Top

Published in:

2018 | OriginalPaper | Chapter

How to Develop a Security Controls Oriented Reference Architecture for Cloud, IoT and SDN/NFV Platforms

Author : Theo Dimitrakos

Published in: Trust Management XII

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In this paper we present a security architecture style and approach named Security Controls Oriented Reference (SCORE) Architecture. The SCORE Architecture extends commonly used security architecture methodologies by placing particular emphasis on how security controls are specified, refined, implemented, traced and assessed throughout the security design and development life-cycle. It encompasses experience of over 30 years in secure systems design and development and it has been applied in practice for developing security capabilities for on top of advanced Cloud, NFV and IoT platforms.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter Continuous User Authentication Using Smartwatch Motion Sensor Data

Taylor, R.N., Medvidović, N.N., Dashofy, E.M.: Software Architecture: Foundations. Theory and Practice, Wiley, Hoboken (2009)CrossRef

Shaw, M., Garlan, D.: Software Architecture: Perspectives on an Emerging Discipline. Prentice Hall, Upper Saddle River (1996)MATH

Kissel, R.: Glossary of Key Information Security Terms (NISTIR 7298 Revision 2). NIST (National Institute of Standards and Technology) (2013)

CNSS: National Information Assurance (IA) Glossary. CNSS Instruction No. 4009. National Security Agency (NSA) (2003)

FIPS: Minimum Security Requirements for Federal Information and Information Systems (FIPS 200). Federal Information Processing Standards (2006)

NIST: Guide for Applying the Risk Management Framework (RMF) to Federal Information Systems: a Security Life Cycle Approach. National Institute of Standards and Technology (2010, updated)

NIST: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (Discussion Draft) (2017)

Dempsey, K., Chawla, N.S., Johnson, A., Johnston, R., Jones, A.C., Orebaugh, A., Scholl, M., Stine, K.: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology (2011)

Joint Task Force Transformation Initiative: Guide for Conducting Risk Assessments (NIST SP 800-30r1). National Institute of Standards and Technology (2012)

10.

Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. NIST - National Institute of Standards and Technology (2002)

11.

Joint Task Force: Security and Privacy Controls for Federal Information Systems and Organizations. National Institute of Standards and Technology (2013)

12.

ETSI: Network Functions Virtualisation (NFV); Architectural Framework. The European Telecommunications Standards Institute (2013)

13.

Dimitrakos, T.: Security Challenges and Guidance for Protecting NFV on Cloud IaaS. ETSI NFV Security Week (2017). https://docbox.etsi.org/workshop/2017/201706_SECURITYWEEK/05_NFVSECURITY

14.

Dimitrakos, T.: Towards a security reference architecture for Network Function Virtualisation: security challenges and security controls. In: NECS (2017)

15.

ETSI: Network Functions Virtualisation (NFV), NFV Security, Security and Trust Guidance. The European Telecommunications Standards Institute (2014)

16.

CSA: Network Function Virtualization. CSA (2016)

17.

CSA: Best Practices for Mitigating Risks in Virtualized Environments. CSA (2015)

18.

Dimitrakos, T.: Service Oriented Infrastructures and Cloud Service Platforms for the Enterprise: A Selection of Common Capabilities Validated in Real-Life Business Trials. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04086-3. (Ed. by, T. Dimitrakos, J. Martrat, S. Wesner)CrossRef

19.

Taylor, R.N., Medvidovic, N., Dashofy, E.M.: Software Architecture: Foundations, Theory, and Practice. Wiley, Hoboken (2009)CrossRef

20.

NIST: Risk Management Framework (RMF) Overview, 30 November 2016

21.

ENISA: Cloud Computing Benefits, Risks and Recommendations for Information Security. European Network and Information Security Agency (2009)

22.

ENISA: Cloud Computing: Information Assurance Framework. The European Network and Information Security Agency (2009)

23.

Abi-Antoun, M., Barnes, J.M.: Analyzing security architectures. In: IEEE/ACM International Conference on Automated Software Engineering (ASE 2010) (2010)

24.

Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE Allegro: improving the information security risk assessment process. Software Engineering Institute CMU/SEI Report Number: CMU/SEI-2007-TR-012 (2007)

25.

Peltier, T.R.: Information Security Risk Analysis, 3rd edn. CRC Press, Boca Raton (2010)

26.

Fredriksen, R., et al.: The CORAS framework for a model-based risk management process. In: Anderson, S., Felici, M., Bologna, S. (eds.) SAFECOMP 2002. LNCS, vol. 2434, pp. 94–105. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45732-1_11CrossRef

27.

Lund, M.S., Solhaug, B., Stolen, K.: Model-Driven Risk Analysis - The CORAS Approach. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-12323-8CrossRefMATH

28.

The European Parliament and the Council of the European Union, Regulation (EU) 2016/679. Off. J. Eur. Union (2016)

29.

The European Parliament and the Council of the European Union, “Directive (EU) 2016/1148. Off. J. Eur. Union (2016)

30.

Stine, K., Kissel, R., Barker, W.C., Fahlsing, J., Gulick, J.: Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories. National Institute of Standards and Technology (2008)

31.

Cloud Security Alliance (CSA): Cloud Controls Matrix, 9 January 2017. https://cloudsecurityalliance.org/group/cloud-controls-matrix/

32.

Software Engineering Institute: Architecture Conformance. https://www.sei.cmu.edu/architecture/research/previousresearch/conformance.cfm

Title: How to Develop a Security Controls Oriented Reference Architecture for Cloud, IoT and SDN/NFV Platforms
Author: Theo Dimitrakos
Publisher: Springer International Publishing
Book: Trust Management XII
Print ISBN: 978-3-319-95275-8

Electronic ISBN: 978-3-319-95276-5

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-95276-5_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner