8 An Annotated Notional Example
12.9 Additional Requirements
12.10 Service Use Case Summary
13 Federation
13.1 Federation
13.2 Elements of Federated Communication
13.2.1 Naming and Identity
13.2.2 Credentials
13.2.3 PKIβX.509 Certificates
13.2.4 Certificate Services
13.2.5 Bilateral Authentication
13.2.6 Authorization Using SAML Packages
13.2.7 Registration of the STS
13.2.8 Recognizing STS Signatures
13.2.9 Translation of Properties, Roles, and Groups
13.2.10 Other Issues
13.3 Example Federation Agreement
13.4 Access from Outside the Enterprise
13.5 Trusted STS Store
13.6 Trusted STS Governance
14 Content Access Control
14.1 Authoritative and Nonauthoritative Content
14.2 Content Delivery Digital Rights Management
14.3 Mandatory Access Control
14.4 Access Control Content Management System
14.5 Enforcing Access Control
14.6 Labeling of Content and Information Assets
14.7 Conveying Restrictions to the Requester
14.8 Enforcing/Obtaining Acknowledgment of Rest
14.9 Metadata
14.10 Content Management Function
14.11 Components of a Stored Information Asset
14.11.1 Information Asset, Section A: ACL, MAC, and Data
14.11.2 Information Asset, Section B: Information Asset as Labeled
14.11.3 Information Asset, Section C: Information Asset Signature(s)
14.11.4 Information Asset, Section D: MDE Metacard
14.12 Additional Elements for Stored Information Assets
14.12.1 Key Words
14.12.2 Storage Location(s) of Key Word Metadata
14.12.3 Reference Identity and Information Asset Description
14.12.4 Information Asset Name
14.12.5 Information Asset Description
14.13 Key Management Simplification
14.13.1 Information Asset
14.14 Import or Export of Information Assets
15 Delegation
15.1 Delegation Service
15.2 Service Description for Delegation
15.3 Form of Extended Claims Record
15.4 Special Delegation Service
16 The Enterprise Attribute Ecosystem
16.1 User and Data Owner Convenience Functions
16.1.1 Self-Registration (Partial)
16.1.2 User Attribute Service
16.1.3 Service Discovery
16.1.4 User Claim Query Service
16.1.5 Direct Service/Application Invocation
16.1.6 Trusted Delegation Service
16.1.7 Special Delegation Service
16.2 Attribute Ecosystems Use Cases
16.2.1 Process Flows Related to Security for Each Service
16.2.2 Updating Claims
16.2.3 Adding a New Identity
16.2.4 Adding a Service
16.2.5 Accessing Services
16.2.6 Providing Delegation
16.2.7 Providing Special Delegation
16.3 Attribute Ecosystem Services
16.3.1 Authoritative Content Import Service(s)
16.3.2 Manage Import and Aggregation Web Application
16.3.3 Manual Entry Web Application for Attributes
16.3.4 AE Import Service
16.3.5 Enterprise Service Registry Web Application
16.3.6 Manage Claims Engine Web Application
16.3.7 Claims Engine
16.3.8 Manage Claims Web Application
16.3.9 Manage Delegation Web Application and Service
16.3.10 Claims Exposure and Editor Web Service
16.3.11 Provide Claims Web Service
16.3.12 Delegation Web Application and Web Service
16.3.13 Manage Groups and Roles Web App
16.3.14 Autoregistration Web App
16.3.15 Write Attribute List
16.3.16 User Query Attributes
16.3.17 User Query Claims
16.3.18 Special Delegation Web Application and Web Service
17 Database Access
17.1 Database Models
17.2 Database Interfaces and Protocols
17.2.1 SQL Databases
17.2.2 XML Databases
17.2.3 Large-Scale Databases
17.2.4 Geospatial Databases
17.3 Overall Database Considerations
17.4 Enterprise Resource Planning Business Software
17.5 ERP as a Legacy System
17.5.1 ERP Attribute System Synchronization
17.5.2 ERP Border System
17.6 Hardening of ERP Database Systems
17.6.1 Hardening Stage One: Encryption of Data at Rest
17.6.2 Hardening Stage Two: Encryption of Data in Transit
17.6.3 Hardening Stage Three: Claims Identity, Access, and Privilege
17.6.4 Hardening Stage Four: Least Privilege for Application
17.6.4.1 Financial Roles
17.6.4.2 Application-Driven Database Operations
17.6.4.3 Application-Driven Annotated Example
17.6.4.4 Data-Driven Database Operations
17.6.4.5 Data-Driven Annotated Example
17.6.5 Hardening Stage Five: Homomorphic Encryption
18 Building Enterprise Software
18.1 Services Types
18.2 Functionality of All Services
18.2.1 Evaluating Inputs
18.2.1.1 Extensible Markup Language
18.2.2 Credentials
18.2.3 PKI Required: X.509 Certificates
18.2.4 PKI Bilateral Authentication
18.2.5 Authorization Using Authorization Handlers
18.2.6 Agents in the Enterprise
18.2.6.1 Self-Help Agents
18.2.6.2 Embedded Agents
18.2.6.3 Monitor Sweep Agents
18.2.6.4 Import Agents
18.2.6.5 Self-Protection Agents
18.2.7 Data Keeping and Correlation
18.3 Service Model
18.4 Enterprise Services Checklist
18.5 Enterprise Service Registry
18.6 Service Discovery: Manual and Automated
18.7 Additional Considerations
18.7.1 Agents in the Enterprise Environment
18.7.2 Code Elements of a Service
18.7.3 Anatomy of a Service
18.7.3.1 Commercial Off-the-Shelf and Legacy Software
18.7.3.2 Load Balancing Applications
18.7.3.3 Web Service Monitor Activities
18.8 Orchestration
18.9 ELS Interface
18.10 Access Control List
19 Vulnerability Analyses
19.1 Vulnerability Causes
19.2 Related Work
19.2.1 Static Code Analysis
19.2.2 Dynamic Code Analysis
19.2.3 Penetration Testing
19.2.4 Code Analysis and Penetration Testing Summary
19.3 Vulnerability Analysis
19.3.1 Vulnerability Analysis Objective
19.3.2 Vulnerability Analysis Information
19.3.3 Obtaining Vulnerabilities
19.3.4 Deriving Penetration Tests
19.3.5 Continuous Updating
19.3.6 Review and Approve
19.4 Flaw Remediation
19.4.1 Flaw Remediation Objectives
19.4.2 Flaw Remediation Information
19.4.3 A Flaw Remediation Process
19.4.4 Flaw Remediation Quality System
19.4.5 Flaw Remediation Reporting
19.4.6 Review and Approve
19.5 Summary
20 An Enterprise Support Desk
20.1 Monitoring
20.2 Data Repository System
20.3 Information for Service Monitoring
20.4 Centralized Repository
20.5 Services by Type
20.6 Data Keeping Requirements
20.7 Naming Schema
20.8 Monitor Activities
20.8.1 Data Generation
20.8.2 Log 4j Specification
20.8.3 Alerts and Automatic Response
20.8.4 SMTP Format for Alerts
20.8.5 Requirements for Java and Service Exception Errors
20.8.6 Record Storage
20.9 Help Desk Breakdown
20.10 Customer Support and Help Desk
20.11 Levels of Service
20.11.1 Level 0: Client Self-Help
20.11.2 Level 1: Basic Information
20.11.3 Level 2: Interactive Support
20.11.4 Level 3: Security, Serious Bugs, and Vendor Support
20.12 Using the Knowledge Repository
20.12.1 Information for Help Desk Operations
20.13 ESD Summary
21 Network Defense
21.1 Expected Behavior
21.2 Introduction
21.3 Current Protection Approaches
21.3.1 Current: Unencrypted Traffic
21.3.2 Current: Encrypted Traffic
21.4 An Alternative to Private Key Passing
21.5 A Distributed Protection System
21.5.1 Appliance Functionality In-Line
21.5.2 Appliance Functionality as a Service
21.6 Next Steps for Appliances
21.6.1 Real Demilitarized Zone
21.6.2 Security Issue
21.6.3 Taking Advantage of Software-Only Functionality
21.6.4 Protecting the Server
21.6.5 Handlers in the Server
21.7 Appliances That Change Content
21.7.1 Wide Area Network Acceleration
21.7.2 An Introduction to WAN Acceleration
21.7.3 Current WAN Accelerator Approaches
21.7.4 An Alternative to Private Key Passing
21.7.5 Integrity in a TLS Session
21.7.6 Flows in a High Integrity System
21.7.7 Summary of WAN Acceleration
21.8 Appliances: A Work in Progress
22 Concluding Remarks
22.1 Where We Have Been and Where We Are Going
22.2 Understanding the Approach
22.3 About Those Takeaways
Appendix
Bibliography
Volume 02
Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
Preface
Acknowledgments
About the Authors
List of Figures
List of Tables
Chapter 1 The First 16 Years
1.1 The Beginning of Enterprise Level Security (ELS)
1.2 Design Principles
1.3 Key Concepts
1.4 Implementation
Chapter 2 A Brief Review of the Initial Book
2.1 Security Principles
2.2 ELS Framework
Chapter 3 Minimal Requirements for the Advanced Techniques
3.1 Needed Capabilities
3.2 Creating an Attribute Store
3.3 Registering a Service
3.4 Computing Claims
3.5 User Convenience Services
3.6 The Enterprise Attribute Ecosystem
3.7 Summary
Identity and Access Advanced Techniques
Chapter 4 Identity Claims in High Assurance
4.1 Who Are You?
4.2 Entity Vetting
4.3 Naming
4.4 Key and Credential Generation
4.5 Key and Credential Access Control
4.6 Key and Credential Management
4.7 Key and Credential Use
4.8 Some Other Considerations
Chapter 5 Cloud Key Management
5.1 Clouds
5.2 ELS in a Private Cloud
5.3 The Public Cloud Challenge
5.4 Potential Hybrid Cloud Solutions
5.5 Proposed Secure Solutions
5.6 Implementation
5.7 Cloud Key Management Summary
Chapter 6 Enhanced Assurance Needs
6.1 Enhanced Identity Issues
6.2 Scale of Identity Assurance
6.3 Implementing the Identity Assurance Requirement
6.4 Additional Requirements
6.5 Enhanced Assurance Summary
Chapter 7 Temporary Certificates
7.1 Users That Do Not Have a PIV
7.2 Non-PIV STS/CA-Issued Certificate
7.3 Required Additional Elements
7.4 Precluding the Use of Temporary Certificates
7.5 Temporary Certificate Summary
Chapter 8 Derived Certificates on Mobile Devices
8.1 Derived Credentials
8.2 Authentication with the Derived Credential
8.3 Encryption with the Derived Credential
8.4 Security Considerations
8.5 Certificate Management
Chapter 9 Veracity and Counter Claims
9.1 The Insider Threat
9.2 Integrity, Reputation, and Veracity
9.3 Measuring Veracity
9.4 Creating a Model and Counter Claims
9.5 Veracity and Counter Claims Summary
Chapter 10 Delegation of Access and Privilege
10.1 Access and Privilege
10.2 Delegation Principles
10.3 ELS Delegation
10.4 Delegation Summary
Chapter 11 Escalation of Privilege
11.1 Context for Escalation
11.2 Access and Privilege Escalation
11.3 Planning for Escalation
11.4 Invoking Escalation
11.5 Escalation Implementation within ELS
11.6 Accountability
11.7 Escalation Summary
Chapter 12 Federation
12.1 Federation Technical Considerations
12.2 Federation Trust Considerations
12.3 Federation Conclusions
ELS Extensions β Content Management
Chapter 13 Content Object Uniqueness for Forensics
13.1 Exfiltration in Complex Systems
13.2 Product Identifiers
13.3 Hidden Messages
13.4 Content Management
13.5 Content Object Summary
Chapter 14 Homomorphic Encryption
14.1 Full Homomorphic Encryption (FHE)
14.2 Partial Homomorphic Encryption (PHE)
14.3 PHE Performance Evaluation
14.4 Homomorphic Encryption Conclusions
ELS Extensions β Data Aggregation
Chapter 15 Access and Privilege in Big Data Analysis
15.1 Big Data Access
15.2 Big Data Related Work
15.3 Big Data with ELS
15.4 Big Data Summary
Chapter 16 Data Mediation
16.1 Maintaining Security with Data Mediation
16.2 The Mediation Issue
16.3 Approaches
16.4 Choosing a Solution
16.5 Mediation Summary
ELS Extensions β Mobile Devices
Chapter 17 Mobile Ad Hoc
17.1 Mobile Ad Hoc Implementations
17.2 Network Service Descriptions
17.3 Other Considerations
17.4 Mobile Ad Hoc Summary
Chapter 18 Endpoint Device Management
18.1 Endpoint Device Choices
18.2 Endpoint Device Management
ELS Extensions β Other Techniques
Chapter 19 Endpoint Agent Architecture
19.1 Agent Architecture
19.2 Related Work
19.3 ELS Agent Methods
19.4 Endpoint Agent Results
19.5 Endpoint Agent Conclusions
19.6 Endpoint Agent Extensions
Chapter 20 Ports and Protocols
20.1 Introduction
20.2 Communication Models
20.3 Ports in Transport Protocols
20.4 Threats Considered
20.5 Assigning Ports and Protocols
20.6 Server Configurations
20.7 Firewalls and Port Blocking
20.8 Application Firewalls
20.9 Network Firewalls in ELS
20.10 Endpoint Protection in ELS
20.11 Handling and Inspection of Traffic
20.12 Additional Security Hardening
Chapter 21 Asynchronous Messaging
21.1 Why Asynchronous Messaging?
21.2 Prior Work
21.3 Asynchronous Messaging Security
21.4 PSS Rock and Jewel
21.5 Summary
Chapter 22 Virtual Application Data Center
22.1 Introduction
22.2 Enterprise Level Security and VADC Concepts
22.3 VADC Implementation
22.4 Resource Utilization
22.5 Distributed Benefits and Challenges
22.6 Virtual Application Data Center Conclusions
Chapter 23 Managing System Changes
23.1 System Change
23.2 Current Approaches
23.3 The Vision
23.4 Realizing the Vision
23.5 Moving into the Future
23.6 Managing Information Technology Changes
Chapter 24 Concluding Remarks
24.1 Staying Secure in an Uncertain World
24.2 The Model is Important
24.3 Zero Trust Architecture
24.4 Computing Efficiencies
24.5 Current Full ELS System
24.6 Future Directions
References
Acronyms
Index