Enterprise Level Security 2: Advanced Topics in an Uncertain World follows on from the authors’ first book on Enterprise Level Security (ELS), which covered the basic concepts of ELS and the discoveries made during the first eight years of its development. This book follows on from this to give a discussion of advanced topics and solutions, derived from 16 years of research, pilots, and operational trials in putting an enterprise system together. The chapters cover specific advanced topics derived from painful mistakes and numerous revisions of processes. This book covers many of the topics omitted from the first book including multi-factor authentication, cloud key management, enterprise change management, entity veracity, homomorphic computing, device management, mobile ad hoc, big data, mediation, and several other topics.
The ELS model of enterprise security is endorsed by the Secretary of the Air Force for Air Force computing systems and is a candidate for DoD systems under the Joint Information Environment Program.
The book is intended for enterprise IT architecture developers, application developers, and IT security professionals.
This is a unique approach to end-to-end security and fills a niche in the market.
Author(s): Kevin E. Foltz, William R. Simpson, Institute for Defense Analyses
Publisher: CRC Press
Year: 2020
Language: English
Pages: 339
City: 6000 Broken Sound Parkway NW, Suite 300
Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
Preface
Acknowledgments
About the Authors
List of Figures
List of Tables
Chapter 1 The First 16 Years
1.1 The Beginning of Enterprise Level Security (ELS)
1.2 Design Principles
1.3 Key Concepts
1.4 Implementation
Chapter 2 A Brief Review of the Initial Book
2.1 Security Principles
2.1.1 Know the Players
2.1.2 Maintain Confidentiality
2.1.3 Separate Access and Privilege from Identity
2.1.4 Maintain Integrity
2.1.5 Require Explicit Accountability
2.2 ELS Framework
Chapter 3 Minimal Requirements for the Advanced Topics
3.1 Needed Capabilities
3.2 Creating an Attribute Store
3.3 Registering a Service
3.4 Computing Claims
3.5 User Convenience Services
3.6 The Enterprise Attribute Ecosystem
3.7 Summary
Identity and Access Advanced Topics
Chapter 4 Identity Claims in High Assurance
4.1 Who Are You?
4.2 Entity Vetting
4.3 Naming
4.4 Key and Credential Generation
4.5 Key and Credential Access Control
4.6 Key and Credential Management
4.7 Key and Credential Use
4.8 Some Other Considerations
Chapter 5 Cloud Key Management
5.1 Clouds
5.2 ELS in a Private Cloud
5.3 The Public Cloud Challenge
5.3.1 Using the Same Design
5.3.2 HSM Site Inspection, Virtual Connection to HSM
5.3.3 HSM Site Inspection, Direct Connection to HSM
5.3.4 HSM Site Inspection, Preconfigured Direct Connections to HSM
5.4 Potential Hybrid Cloud Solutions
5.4.1 HSM in Public Cloud
5.4.2 HSM in Private Cloud
5.4.3 General Hybrid Challenges
5.5 Proposed Secure Solutions
5.5.1 Server in HSM
5.5.2 Homomorphic Encryption
5.6 Implementation
5.6.1 Cloud Vendor Support
5.6.2 HSM Vendor Support
5.6.3 Leveraging Mobile Device Management (MDM) for Cloud Assets
5.6.4 Homomorphic Encryption
5.7 Cloud Key Management Summary
Chapter 6 Enhanced Assurance Needs
6.1 Enhanced Identity Issues
6.2 Scale of Identity Assurance
6.3 Implementing the Identity Assurance Requirement
6.4 Additional Requirements
6.5 Enhanced Assurance Summary
Chapter 7 Temporary Certificates
7.1 Users That Do Not Have a PIV
7.2 Non-PIV STS/CA-Issued Certificate
7.3 Required Additional Elements
7.4 Precluding the Use of Temporary Certificates
7.5 Temporary Certificate Summary
Chapter 8 Derived Certificates on Mobile Devices
8.1 Derived Credentials
8.2 Authentication with the Derived Credential
8.3 Encryption with the Derived Credential
8.4 Security Considerations
8.5 Certificate Management
Chapter 9 Veracity and Counter Claims
9.1 The Insider Threat
9.2 Integrity, Reputation, and Veracity
9.3 Measuring Veracity
9.3.1 Person Entities
9.3.2 Non-Person Entities
9.3.2.1 Non-Person Veracity
9.4 Creating a Model and Counter Claims
9.4.1 For Persons
9.4.2 For Non-Persons
9.4.3 Computing Veracities
9.5 Veracity and Counter Claims Summary
Chapter 10 Delegation of Access and Privilege
10.1 Access and Privilege
10.2 Delegation Principles
10.3 ELS Delegation
10.3.1 Standard ELS Delegation
10.3.2 ID-Based Special Delegation
10.4 Delegation Summary
Chapter 11 Escalation of Privilege
11.1 Context for Escalation
11.2 Access and Privilege Escalation
11.3 Planning for Escalation
11.4 Invoking Escalation
11.5 Escalation Implementation within ELS
11.6 Accountability
11.7 Escalation Summary
Chapter 12 Federation
12.1 Federation Technical Considerations
12.1.1 ELS Federation
12.1.2 ELS-like Federation
12.1.3 Identity Credential Federation
12.1.4 Weak Identity Federation
12.1.5 Ad Hoc Federation
12.1.6 Person-to-Person Sharing
12.1.7 Evaluating Options
12.2 Federation Trust Considerations
12.2.1 Full Trust
12.2.2 Infrastructure Trust
12.2.3 Individual Trust
12.2.4 No Trust
12.3 Federation Conclusions
ELS Extensions – Content Management
Chapter 13 Content Object Uniqueness for Forensics
13.1 Exfiltration in Complex Systems
13.2 Product Identifiers
13.3 Hidden Messages
13.4 Content Management
13.4.1 Access Control
13.4.2 Enforcing Access Control
13.4.3 Components of an Electronic Object
13.4.4 Responsibilities of the Appliqué
13.4.5 Mitigations
13.4.5.1 Discouraging Theft
13.4.5.2 Forensics
13.5 Content Object Summary
Chapter 14 Homomorphic Encryption
14.1 Full Homomorphic Encryption (FHE)
14.1.1 Homomorphic Encryption
14.1.2 Homomorphic Encryption with ELS
14.1.2.1 Non-Homomorphic Encryption
14.1.2.2 FHE with Full Application in Cloud
14.1.2.3 FHE with Only Data in Cloud
14.1.3 Performance Considerations
14.2 Partial Homomorphic Encryption (PHE)
14.2.1 Related Work
14.2.2 Research Methods
14.2.3 Human Resources (HR) Database Selection
14.2.4 HR Database Schema
14.2.5 Encryption Schemes
14.2.6 Credential Mapping
14.2.7 SQL Translation Schemes
14.2.8 Web Application
14.2.9 Assessments
14.2.10 Lab Setup
14.2.11 PHE Results
14.2.11.1 Baseline Functionality
14.2.11.2 Enhancements
14.3 PHE Performance Evaluation
14.3.1 Evaluation Areas
14.3.1.1 Bulk Encryption
14.3.1.2 Encrypted Queries
14.3.2 Setup Considerations
14.3.3 Evaluation Method
14.3.4 Test Results
14.3.4.1 Bulk Encryption Test Results
14.3.4.2 Single Queries
14.3.4.3 Combining Two Queries
14.3.4.4 Combining Many Queries
14.3.4.5 Initialization and Randomization
14.4 Homomorphic Encryption Conclusions
ELS Extensions – Data Aggregation
Chapter 15 Access and Privilege in Big Data Analysis
15.1 Big Data Access
15.2 Big Data Related Work
15.3 Big Data with ELS
15.3.1 Basic ELS Preparations
15.3.2 Big Data Analysis with ELS
15.3.3 Data-Driven Access Controls
15.3.4 Escalation of Privilege
15.3.5 Big Data Analysis Using Federation Data
15.3.6 Data Leakage
15.4 Big Data Summary
Chapter 16 Data Mediation
16.1 Maintaining Security with Data Mediation
16.2 The Mediation Issue
16.3 Approaches
16.3.1 MITM Mediation
16.3.2 Mediation Service
16.3.3 Mediation Tool Service
16.3.4 Homomorphic-Encryption MITM
16.3.5 Comparison of Solutions
16.4 Choosing a Solution
16.5 Mediation Summary
ELS Extensions – Mobile Devices
Chapter 17 Mobile Ad Hoc
17.1 Mobile Ad Hoc Implementations
17.1.1 Network Overview
17.1.2 Mobile Ad Hoc Networking
17.1.3 Mobile Ad Hoc Network Services
17.1.4 Nexus Elements in the Ad Hoc Network
17.2 Network Service Descriptions
17.2.1 Detection of Hardware Capabilities
17.2.2 Detection of Network Opportunities
17.2.3 Selection of Waveforms and Protocols
17.2.4 Service Discovery
17.2.5 Query/Response Capabilities
17.2.6 Network Broadcast
17.2.7 System Discovery
17.2.8 Joining a Network
17.3 Other Considerations
17.3.1 Exchange of Certificates
17.3.2 Device Requirements
17.3.3 Discovery of Services
17.3.4 Request for Service
17.4 Mobile Ad Hoc Summary
Chapter 18 Endpoint Device Management
18.1 Endpoint Device Choices
18.1.1 Devices to Be Considered
18.1.2 Options for Device Choices
18.1.3 The Issue
18.1.4 Device Evaluation Factors
18.1.5 Enterprise Device Requirements
18.1.6 Evaluation Matrix
18.1.7 Protecting the Enterprise from BYOD
18.1.8 Device Choice Summary
18.2 Endpoint Device Management
18.2.1 Device Registry
18.2.2 IoT Devices
18.2.3 Device Endpoint Agent
18.2.3.1 Monitoring and Reporting
18.2.3.2 Data Validation and Purging
18.2.3.3 Fulfilling Requests for Data
18.2.4 Endpoint Device Management Summary
ELS Extensions – Other Topics
Chapter 19 Endpoint Agent Architecture
19.1 Agent Architecture
19.2 Related Work
19.3 ELS Agent Methods
19.4 Endpoint Agent Results
19.4.1 Mobile Device Management (MDM) Agents
19.4.2 Monitoring Agents
19.4.3 Log Aggregation Agents
19.4.4 Service Desk Agents
19.4.5 Import and Mediation Agents
19.4.6 Other Agents
19.5 Endpoint Agent Conclusions
19.6 Endpoint Agent Extensions
Chapter 20 Ports and Protocols
20.1 Introduction
20.2 Communication Models
20.3 Ports in Transport Protocols
20.3.1 The Transmission Control Protocol
20.3.2 The User Datagram Protocol
20.4 Threats Considered
20.5 Assigning Ports and Protocols
20.6 Server Configurations
20.7 Firewalls and Port Blocking
20.8 Application Firewalls
20.9 Network Firewalls in ELS
20.10 Endpoint Protection in ELS
20.11 Handling and Inspection of Traffic
20.12 Additional Security Hardening
Chapter 21 Asynchronous Messaging
21.1 Why Asynchronous Messaging?
21.1.1 Advantages of Asynchronous Communication
21.1.2 Disadvantages of Asynchronous Communication
21.2 Prior Work
21.2.1 Java Standard Messaging Protocol
21.2.2 De Facto Standard Microsoft Message Queuing
21.2.3 Open Source Messaging Protocols
21.2.4 Emerging Standard
21.3 Asynchronous Messaging Security
21.3.1 Security for Server Brokered Invocation
21.3.2 Security for Publish-Subscribe Systems (PSS)
21.4 PSS Rock and Jewel
21.4.1 Claims for Targeted Content (PSS)
21.4.2 Retrieving Content for Known Claimants
21.4.3 Retrieving Content for Unknown Claimants
21.4.4 Adjusting Publishing Targets (Untrusted PSS)
21.4.5 Distribution of Burdens
21.5 Summary
Chapter 22 Virtual Application Data Center
22.1 Introduction
22.2 Enterprise Level Security and VADC Concepts
22.3 VADC Implementation
22.4 Resource Utilization
22.5 Distributed Benefits and Challenges
22.6 Virtual Application Data Center Conclusions
Chapter 23 Managing System Changes
23.1 System Change
23.2 Current Approaches
23.2.1 The Expert
23.2.2 The Bureaucracy
23.2.3 The Vendor
23.3 The Vision
23.4 Realizing the Vision
23.5 Moving into the Future
23.6 Managing Information Technology Changes
Chapter 24 Concluding Remarks
24.1 Staying Secure in an Uncertain World
24.2 The Model is Important
24.3 Zero Trust Architecture
24.4 Computing Efficiencies
24.4.1 Need for Speed
24.4.2 Security Protocols and Algorithms
24.4.3 Evaluation of Security Products
24.5 Current Full ELS System
24.6 Future Directions
References
Acronyms
Index