Security | Steve Nimmons

Observing Trust

Twitter is a fascinating addition to modern life (technically and sociologically). It has (largely) overcome massive scalability challenges and is an exemplar in coping with ‘unprecedented’ growth. Twitter uses Big Data technologies, and massive scale social platforms are redefining design thinking.

Twitter has verified celebrity accounts for some time. The ‘white tick in a blue circle’ on the profile page of the Dalai Lama certifies his account as genuine. Followers (in the virtual sense) accept this certification.

Verified by Twitter – the Dalai Lama…

Why is this trust dynamic interesting?

Typical end-users know little of ‘the Twitter organisation’,
The identity certification process is not well known,
We are ‘suspicious’ of accounts of public figures which are ‘not verified’, even though they may be genuine,
We know ‘Twitter isn’t perfect’ (the fail whale),
And yet – certification is accepted without challenge.

The Twitter ‘fail whale’

Is this problematic?

Twitter needs to get account verification right. A verified account that turns out to be an impersonation is embarrassing. The recent case of Wendi Murdoch illustrates why. Should this happen on any scale (or with any frequency) reputational damage would result, along with loss of trust in the verified account status. Celebrities (or their agents) would undoubtedly be quick to highlight impersonation, as they too must protect reputation. This creates an interesting identity assurance ‘feed back loop’. Correlation of identities reinforces trust – e.g. where a celebrity links to a Twitter account from an established (and trusted) website.

Twitter’s public “verified” program beta has been phased out, so for ‘the Tweeting masses’ there is no account verification mechanism. This is proportionate, but greatly restricts the potential of identity assurance. In a sense, Twitter is acting as an Identity Provider for high-profile people:

There is a Registration service,
an Enrolment Service,
an Identity Verification Service,
and a mechanism to demonstrate proof of identity to others.

Participation in the trust framework is acceptance by the ‘followers’ of the ‘white tick, blue circle ’, as a Twitter ‘kite-marked’ identity.

Why is this interesting?

Thinking about this as an abstract pattern leads to a number of predictions/hypotheses:

Social Network providers will eventually offer fully-featured identity services to end-users
Trust frameworks will be created where the assured identity is ‘transferable’ (identity federation)
Identity as a Service and transactional services around identity management will become popular
As consumerisation is driving ‘bring your own technology’, we will reach a point of “Bring your own Identity” where the trust framework extends into the enterprise.

Twitter users trust Twitter to professionally deliver the account verification process. Users (by and large) do not really consider how that process works.

Will this herald a ‘new norm’ where social network identities are used in the corporate realm, in the guise of ‘Bring your own Identity’?

Pin It

Figure 1 – Policy Enforcement Point Pattern

[source: Steve Nimmons]

Scenario:

End-user requests access to an application / service.
Request is routed through a Policy Enforcement Point.
Policy Enforcement Point transfers the request details to a Policy Decision Point for evaluation and authorisation decision.
The Policy Decision Point refers to a Policy Store and possibly a Policy Information Point.
Policy is administered through a ‘central’ Policy Administration Point (not shown in Figure 1).
The Policy Enforcement Point enforces the decisions of the Policy Decision Point.

This pattern and concept draws heavily on XACML.

XACML

XACML defines a number of concepts:

Policy Administration Point (PAP) – Point which manages policies.
Policy Decision Point (PDP) – Point which evaluates and issues authorisation decisions.
Policy Enforcement Point (PEP) – Point which intercepts user’s access request to a resource and enforces PDP’s decision.
Policy Information Point (PIP) – Point which can provide external information to a PDP, such as LDAP attribute information.

Benefits

The PEP is a single point of access.
Policy is decoupled from applications / services. Policy can be managed independently of applications and services, which can therefore concentrate on providing business value.
Auditing at the PDP and PEP is simpler than auditing across many disparate applications / services.
Implementation of change is simplified – policies can be administered and deployed to defined architectural functions (i.e. PAP and PDP)
As an unauthorised request never gets to the application / service (it is intercepted by the PEP) it is much harder to compromise the application. The same is not true if the PEP and PDP are essentially implemented in the application’s security model.
The PEP, PDP, PAP and PIP can be implemented using hardened, accredited components.
Context Aware Computing is increasingly important. Context Based Authorisation will be simplified by using decoupled policy management and enforcement.

A good architecture principle to consider is “authorisation requests for applications and services will be handled using a dedicated PEP and PDPs.”

Pin It

This article briefly introduces the SABSA framework and its importance in the production of Security Architectures using Enterprise Architecture and TOGAF.

Figure 1 – The SABSA Framework

[Source: SABSA – (stylised version below by Steve Nimmons)]

The SABSA (Sherwood Applied Business Security Architecture) framework has evolved as a “best practice” method for delivering cohesive information security solutions to enterprises.

SABSA is a six-layer model covering all four parts of the IT lifecycle: Strategy, Design, Implementation and Management & Operations.

SABSA ensures the security needs of your enterprise are met completely and that security services are designed, delivered, and supported as an integral part of your IT Management infrastructure.

Figure 2 – The SABSA MATRIX

[source: SABSA]

Figure 3 (SABSA and the TOGAF ADM) is a useful way to compare the relationship between the two frameworks at a high level. The SABSA dimensions are principally used to guide creation of the Security Architecture and the production of security aspects of the dependent TOGAF views (Business Architecture, Information Systems Architecture and Technology Architecture).

Figure 3 – TOGAF ADM & SABSA

[Source: Steve Nimmons]

Figure 4 – High-level process for creation of Security Architecture

[Source: Steve Nimmons]

High Level Steps

Ensure security requirements are considered at inception (including legislation such as Data Protection Act, PCI DSS etc.)
Create a set of Enterprise Principles (across Business, Data, Application and Technology domains, with a specific focus on security principles and policies)
Conduct a structured Risk Assessment to determine which assets require protection and the level of controls required
Create RMADS documentation highlighting the actors, risks and countermeasures required to mitigate the risks
Develop standard TOGAF views (Business Architecture, Data Architecture, Application Architecture and Technology Architecture), informed by the functional and non-functional requirements and Enterprise Principles. Each of these views will have security aspects
Implement security architecture view(s) in TOGAF based on SABSA and relevant best practices (e.g. CESG GPG documentation). This set of architectural views focuses on the SABSA dimensions pictured in Figures 2 and 3 (above) and Table 1 (below)
The Security Architecture should identify the principal Security Enforcing Functions in the architecture and cross-reference them with the countermeasures laid out in the RMADS

Table 1 – SABSA focus areas

Business view	Contextual Security Architecture
Architect’s view	Conceptual Security Architecture
Designer’s view	Logical Security Architecture
Builder’s View	Physical Security Architecture
Tradesman’s View	Component Security Architecture
Facilities Manager View	Operational Security Architecture

Contextual and conceptual security is often rather glossed over, with Security Architecture ‘diving in’ at the Logical View. Application Architectures also need decent security and component architectures, in terms of understanding protocols in use, ports required, deployment options, component interactions, security contexts, resilience etc.

As with TOGAF implementation, the degree of ceremony and tailoring of SABSA should be pragmatic. Security should be proportionate, architectural modelling guided by SABSA should also be proportionate. Structured risk assessment provides the right focus. Cross-referencing between risk assessment, countermeasures in the RMADS (i.e. mitigation of risk) and the actual Security Enforcing Functions in the Security Architecture is important. Laid out well, this really helps with understanding how identified risks are dealt with in the architecture (and at which tier). This is a G-d send for penetration testing and accreditation.

It’s all in the eyes

Posted by Steve Nimmons at 3:00 am Editors Choice, Social Media Comments Off

Jul 102008

Pin It

Article first appeared in the July 2008 issue of ITNOW.

From interruption to interaction, online advertising has progressed quickly in the last few years, says Steve Nimmons.

Online advertising has been with us since the earliest days of the internet and where eyeballs meet content, advertisers will be close by. The first web portals were (almost uniformly and tastelessly) bedecked with every imaginable flashing widget that might attract a valuable click-through. I will spare the early designers’ blushes but some sites would today come with health warnings for photosensitive epilepsy. Quality had to, and did, improve. Continue reading »

Unseen Enemy

Posted by Steve Nimmons at 3:41 am Editors Choice, Social Media Comments Off

Jun 102008

Pin It

Article originally published by Evaluation Centre / Conspectus, Summer 2008

Steve Nimmons warns of the hidden threat to corporate privacy and reputation lurking within Web 2.0.

The Historical Problem

I recall (approximately eight years ago) reading an interesting poster on social engineering at a well-known electronics company in California. This wall-chart communicated sensible advice for dealing with unsolicited phone calls, ‘chance’ conversations and the importance of discretion when discussing corporate matters on planes, trains and automobiles.
Topics such as tail gating, the ‘risk of gallantry’, the social and psychological tricks used by experienced practitioners to project ‘belonging’, the need for discretion and vigilance in public spaces and of course ‘clear desk policies’ were explained in concise, relevant and accessible language. Continue reading »

Steve Nimmons

Policy Enforcement Point Pattern

Scenario:

XACML

Benefits

Related Posts:

Enterprise Architecture: Security Architecture with TOGAF and SABSA

High Level Steps

Related Posts:

It’s all in the eyes

Article first appeared in the July 2008 issue of ITNOW.

Related Posts:

Unseen Enemy

Article originally published by Evaluation Centre / Conspectus, Summer 2008

The Historical Problem

Related Posts:

Connect

Times of Israel

Atos CIO Blog

Pinterest

Quora

Facebook

Recent Comments

Categories

Archives

Brain Food

Hallowed Ground

Enterprise Architecture

Pattern Based Strategy

Selected Publications

Steve 2.0