Figure 2-7. Security Architecture Development ProcessSecurity services are integrated with each service area and pervade these service areas in one or more forms. A security service is a service provided by the system that is used to support a system security policy or security requirement. For example, discretionary access control (DAC) is one security service associated with operating system services. This specific security service satisfies the general security requirement for restricting access to objects (e.g., files) based on the identity and need-to-know of the user, process, and/or groups to which they belong. Security services implement the level(s) of protection necessary for an information system architecture to satisfy a system security policy.
Security services can be implemented by hardware, software, and firmware or through the use of administrative procedures and physical controls. Security services associated with one of the service areas may also depend on the security services offered by a different service area. For example, data management security services may depend on operating system security services.
A security service can be implemented by one or more security mechanisms. Different information systems may employ different combinations of security mechanisms to implement a specific security service. Security mechanisms may be applied to different service areas. Examples of security mechanisms include encipherment, digital signature mechanisms, access control mechanisms, data integrity mechanisms, and authentication exchange mechanisms. Security standards that pertain to security mechanisms include the NIST Digital Signature Standard (DSS) (FIPS 186) and the NIST Secure Hash Standard (FIPS 180).
Security mechanisms that are not specific to any particular service area are referred to as pervasive security mechanisms. Pervasive security mechanisms include trusted functionality, security labels, event detection, security audit trail, and security recovery.
DODIIS security architecture is provided in the Department of Defense Intelligence Information System (DODIIS) Security Architecture Guidance and Directions (SAGD), dated 12 September 1994. The SAGD provides guidance on the near-term DODIIS security architecture, DODIIS security strategies, and system high security guidance. The SAGD also discusses future security directions of the Client Server Environment (CSE) and the use of trusted interfaces (e.g., Ops/Intel Interface) between environments operating at different security levels.
Guidance is also provided in the supplements to DIAM 50-4. These supplements are:
Figure 2-7 illustrates the security architecture development process. One of the DODIIS Profile service areas (Network Services) is shown for the purposes of this discussion. As shown by the figure, security requirements are derived from a number of inputs. These inputs include the overall system security policy, mission requirements, threats, vulnerabilities, and operational environment considerations. The system security policy normally contains general security policy statements and is derived from security policy documents, such as Director of Central Intelligence Directive [DCID] 1/16, DIA Manual (DIAM) 50-4, DODIIS SAGD, DIAM 50-4 supplements, and site-specific security documents. The security architecture identifies how security is to be implemented within each of the components of the information system and also describes how each of the components will interface with each other in a secure manner.
The DODIIS Profile identifies applicable security services, current security standards, and emerging security standards for several of the service areas. This information can provide assistance within the security requirements and architecture development process. Figure 2-7 shows Network Services and illustrates some applicable security services (authentication and access control). In this example, authentication (e.g., peer entity authentication) and access control are security requirements for the information system. Access control can be implemented by a number of security mechanisms, such as access control lists, whereas authentication can be implemented by means of encipherment and digital signatures. One or more security standards may be associated with each of the services/mechanisms. A security architecture should identify the appropriate security mechanisms that implement a specific security service or set of security services.
Figure 2-7. Security Architecture Development Process