Security architecture and design models

Security Architecture & Design models: An appraisal

Security architecture refers to a cohesive security design that is used in addressing the requirements (such as authentication and authorization) and most importantly the risks an associated with any particular scenario. This cohesive design specifies the kind of controls to be applied to each and every information security scenario (Thorn et al.,2008). Security architecture can also be defined as the unique security artifact that effectively describes how the various security countermeasures (controls) are positioned as well as how the relate to the larger information technology architecture. These security controls are critical in ensuring that the system's quality attributes are effectively maintained. These attributes include confidentiality, availability, confidentiality, accountability as well as assurance. A successful information technology system defense requires an efficient information security architecture that is backed with an elaborate system policies and standards and a thorough vulnerability assessment process.

Security Architecture

Computer architecture

Computer architecture comprises of all the parts of a computer system that are necessary for it to function. It includes the operating system, circuits, memory chips, hard drive, buses, security components and networking components. These parts operate together in a secure fashion in order to achieve a secure computer system (Harris,2010).

System architecture

The system architecture is more complex than the computer architecture because it also includes the end user. In this case, security and protection can happen both at the user's end and at the data's end. Protection can also control all the operations between the end user and the data.

Figure 1: system architecture's protection mechanisms.

According to Thorn et al. (2008), there are three types of security architecture. These are enterprise security architecture, application security architecture and product security architecture.

Enterprise security architecture

Enterprise security architecture is the application of comprehensive and yet rigorous method for clearly describing the current as well as future structure as well as behavior of a given organization's information security systems, security processes, personnel as well as the organization's sub-units in order to align them with its core objectives and strategic direction. Its main goal is to have a cohesive unit tasked with protecting corporate information (Arconati,2002).

Application security architecture

This provides a conceptual design for the network security infrastructure at the application level as noted by Simhadri (2002).It includes various threat management tools and processes such as web application firewall, security monitoring, security incident management proceses, incident response planning process, security event management systems as well as cryptographic forensic analysis process and tools.

Product security architecture

Product security architecture is noted by Thorn et al. (2008) to basically confine itself to the security properties of a given product.

Security Models

Before appraising the existing security models, it is important to differentiate between security policy and security model. A security policy is indicated by Harris (2010) to be a set of rules as well as practices that dictates how sensitive information is to be protected, managed as well as distributed while a security model is a mere symbolic representation of the security policy. The following are the security models in use.

Lattice Models

This security model is based on a mathematical construct that is hugely base don the group notion. It has a set of elements, a partial ordering relations and combines both multilateral and multilevel security.It is used for access control and is mainly use din the military (Landwehr,1981,p.253).

Noninterference Models

This is a very a strict multilevel security policy model that is used for ensuring information confidentiality (McLean,1984).

Bell -- LaPadula Confidentiality Model