Your SlideShare is downloading. ×
Enterprise Security Modeling and Analysis with TOGAF®, ArchiMate® and SABSA
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Enterprise Security Modeling and Analysis with TOGAF®, ArchiMate® and SABSA


Published on

At Standard Insurance, a diversified financial services company, we are modeling and analyzing role-based access control (RBAC) to uncover residual risks and develop mitigation strategies. We use …

At Standard Insurance, a diversified financial services company, we are modeling and analyzing role-based access control (RBAC) to uncover residual risks and develop mitigation strategies. We use TOGAF and ArchiMate as our core EA methodology, and are introducing elements of SABSA, which is focused on enterprise security architecture and service management. We will present views of RBAC based on TOGAF, ArchiMate and SABSA concepts and show how we use these three paradigms to justify and explain systematic, scalable and transparent access control.

Delivered at July 2011 Open Group Austin Conference

Published in: Technology

1 Comment
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • This is a rapid-fire presentation with lots of detail. You may not retain all of it the first time through. Afterwards, I encourage you to review the slides—email me for a copy with speaker notes–and speaker notes and email me with any questions. Note that the information in this presentation about The Standard’s systems and processes are simplified examples that may or may not reflect our current or future states.
  • InsuranceLife, Accidental Death and Dismemberment, Disability, Dental, Vision and AnnuitiesRetirement plansPublic and private-sectorDefined benefit (pension) and defined contributionVisit
  • In both diagrams, the Manager business role aggregates a number of system-specific roles. In the All-Too-Typical state, these relationships may seem arbitrary, but in the Desired State the relationships are clear. ArchiMate concepts and relationships are in italics.All-Too-Typical StateBusiness roles are not always defined consistently across organizationsBusiness roles have varying relationships with system rolesIndividual initiative is required to enforce many routine role transitionsBusiness-driven access control rule changes often require significant investigation and manual workDesired StateBusiness roles are clearly defined in a companywide context System roles clearly correspond to business rolesBusiness role changes trigger timely and accurate system role changesAuthorized administrators can alter access control policies quickly, efficiently, reliably and verifiably.
  • For our purposes, a visual modeling language for enterprise architecture allows the creation of unambiguous diagrams that fulfill the requirements of our chosen paradigms. Only ArchiMate includes such a language, for which we will demonstrate its applicability to expressing selected TOGAF and SABSA deliverables.SABSA contains just development procedures, verbal descriptions of relevant content and examples, but not explicit viewpoint definitionsTOGAF contains verbal descriptions of catalogs, matrices and diagramsArchiMate contains both verbal descriptions of diagrams and explicit meta-diagrams and examples
  • The SABSA Matrix has six rows, and only the top two are shown here.
  • This presentation includes examples of diagrams listed in boldface.
  • RBAC resulted in $6 billion in US economic benefits from 2002-2009, according to 2010 economic analysis commissioned by US NIST, from which this diagram was adaptedThe RBAC value chain is a series of processesthat each have a number of rolesassigned to them. The “Theory and Standards Development” process is associated with four goals. The final “Incorporation and Usage…” process is associated with three kinds of value identified in the NIST-sponsored analysis.
  • Here we use the ArchiMate 2.0 draft Motivation Extension to illustrate stakeholders and their concerns, along with assessments and requirements related to those concerns. Nesting of symbols is used here to show aggregation. ArchiMate concepts and relationships are in italics.
  • Nested organizations modeled as business actors are assigned to collaborations with each other and with external roles, This justifies RBAC by illustrating the complexity and criticality of shared activities across organizations.Nesting of symbols is used here to show composition. ArchiMate concepts and relationships are in italics.
  • This diagram shows how a number of lines of business use a variety of applications for different business functions. It contains example data only.
  • The RBAC System Support application functions are associated with the Session Creation event, which triggers an Access Check event. These events are a part of a longer sequence that begins with an access request and ends, assuming the request is allowed, with authorized access. The session is associated with an Active Role Set data object. Each user business actor aggregates an active role set for each session in progress, and is associated with all of the events. The Administrator business actor is assigned to the “Manage User, Role and Permission Relationships" business function. The RBAC Administration application function is used by “Manage User…”, and data flows from RBAC Administration to RBAC System Support. ArchiMate concepts and relationships are in italics.
  • RBAC for Target Applications is a product that aggregates a number of business services and application services, is associated with a number of infrastructure services, and delivers value in the form of security, scalability, agility and transparency. Each type of service is aggregated by a group. ArchiMate concepts and relationships are in italics.
  • Both the RBAC Administration and RBAC Systems Support application functions aggregate a number of more specialized applicationfunctions, which in turn access a number of data objects. The Session data object aggregates a number of roles and an authenticated user identity, and also contains (composition relationship) the Active Role Set. Two of the application functions at the top of the diagram share a constraint, and the Manage Role Hierarchy application function is associated with a requirement.The application functions, requirement, constraint and objects that are not required by all RBAC levels have numbers in parentheses to indicate where they are required.ArchiMate concepts and relationships are in italics.
  • The presenter has delivered this material to TheStandard’s information security director, who requested additional sessions with his staff.
  • Transcript

    • 1. July 19, 2011
      Modeling RBAC with SABSA, TOGAF and ArchiMateCreating a Foundation for Understanding and Action
      Iver Band, CISSP - Open Group Conference, Austin, Texas
    • 2. About The Standard
      The RBAC standard
      Modeling motivations and objectives
      Framework analysis and comparison
      Modeling approach
      Diagrams that justify and explain RBAC
      July 17, 2011
      Thanks to Kevin Graham, CISSP and enterprise security architect at The Standard, for his partnership in this work
    • 3. Financial services company
      Founded in 1906
      Our purpose:
      To help people achieve financial security so they can confidently pursue their dreams
      Group Life & Disability Insurance
      Individual Disability Insurance
      Retirement Plans
      Individual Annuities
      Commercial Mortgages
      Headquarters in Portland, OR
      3,100 Employees
      The Standard
      July 17, 2011
    • 4. 4
      IT at The Standard
      July 17, 2011
    • 5. 5
      Typical Access Control Challenges
      July 17, 2011
      • Fragmented identities, systems and processes
      • 6. Insufficient understanding of identity and access management best practices
      • 7. Inadequate visibility of access control mechanisms, changes and outcomes
    • A widely implemented mechanism for protecting system resources standardized by ANSI INCITS 359-2004
      Relies on user authentication, which in turn relies on identity management
      Defines and applies relationships between
      Users −often human, but can also be systems
      Roles −job functions defined for an organization
      Permissions −organizational consent to perform specific operations
      Ensures that each user can execute only those operations authorized through roles that are both assigned to that user and activated for that user’s session
      Common alternatives include
      Mandatory Access Control (MAC) − administrators manage permissions based on the classification and category of each object and user
      Discretionary Access Control (DAC)−users manage permissions for the objects they own
      What is Role-Based Access Control (RBAC)?
      July 17, 2011
    • 8. Four standard and cumulative levels
      (1) Core, (2) Hierarchical, (3) Constrained, (4) Symmetric
      All levels support
      Restriction of user permissions to those acquired through roles
      Many-to-many user-role and role-permission assignment
      Review of user-role assignments
      Simultaneous user access to permissions of multiple roles
      Level 2 adds variants with differing hierarchy support
      Support for an arbitrary partial order (reflexive, transitive, anti-symmetric)
      Any restriction on the structure of the role hierarchy, for example:
      Tree or inverted tree, limited inheritance or activation, depth limits
      Level 3 adds separation of duty (SOD) support
      Level 4 adds permission-role review with performance comparable to user-role review
      RBAC Concepts
      July 17, 2011
    • 9. Business drivers
      Increase the efficiency, agility and transparency of access control
      Support strategic requirements for enterprise-wide and federated identity and access management
      IT drivers
      Increase RBAC understanding of both IT and key user personnel
      Derive greater value from existing identity management investments and justify further investment
      Support identity and access management for enterprise initiatives such as CRM and Contact Center
      Reduce administrative burden on IT by making access control comprehensible to the broader business community
      Demonstrate relevance of TOGAF and ArchiMate to security architecture
      RBAC Modeling and Knowledge Transfer Motivations
      July 17, 2011
    • 10. Desired State
      Well-Designed RBAC Is Easy to Understand
      July 17, 2011
      All-Too-Typical State
      Local roles aligned with system context
      Local roles aligned with business context
    • 11. This effort is not fundamentally about technology
      It is about getting people to think differently about access control
      Change behavior immediately and measurably
      Systems and access administration requests and configurations
      Lay the groundwork for successful investments in identity and access management solutions
      It requires two types of communication to a range of business and IT stakeholders
      Justification:Demonstrate the need for systematic access control
      Explanation: Explain how RBAC works and how it satisfies the need
      Modeling Objectives
      July 17, 2011
    • 12. 11
      How Can Our Chosen Frameworks Help?
      July 17, 2011
    • 13. 12
      TOGAF and SABSA Have Comparable Methods for our Purposes
      July 17, 2011
      SABSA Lifecycle
    • 14. 13
      Contextual and Conceptual Architecture are Organized Differently in Each Paradigm
      July 17, 2011
      ArchiMate2.0 DraftCore and Extensions
      SABSAModel for Security Architecture
      TOGAF Version 9Full Content Metamodel
      Principles, Vision, Requirements
      Information Systems
      Implementation and Migration
    • 20. Select cells from SABSA Matrix for RBAC justificationand explanation
      Strength:Comprehensive treatment of enterprise security architecture
      Select best fitting TOGAF catalogs, matrices and diagram types
      Strength: Comprehensive treatment of enterprise architecture (EA)
      Select best fitting ArchiMate diagram types
      Strength:General EA visual modeling language with broad coverage of TOGAF, particularly in the 2.0 draft specification
      Adapt viewpoints as necessary to express SABSA objectives
      Create catalogs and matrices
      Straightforward based on TOGAF 9 guidance
      This presentation will instead focus on diagrams
      Create ArchiMate diagrams based on selected TOGAF and ArchiMate viewpoints
      Our Modeling Approach Leverages Strengths of Each Standard
      July 17, 2011
    • 21. 15
      The Top Two Rows of the SABSA Matrix Have Relevant Content
      July 17, 2011
      Explain RBAC
      Justify RBAC
    • 22. Each Selected SABSA Matrix Cell Corresponds to Multiple TOGAF and ArchiMate Viewpoints
    • 23. 17
      TOGAF Value Chain Diagram
      Justify RBAC
      Explain RBAC
      RBAC resulted in $6 billion in US economic benefits from 2002-2009, according to 2010 economic analysis commissioned by US NIST, from which this diagram was adapted
    • 24. 18
      Justify RBAC
      ArchiMate Motivation Diagram
      July 17, 2011
    • 25. 19
      Justify RBAC
      ArchiMate Actor Cooperation Diagram
      July 17, 2011
    • 26. 20
      Justify RBAC
      ArchiMate Landscape Map
      July 17, 2011
      CRM Application
      Mortgage Solution
      Plan Admin
      Policy Admin App
      Hosted Advisor Work-bench
      Hosted Vertical Industry Solution
      Claims App A
      Document Mgmt System B
      Document Mgmt System A
    • 27. 21
      TOGAF Solution Concept Diagram
      July 17, 2011
      Explain RBAC
    • 28. 22
      ArchiMate Product Diagram
      July 17, 2011
      Justify RBAC
      Explain RBAC
    • 29. 23
      Review: RBAC Levels
      July 17, 2011
    • 30. 24
      Explain RBAC
      ArchiMate Application Behavior View
      July 17, 2011
    • 31. TOGAF, ArchiMate and SABSA each provide broad and deep value for enterprise architects, regardless of their specialty
      Integrating these three paradigms today requires significant effort, since they cover much but not all of the same ground, often with similar but not strictly equivalent concepts
      Fortunately, there are Open Group efforts underway to integrate
      TOGAF and SABSA
      The TOGAF and ArchiMate content frameworks
      Architects can use RBAC to improve the effectiveness, scalability, transparency and agility of access control
      Architects can use SABSA, TOGAF and ArchiMate
      To model, portray and analyze planned or actual RBAC solutions
      As a rigorous foundation for a wide range of stakeholder communications
      July 17, 2011
    • 32. The NIST Model for Role-Based Access Control: Towards a Unified Standard
      ANSI INCITS 359-2004 Information Technology Role-Based Access Control
      Sherwood Applied Business Security Architecture (SABSA)
      Executive White Paper on Enterprise Security Architecture
      Enterprise Security Architecture: A Business-Driven Approach
      TOGAF 9 standard online
      ArchiMate Version 1.0 standard online
      Economic Benefits of Role-Based Access Control
      July 17, 2011