Skip to main content
Erschienen in:
Buchtitelbild

2018 | OriginalPaper | Buchkapitel

How to Develop a Security Controls Oriented Reference Architecture for Cloud, IoT and SDN/NFV Platforms

verfasst von : Theo Dimitrakos

Erschienen in: Trust Management XII

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

In this paper we present a security architecture style and approach named Security Controls Oriented Reference (SCORE) Architecture. The SCORE Architecture extends commonly used security architecture methodologies by placing particular emphasis on how security controls are specified, refined, implemented, traced and assessed throughout the security design and development life-cycle. It encompasses experience of over 30 years in secure systems design and development and it has been applied in practice for developing security capabilities for on top of advanced Cloud, NFV and IoT platforms.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Taylor, R.N., Medvidović, N.N., Dashofy, E.M.: Software Architecture: Foundations. Theory and Practice, Wiley, Hoboken (2009)CrossRef Taylor, R.N., Medvidović, N.N., Dashofy, E.M.: Software Architecture: Foundations. Theory and Practice, Wiley, Hoboken (2009)CrossRef
2.
Zurück zum Zitat Shaw, M., Garlan, D.: Software Architecture: Perspectives on an Emerging Discipline. Prentice Hall, Upper Saddle River (1996)MATH Shaw, M., Garlan, D.: Software Architecture: Perspectives on an Emerging Discipline. Prentice Hall, Upper Saddle River (1996)MATH
3.
Zurück zum Zitat Kissel, R.: Glossary of Key Information Security Terms (NISTIR 7298 Revision 2). NIST (National Institute of Standards and Technology) (2013) Kissel, R.: Glossary of Key Information Security Terms (NISTIR 7298 Revision 2). NIST (National Institute of Standards and Technology) (2013)
4.
Zurück zum Zitat CNSS: National Information Assurance (IA) Glossary. CNSS Instruction No. 4009. National Security Agency (NSA) (2003) CNSS: National Information Assurance (IA) Glossary. CNSS Instruction No. 4009. National Security Agency (NSA) (2003)
5.
Zurück zum Zitat FIPS: Minimum Security Requirements for Federal Information and Information Systems (FIPS 200). Federal Information Processing Standards (2006) FIPS: Minimum Security Requirements for Federal Information and Information Systems (FIPS 200). Federal Information Processing Standards (2006)
6.
Zurück zum Zitat NIST: Guide for Applying the Risk Management Framework (RMF) to Federal Information Systems: a Security Life Cycle Approach. National Institute of Standards and Technology (2010, updated) NIST: Guide for Applying the Risk Management Framework (RMF) to Federal Information Systems: a Security Life Cycle Approach. National Institute of Standards and Technology (2010, updated)
7.
Zurück zum Zitat NIST: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (Discussion Draft) (2017) NIST: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (Discussion Draft) (2017)
8.
Zurück zum Zitat Dempsey, K., Chawla, N.S., Johnson, A., Johnston, R., Jones, A.C., Orebaugh, A., Scholl, M., Stine, K.: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology (2011) Dempsey, K., Chawla, N.S., Johnson, A., Johnston, R., Jones, A.C., Orebaugh, A., Scholl, M., Stine, K.: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology (2011)
9.
Zurück zum Zitat Joint Task Force Transformation Initiative: Guide for Conducting Risk Assessments (NIST SP 800-30r1). National Institute of Standards and Technology (2012) Joint Task Force Transformation Initiative: Guide for Conducting Risk Assessments (NIST SP 800-30r1). National Institute of Standards and Technology (2012)
10.
Zurück zum Zitat Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. NIST - National Institute of Standards and Technology (2002) Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. NIST - National Institute of Standards and Technology (2002)
11.
Zurück zum Zitat Joint Task Force: Security and Privacy Controls for Federal Information Systems and Organizations. National Institute of Standards and Technology (2013) Joint Task Force: Security and Privacy Controls for Federal Information Systems and Organizations. National Institute of Standards and Technology (2013)
12.
Zurück zum Zitat ETSI: Network Functions Virtualisation (NFV); Architectural Framework. The European Telecommunications Standards Institute (2013) ETSI: Network Functions Virtualisation (NFV); Architectural Framework. The European Telecommunications Standards Institute (2013)
14.
Zurück zum Zitat Dimitrakos, T.: Towards a security reference architecture for Network Function Virtualisation: security challenges and security controls. In: NECS (2017) Dimitrakos, T.: Towards a security reference architecture for Network Function Virtualisation: security challenges and security controls. In: NECS (2017)
15.
Zurück zum Zitat ETSI: Network Functions Virtualisation (NFV), NFV Security, Security and Trust Guidance. The European Telecommunications Standards Institute (2014) ETSI: Network Functions Virtualisation (NFV), NFV Security, Security and Trust Guidance. The European Telecommunications Standards Institute (2014)
16.
Zurück zum Zitat CSA: Network Function Virtualization. CSA (2016) CSA: Network Function Virtualization. CSA (2016)
17.
Zurück zum Zitat CSA: Best Practices for Mitigating Risks in Virtualized Environments. CSA (2015) CSA: Best Practices for Mitigating Risks in Virtualized Environments. CSA (2015)
19.
Zurück zum Zitat Taylor, R.N., Medvidovic, N., Dashofy, E.M.: Software Architecture: Foundations, Theory, and Practice. Wiley, Hoboken (2009)CrossRef Taylor, R.N., Medvidovic, N., Dashofy, E.M.: Software Architecture: Foundations, Theory, and Practice. Wiley, Hoboken (2009)CrossRef
20.
Zurück zum Zitat NIST: Risk Management Framework (RMF) Overview, 30 November 2016 NIST: Risk Management Framework (RMF) Overview, 30 November 2016
21.
Zurück zum Zitat ENISA: Cloud Computing Benefits, Risks and Recommendations for Information Security. European Network and Information Security Agency (2009) ENISA: Cloud Computing Benefits, Risks and Recommendations for Information Security. European Network and Information Security Agency (2009)
22.
Zurück zum Zitat ENISA: Cloud Computing: Information Assurance Framework. The European Network and Information Security Agency (2009) ENISA: Cloud Computing: Information Assurance Framework. The European Network and Information Security Agency (2009)
23.
Zurück zum Zitat Abi-Antoun, M., Barnes, J.M.: Analyzing security architectures. In: IEEE/ACM International Conference on Automated Software Engineering (ASE 2010) (2010) Abi-Antoun, M., Barnes, J.M.: Analyzing security architectures. In: IEEE/ACM International Conference on Automated Software Engineering (ASE 2010) (2010)
24.
Zurück zum Zitat Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE Allegro: improving the information security risk assessment process. Software Engineering Institute CMU/SEI Report Number: CMU/SEI-2007-TR-012 (2007) Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE Allegro: improving the information security risk assessment process. Software Engineering Institute CMU/SEI Report Number: CMU/SEI-2007-TR-012 (2007)
25.
Zurück zum Zitat Peltier, T.R.: Information Security Risk Analysis, 3rd edn. CRC Press, Boca Raton (2010) Peltier, T.R.: Information Security Risk Analysis, 3rd edn. CRC Press, Boca Raton (2010)
28.
Zurück zum Zitat The European Parliament and the Council of the European Union, Regulation (EU) 2016/679. Off. J. Eur. Union (2016) The European Parliament and the Council of the European Union, Regulation (EU) 2016/679. Off. J. Eur. Union (2016)
29.
Zurück zum Zitat The European Parliament and the Council of the European Union, “Directive (EU) 2016/1148. Off. J. Eur. Union (2016) The European Parliament and the Council of the European Union, “Directive (EU) 2016/1148. Off. J. Eur. Union (2016)
30.
Zurück zum Zitat Stine, K., Kissel, R., Barker, W.C., Fahlsing, J., Gulick, J.: Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories. National Institute of Standards and Technology (2008) Stine, K., Kissel, R., Barker, W.C., Fahlsing, J., Gulick, J.: Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories. National Institute of Standards and Technology (2008)
Metadaten
Titel
How to Develop a Security Controls Oriented Reference Architecture for Cloud, IoT and SDN/NFV Platforms
verfasst von
Theo Dimitrakos
Copyright-Jahr
2018
DOI
https://doi.org/10.1007/978-3-319-95276-5_1