安全架構設計原則與業界參考規範
這篇文章主要說明業界幾種安全架構設計的模型, 要開發設計一個大型對外的企業軟體, 或是電子商務平台, 或是雲端服務時, 設計時要考量哪些安全設計?
什麼是安全架構設計? 一般人會聯想到企業防火牆, 防毒軟體, IPS/IDS等整體的網路安全佈署,
這篇文章要討論的安全架構設計主要針對軟體與平台服務開發設計的安全原則, 業界有哪些基本原則與規範參考.
OWASP
https://www.owasp.org/index.php/Main_Page
OWASP (Open Web Application Security Project) 為非營利組織,
提供許多開源的安全設計工具, 方法, 開源代碼等,
其中以ESAPI專案中, 除了提出整體Web 安全設計原則(如下圖),
更提供多種 library 供各式程式語言使用. 筆者十分推薦
儘管您的軟體開發可能不使用 ESAPI 這樣的 library,
但是整體的安全設計是很值得參考 (如下圖)
軟體專案進行中, OWASP更提供相關的設計, 開發, 測試等工具與方法, 如下表
Viega’s and McGraw’s ten principles
John Viega and Gary McGraw. Building Secure Software – How to Avoid Security Problems the Right Way. Addison-Wesley, September 2002
兩位教授2002提出的十大安全設計原則, 儘管歷史悠久, 但是到目前還是安全設計的基礎, 對於安全設計模型或是 UML可以進一步參考如下:
http://www.cse.msu.edu/~cse870/Materials/main-tech-report-security-patterns.pdf
- Principle 1: Secure the weakest link
- Principle 2: Practice defense in depth
- Principle 3: Fail securely
- Principle 4: Follow the principle of least privilege
- Principle 5: Compartmentalize
- Principle 6: Keep it simple
- Principle 7: Promote privacy
- Principle 8: Remember that hiding secrets is hard
- Principle 9: Be reluctant to trust
- Principle 10: Use your community resources
John Viega and Gary McGraw. Building Secure Software – How to Avoid Security Problems the Right Way. Addison-Wesley, September 2002
Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
NIST美國商業標準局, 發布 “NIST Special Publication 800-27 Rev A”
這份參考文件指出安全設計的原則, 共分為六大類, 33個設計原則
http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf
另外,針對安全周期循環對應的安全設計, 筆者很推薦 NIST SP 800-39,
每個環節都有對應的安全設計建議
Security Design Principles for Digital Services
另外英國Cyber Security Office也發布6個安全設計原則
https://www.ncsc.gov.uk/guidance/security-design-principles-digital-services-main
-
Design Principles: Introduction
Some background on digital services and advice on how to get the most from our Design Principles
-
Design Principles: Understanding your service
To securely design a service, there are a number of areas you need to have a good understanding of
-
Design Principles: Making services hard to compromise
Designing with security in mind means using concepts and techniques which make it harder for attackers to compromise your service using commodity techniques
-
Design Principles: Reducing the impact of compromise
Creating services which naturally minimise the degree of any compromise
-
Design Principles: Designing to avoid disruption
When high-value services rely on digital delivery it becomes essential that they are always available. For the credibility of the service and the users’ convenience, the acceptable percentage of ‘down time’ is effectively zero.
-
Design Principles: Making compromise easy to detect
Even if you take all available precautions, there’s a chance your system will be compromised by a new or unknown attack. If this happens you want to be well positioned to detect the compromise
Amazon Security Reference
最後, 雲安全服務必須提到AWS,
因為AWS提出的安全架構不至於過於限於理論或是模型階段, 都是實作參考的範例, 整體的雲服務安全架構AWS 與各細分領域區分全景如下:
其他參考
http://www.viewpoints-and-perspectives.info/home/resources/
http://www.slideshare.net/markb677/enterprise-security-architecture-diagram-v01r1