• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Enterprise Security Modeling and Analysis with TOGAF®, ArchiMate® and SABSA

Enterprise Security Modeling and Analysis with TOGAF®, ArchiMate® and SABSA



At Standard Insurance, a diversified financial services company, we are modeling and analyzing role-based access control (RBAC) to uncover residual risks and develop mitigation strategies. We use ...

At Standard Insurance, a diversified financial services company, we are modeling and analyzing role-based access control (RBAC) to uncover residual risks and develop mitigation strategies. We use TOGAF and ArchiMate as our core EA methodology, and are introducing elements of SABSA, which is focused on enterprise security architecture and service management. We will present views of RBAC based on TOGAF, ArchiMate and SABSA concepts and show how we use these three paradigms to justify and explain systematic, scalable and transparent access control.

Delivered at July 2011 Open Group Austin Conference



Total Views
Views on SlideShare
Embed Views



4 Embeds 13

https://www.rebelmouse.com 5
http://www.linkedin.com 4
https://twitter.com 3
https://www.linkedin.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.


11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • This is a rapid-fire presentation with lots of detail. You may not retain all of it the first time through. Afterwards, I encourage you to review the slides—email me for a copy with speaker notes–and speaker notes and email me with any questions. Note that the information in this presentation about The Standard’s systems and processes are simplified examples that may or may not reflect our current or future states.
  • InsuranceLife, Accidental Death and Dismemberment, Disability, Dental, Vision and AnnuitiesRetirement plansPublic and private-sectorDefined benefit (pension) and defined contributionVisit www.standard.com
  • In both diagrams, the Manager business role aggregates a number of system-specific roles. In the All-Too-Typical state, these relationships may seem arbitrary, but in the Desired State the relationships are clear. ArchiMate concepts and relationships are in italics.All-Too-Typical StateBusiness roles are not always defined consistently across organizationsBusiness roles have varying relationships with system rolesIndividual initiative is required to enforce many routine role transitionsBusiness-driven access control rule changes often require significant investigation and manual workDesired StateBusiness roles are clearly defined in a companywide context System roles clearly correspond to business rolesBusiness role changes trigger timely and accurate system role changesAuthorized administrators can alter access control policies quickly, efficiently, reliably and verifiably.
  • For our purposes, a visual modeling language for enterprise architecture allows the creation of unambiguous diagrams that fulfill the requirements of our chosen paradigms. Only ArchiMate includes such a language, for which we will demonstrate its applicability to expressing selected TOGAF and SABSA deliverables.SABSA contains just development procedures, verbal descriptions of relevant content and examples, but not explicit viewpoint definitionsTOGAF contains verbal descriptions of catalogs, matrices and diagramsArchiMate contains both verbal descriptions of diagrams and explicit meta-diagrams and examples
  • The SABSA Matrix has six rows, and only the top two are shown here.
  • This presentation includes examples of diagrams listed in boldface.
  • RBAC resulted in $6 billion in US economic benefits from 2002-2009, according to 2010 economic analysis commissioned by US NIST, from which this diagram was adaptedThe RBAC value chain is a series of processesthat each have a number of rolesassigned to them. The “Theory and Standards Development” process is associated with four goals. The final “Incorporation and Usage…” process is associated with three kinds of value identified in the NIST-sponsored analysis.
  • Here we use the ArchiMate 2.0 draft Motivation Extension to illustrate stakeholders and their concerns, along with assessments and requirements related to those concerns. Nesting of symbols is used here to show aggregation. ArchiMate concepts and relationships are in italics.
  • Nested organizations modeled as business actors are assigned to collaborations with each other and with external roles, This justifies RBAC by illustrating the complexity and criticality of shared activities across organizations.Nesting of symbols is used here to show composition. ArchiMate concepts and relationships are in italics.
  • This diagram shows how a number of lines of business use a variety of applications for different business functions. It contains example data only.
  • The RBAC System Support application functions are associated with the Session Creation event, which triggers an Access Check event. These events are a part of a longer sequence that begins with an access request and ends, assuming the request is allowed, with authorized access. The session is associated with an Active Role Set data object. Each user business actor aggregates an active role set for each session in progress, and is associated with all of the events. The Administrator business actor is assigned to the “Manage User, Role and Permission Relationships" business function. The RBAC Administration application function is used by “Manage User…”, and data flows from RBAC Administration to RBAC System Support. ArchiMate concepts and relationships are in italics.
  • RBAC for Target Applications is a product that aggregates a number of business services and application services, is associated with a number of infrastructure services, and delivers value in the form of security, scalability, agility and transparency. Each type of service is aggregated by a group. ArchiMate concepts and relationships are in italics.
  • Both the RBAC Administration and RBAC Systems Support application functions aggregate a number of more specialized applicationfunctions, which in turn access a number of data objects. The Session data object aggregates a number of roles and an authenticated user identity, and also contains (composition relationship) the Active Role Set. Two of the application functions at the top of the diagram share a constraint, and the Manage Role Hierarchy application function is associated with a requirement.The application functions, requirement, constraint and objects that are not required by all RBAC levels have numbers in parentheses to indicate where they are required.ArchiMate concepts and relationships are in italics.
  • The presenter has delivered this material to TheStandard’s information security director, who requested additional sessions with his staff.

Enterprise Security Modeling and Analysis with TOGAF®, ArchiMate® and SABSA Enterprise Security Modeling and Analysis with TOGAF®, ArchiMate® and SABSA Presentation Transcript

  • July 19, 2011
    Modeling RBAC with SABSA, TOGAF and ArchiMateCreating a Foundation for Understanding and Action
    Iver Band, CISSP - Open Group Conference, Austin, Texas
  • About The Standard
    The RBAC standard
    Modeling motivations and objectives
    Framework analysis and comparison
    Modeling approach
    Diagrams that justify and explain RBAC
    July 17, 2011
    Thanks to Kevin Graham, CISSP and enterprise security architect at The Standard, for his partnership in this work
  • Financial services company
    Founded in 1906
    Our purpose:
    To help people achieve financial security so they can confidently pursue their dreams
    Group Life & Disability Insurance
    Individual Disability Insurance
    Retirement Plans
    Individual Annuities
    Commercial Mortgages
    Headquarters in Portland, OR
    3,100 Employees
    The Standard
    July 17, 2011
  • 4
    IT at The Standard
    July 17, 2011
  • 5
    Typical Access Control Challenges
    July 17, 2011
    • Fragmented identities, systems and processes
    • Insufficient understanding of identity and access management best practices
    • Inadequate visibility of access control mechanisms, changes and outcomes
  • A widely implemented mechanism for protecting system resources standardized by ANSI INCITS 359-2004
    Relies on user authentication, which in turn relies on identity management
    Defines and applies relationships between
    Users −often human, but can also be systems
    Roles −job functions defined for an organization
    Permissions −organizational consent to perform specific operations
    Ensures that each user can execute only those operations authorized through roles that are both assigned to that user and activated for that user’s session
    Common alternatives include
    Mandatory Access Control (MAC) − administrators manage permissions based on the classification and category of each object and user
    Discretionary Access Control (DAC)−users manage permissions for the objects they own
    What is Role-Based Access Control (RBAC)?
    July 17, 2011
  • Four standard and cumulative levels
    (1) Core, (2) Hierarchical, (3) Constrained, (4) Symmetric
    All levels support
    Restriction of user permissions to those acquired through roles
    Many-to-many user-role and role-permission assignment
    Review of user-role assignments
    Simultaneous user access to permissions of multiple roles
    Level 2 adds variants with differing hierarchy support
    Support for an arbitrary partial order (reflexive, transitive, anti-symmetric)
    Any restriction on the structure of the role hierarchy, for example:
    Tree or inverted tree, limited inheritance or activation, depth limits
    Level 3 adds separation of duty (SOD) support
    Level 4 adds permission-role review with performance comparable to user-role review
    RBAC Concepts
    July 17, 2011
  • Business drivers
    Increase the efficiency, agility and transparency of access control
    Support strategic requirements for enterprise-wide and federated identity and access management
    IT drivers
    Increase RBAC understanding of both IT and key user personnel
    Derive greater value from existing identity management investments and justify further investment
    Support identity and access management for enterprise initiatives such as CRM and Contact Center
    Reduce administrative burden on IT by making access control comprehensible to the broader business community
    Demonstrate relevance of TOGAF and ArchiMate to security architecture
    RBAC Modeling and Knowledge Transfer Motivations
    July 17, 2011
  • Desired State
    Well-Designed RBAC Is Easy to Understand
    July 17, 2011
    All-Too-Typical State
    Local roles aligned with system context
    Local roles aligned with business context
  • This effort is not fundamentally about technology
    It is about getting people to think differently about access control
    Change behavior immediately and measurably
    Systems and access administration requests and configurations
    Lay the groundwork for successful investments in identity and access management solutions
    It requires two types of communication to a range of business and IT stakeholders
    Justification:Demonstrate the need for systematic access control
    Explanation: Explain how RBAC works and how it satisfies the need
    Modeling Objectives
    July 17, 2011
  • 11
    How Can Our Chosen Frameworks Help?
    July 17, 2011
  • 12
    TOGAF and SABSA Have Comparable Methods for our Purposes
    July 17, 2011
    SABSA Lifecycle
  • 13
    Contextual and Conceptual Architecture are Organized Differently in Each Paradigm
    July 17, 2011
    ArchiMate2.0 DraftCore and Extensions
    SABSAModel for Security Architecture
    TOGAF Version 9Full Content Metamodel
    Principles, Vision, Requirements
    • Motivation
    • Governance
    • Process
    • Data
    • Services
    • Infrastructure Consolidation
    Information Systems
    Implementation and Migration
  • Select cells from SABSA Matrix for RBAC justificationand explanation
    Strength:Comprehensive treatment of enterprise security architecture
    Select best fitting TOGAF catalogs, matrices and diagram types
    Strength: Comprehensive treatment of enterprise architecture (EA)
    Select best fitting ArchiMate diagram types
    Strength:General EA visual modeling language with broad coverage of TOGAF, particularly in the 2.0 draft specification
    Adapt viewpoints as necessary to express SABSA objectives
    Create catalogs and matrices
    Straightforward based on TOGAF 9 guidance
    This presentation will instead focus on diagrams
    Create ArchiMate diagrams based on selected TOGAF and ArchiMate viewpoints
    Our Modeling Approach Leverages Strengths of Each Standard
    July 17, 2011
  • 15
    The Top Two Rows of the SABSA Matrix Have Relevant Content
    July 17, 2011
    Explain RBAC
    Justify RBAC
  • Each Selected SABSA Matrix Cell Corresponds to Multiple TOGAF and ArchiMate Viewpoints
  • 17
    TOGAF Value Chain Diagram
    Justify RBAC
    Explain RBAC
    RBAC resulted in $6 billion in US economic benefits from 2002-2009, according to 2010 economic analysis commissioned by US NIST, from which this diagram was adapted
  • 18
    Justify RBAC
    ArchiMate Motivation Diagram
    July 17, 2011
  • 19
    Justify RBAC
    ArchiMate Actor Cooperation Diagram
    July 17, 2011
  • 20
    Justify RBAC
    ArchiMate Landscape Map
    July 17, 2011
    CRM Application
    Mortgage Solution
    Plan Admin
    Policy Admin App
    Hosted Advisor Work-bench
    Hosted Vertical Industry Solution
    Claims App A
    Document Mgmt System B
    Document Mgmt System A
  • 21
    TOGAF Solution Concept Diagram
    July 17, 2011
    Explain RBAC
  • 22
    ArchiMate Product Diagram
    July 17, 2011
    Justify RBAC
    Explain RBAC
  • 23
    Review: RBAC Levels
    July 17, 2011
  • 24
    Explain RBAC
    ArchiMate Application Behavior View
    July 17, 2011
  • TOGAF, ArchiMate and SABSA each provide broad and deep value for enterprise architects, regardless of their specialty
    Integrating these three paradigms today requires significant effort, since they cover much but not all of the same ground, often with similar but not strictly equivalent concepts
    Fortunately, there are Open Group efforts underway to integrate
    The TOGAF and ArchiMate content frameworks
    Architects can use RBAC to improve the effectiveness, scalability, transparency and agility of access control
    Architects can use SABSA, TOGAF and ArchiMate
    To model, portray and analyze planned or actual RBAC solutions
    As a rigorous foundation for a wide range of stakeholder communications
    July 17, 2011
  • The NIST Model for Role-Based Access Control: Towards a Unified Standard
    ANSI INCITS 359-2004 Information Technology Role-Based Access Control
    Sherwood Applied Business Security Architecture (SABSA)
    Executive White Paper on Enterprise Security Architecture
    Enterprise Security Architecture: A Business-Driven Approach
    TOGAF 9 standard online
    ArchiMate Version 1.0 standard online
    Economic Benefits of Role-Based Access Control
    Speaker contact:Iver.Band@standard.com
    July 17, 2011