 |
 |
 |
 |
| |
|||||
|
|
|
|
|
||||
Security for Enterprise Engineering: Weathering Storms Jody Heaney Imagine for a moment operating a fleet of airplanes whose mechanical and electronic parts are fully exposed and unprotected. On paper, such a fleet could look surprisingly attractive, since the removal of "extras" would nominally translate into improved overall carrying capacity. The reality is that such a fleet would never even approach those nominal increases in capacity because they are based on an unrealistic assumption of a perfect world—safe from the effects of rain, wind, rocks, dust, and human clumsiness, inattention, or outright maliciousness. The theoretical benefits of this stripped-down fleet would plummet as such effects continually remove the "more efficient" aircraft from use, drastically increasing support costs. The very idea of building a fleet of unprotected aircraft seems silly. It is thus ironic that when it comes to acquiring and building information systems that are the lifeblood of many modern enterprises, decision-makers often give little thought to how such systems will be protected from potentially hostile information and human environments in which they exist. A traditional emphasis on power and capacity, combined with a lack of understanding of security and reliability in cyberspace, has left much of the computing infrastructure of the world as vulnerable as a delicate machine left to sit outside, uncovered, in stormy weather. The goal of the MITRE Security for Enterprise Engineering (SEE) research project is to help correct this situation by providing a framework in which enterprise planners, decision-makers, architects, and designers can make safety and security an integral part of the information architecting and implementation process. Security (also known as "information assurance") is the set of capabilities that gives a person, system, or enterprise enough confidence in its information resources to make effective use of those resources possible. The difficulty of providing adequate information security increases as systems or enterprises grow larger and more distributed, since such systems present far more opportunities for both inadvertent and malicious damage to information resources. This problem is compounded by the fact that most security mechanisms and capabilities are developed within relatively narrow, well-defined contexts. Unfortunately, many of the most serious security omissions and errors occur not at the local level but in the planning and development of an entire enterprise. Given this situation, the overall objective of the SEE project is to encourage enterprise-level understanding and adoption of proven methods for improving information assurance. We chose as a starting point for entering into enterprise planning and architecting the well-known framework known as the Zachman Framework. 
Figure 1: The Zachman Framework is a matrix of players and specific views of an enterprise. The Zachman Framework is essentially an analytical tool for ensuring that important issues in the planning and development of enterprise information systems are not overlooked. The framework does this by explicitly enumerating two dimensions of good enterprise architecting: the players, or roles, in the process, and a number of specific perspectives or views for looking at the enterprise (as a whole, as illustrated above). For example, the Zachman Framework reminds planners to look at issues such as data planning, network planning, and planning for people. Adding the Security View The Zachman example in Figure 2 includes a SEE-specific addition: the "Security View" column. This new view focuses not on functionality per se, but rather on how to build, package, and present functionality in ways that make it readily available to those who need it, yet difficult to damage inadvertently or through malicious intent. In the SEE project we did not casually introduce a new view to the Zachman Framework. Rather, our position is that the lack of such a view in Zachman reflects an unconscious bias toward functionality that assumes an unrealistically perfect world. Such biases are a natural result of the highly protected glass-walled mainframe environments of the early decades of computing, but they are dangerously outdated in a world where massive levels of computation and information transfer are ubiquitous to every level of an enterprise. The addition of a Security View in enterprise architecture thinking is a key element in meaningful modernization of current and future enterprise information systems and must be considered carefully at all levels of planning. The problem in the SEE project was how not only to alert participants to the importance of the Security View, but also to educate them on the specifics of how it affects their perspectives and activities in the overall process. 
Figure 2: The Information Assurance column is a new view that highlights security needs for different roles. Patterns, Patterns, Patterns The mechanism we chose for accomplishing the educational aspect of adding the Security View is a software-engineering concept called "patterns." Patterns can be thought of simply as a convenient way of packaging best practices so others can find them and apply them more easily. Patterns are closely akin to the medical concept of using symptoms to classify and look up specific medical treatments and are structured in much the same way. That is, each pattern includes a description of the circumstances in which it may apply, followed by a "treatment" or specific technique matching those circumstances. In software engineering, patterns originated in a specific style of software design known as object-oriented design. In the SEE project we have generalized the pattern concept into a way to capture and present information assurance solutions at many different levels of architecting and development. There are two types of security-related patterns in the extended Zachman Framework. Security-aware patterns fall under a view other than Security (e.g., Data or People), but are "aware" of information assurance issues and provide advice compatible with overall construction of a secure, reliable enterprise architecture. Security-specific patterns occur in the Security View column and involve issues and solutions requiring explicit mechanisms such as enterprise-level data protection and access mechanisms. Security-specific systems have implications for other views, but require specific analysis and design in a way that cannot be adequately done when looking only through the other Views of the framework. A Promising Future Based on feedback from both the security and systems design communities, the future looks promising for using pattern-based solutions to promote security while modernizing enterprises. To date, the SEE team has presented two papers internationally and one nationally on our concepts, and we have influenced the overall direction and level of interest in both pattern-based assurance methods and in the use of the Zachman Framework to broaden the overall scope of such methods. Our approach looks promising as a way to help make our sponsors' information systems more secure in an increasingly uncertain and potentially hostile global information environment. |
|||||
| For more information, please contact Jody Heaney using the employee directory. Page last updated: November 12, 2003 | Top of page |
|||||
Solutions That Make a Difference.® |
|
|
Download this issue [617KB]