Preface |
|
xiii | |
Acknowledgments |
|
xv | |
About the Authors |
|
xvii | |
|
|
xix | |
|
|
xxiii | |
|
Chapter 1 The First 16 Years |
|
|
1 | (8) |
|
1.1 The Beginning of Enterprise Level Security (ELS) |
|
|
1 | (1) |
|
|
1 | (3) |
|
|
4 | (3) |
|
|
7 | (2) |
|
Chapter 2 A Brief Review of the Initial Book |
|
|
9 | (8) |
|
|
9 | (4) |
|
|
13 | (4) |
|
Chapter 3 Minimal Requirements for the Advanced Techniques |
|
|
17 | (14) |
|
|
18 | (1) |
|
3.2 Creating an Attribute Store |
|
|
19 | (1) |
|
3.3 Registering a Service |
|
|
19 | (1) |
|
|
20 | (2) |
|
3.5 User Convenience Services |
|
|
22 | (1) |
|
3.6 The Enterprise Attribute Ecosystem |
|
|
23 | (3) |
|
|
26 | (5) |
|
Identity and Access Advanced Techniques |
|
|
|
Chapter 4 Identity Claims in High Assurance |
|
|
31 | (10) |
|
|
31 | (1) |
|
|
32 | (1) |
|
|
33 | (1) |
|
4.4 Key and Credential Generation |
|
|
33 | (2) |
|
4.5 Key and Credential Access Control |
|
|
35 | (1) |
|
4.6 Key and Credential Management |
|
|
36 | (1) |
|
4.7 Key and Credential Use |
|
|
37 | (2) |
|
4.8 Some Other Considerations |
|
|
39 | (2) |
|
Chapter 5 Cloud Key Management |
|
|
41 | (14) |
|
|
41 | (1) |
|
5.2 ELS in a Private Cloud |
|
|
42 | (1) |
|
5.3 The Public Cloud Challenge |
|
|
43 | (5) |
|
5.4 Potential Hybrid Cloud Solutions |
|
|
48 | (1) |
|
5.5 Proposed Secure Solutions |
|
|
49 | (2) |
|
|
51 | (2) |
|
5.7 Cloud Key Management Summary |
|
|
53 | (2) |
|
Chapter 6 Enhanced Assurance Needs |
|
|
55 | (6) |
|
6.1 Enhanced Identity Issues |
|
|
55 | (1) |
|
6.2 Scale of Identity Assurance |
|
|
56 | (2) |
|
6.3 Implementing the Identity Assurance Requirement |
|
|
58 | (1) |
|
6.4 Additional Requirements |
|
|
58 | (1) |
|
6.5 Enhanced Assurance Summary |
|
|
59 | (2) |
|
Chapter 7 Temporary Certificates |
|
|
61 | (6) |
|
7.1 Users That Do Not Have a PIV |
|
|
61 | (1) |
|
7.2 Non-PIV STS/CA-Issued Certificate |
|
|
62 | (2) |
|
7.3 Required Additional Elements |
|
|
64 | (1) |
|
7.4 Precluding the Use of Temporary Certificates |
|
|
65 | (1) |
|
7.5 Temporary Certificate Summary |
|
|
65 | (2) |
|
Chapter 8 Derived Certificates on Mobile Devices |
|
|
67 | (4) |
|
|
67 | (1) |
|
8.2 Authentication with the Derived Credential |
|
|
67 | (1) |
|
8.3 Encryption with the Derived Credential |
|
|
67 | (1) |
|
8.4 Security Considerations |
|
|
68 | (1) |
|
8.5 Certificate Management |
|
|
68 | (3) |
|
Chapter 9 Veracity and Counter Claims |
|
|
71 | (14) |
|
|
71 | (1) |
|
9.2 Integrity, Reputation, and Veracity |
|
|
72 | (1) |
|
|
72 | (9) |
|
9.4 Creating a Model and Counter Claims |
|
|
81 | (1) |
|
9.5 Veracity and Counter Claims Summary |
|
|
82 | (3) |
|
Chapter 10 Delegation of Access and Privilege |
|
|
85 | (10) |
|
10.1 Access and Privilege |
|
|
85 | (1) |
|
10.2 Delegation Principles |
|
|
85 | (6) |
|
|
91 | (3) |
|
|
94 | (1) |
|
Chapter 11 Escalation of Privilege |
|
|
95 | (12) |
|
11.1 Context for Escalation |
|
|
95 | (1) |
|
11.2 Access and Privilege Escalation |
|
|
96 | (2) |
|
11.3 Planning for Escalation |
|
|
98 | (2) |
|
|
100 | (2) |
|
11.5 Escalation Implementation within ELS |
|
|
102 | (3) |
|
|
105 | (1) |
|
|
106 | (1) |
|
|
107 | (14) |
|
12.1 Federation Technical Considerations |
|
|
107 | (8) |
|
12.2 Federation Trust Considerations |
|
|
115 | (3) |
|
12.3 Federation Conclusions |
|
|
118 | (3) |
|
ELS Extensions - Content Management |
|
|
|
Chapter 13 Content Object Uniqueness for Forensics |
|
|
121 | (8) |
|
13.1 Exfiltration in Complex Systems |
|
|
121 | (1) |
|
|
121 | (1) |
|
|
122 | (1) |
|
|
122 | (6) |
|
13.5 Content Object Summary |
|
|
128 | (1) |
|
Chapter 14 Homomorphic Encryption |
|
|
129 | (28) |
|
14.1 Full Homomorphic Encryption (FHE) |
|
|
129 | (6) |
|
14.2 Partial Homomorphic Encryption (PHE) |
|
|
135 | (8) |
|
14.3 PHE Performance Evaluation |
|
|
143 | (11) |
|
14.4 Homomorphic Encryption Conclusions |
|
|
154 | (3) |
|
ELS Extensions - Data Aggregation |
|
|
|
Chapter 15 Access and Privilege in Big Data Analysis |
|
|
157 | (8) |
|
|
157 | (1) |
|
15.2 Big Data Related Work |
|
|
158 | (1) |
|
|
159 | (5) |
|
|
164 | (1) |
|
Chapter 16 Data Mediation |
|
|
165 | (12) |
|
16.1 Maintaining Security with Data Mediation |
|
|
165 | (1) |
|
|
165 | (2) |
|
|
167 | (5) |
|
|
172 | (1) |
|
|
173 | (4) |
|
ELS Extensions - Mobile Devices |
|
|
|
|
177 | (14) |
|
17.1 Mobile Ad Hoc Implementations |
|
|
177 | (4) |
|
17.2 Network Service Descriptions |
|
|
181 | (6) |
|
17.3 Other Considerations |
|
|
187 | (1) |
|
17.4 Mobile Ad Hoc Summary |
|
|
188 | (3) |
|
Chapter 18 Endpoint Device Management |
|
|
191 | (18) |
|
18.1 Endpoint Device Choices |
|
|
191 | (7) |
|
18.2 Endpoint Device Management |
|
|
198 | (11) |
|
ELS Extensions - Other Techniques |
|
|
|
Chapter 19 Endpoint Agent Architecture |
|
|
209 | (10) |
|
|
209 | (1) |
|
|
209 | (1) |
|
|
210 | (1) |
|
19.4 Endpoint Agent Results |
|
|
211 | (7) |
|
19.5 Endpoint Agent Conclusions |
|
|
218 | (1) |
|
19.6 Endpoint Agent Extensions |
|
|
218 | (1) |
|
Chapter 20 Ports and Protocols |
|
|
219 | (14) |
|
|
219 | (2) |
|
20.2 Communication Models |
|
|
221 | (1) |
|
20.3 Ports in Transport Protocols |
|
|
222 | (1) |
|
|
223 | (1) |
|
20.5 Assigning Ports and Protocols |
|
|
224 | (1) |
|
20.6 Server Configurations |
|
|
225 | (1) |
|
20.7 Firewalls and Port Blocking |
|
|
225 | (1) |
|
20.8 Application Firewalls |
|
|
226 | (1) |
|
20.9 Network Firewalls in ELS |
|
|
227 | (1) |
|
20.10 Endpoint Protection in ELS |
|
|
227 | (4) |
|
20.11 Handling and Inspection of Traffic |
|
|
231 | (1) |
|
20.12 Additional Security Hardening |
|
|
231 | (2) |
|
Chapter 21 Asynchronous Messaging |
|
|
233 | (12) |
|
21.1 Why Asynchronous Messaging? |
|
|
233 | (1) |
|
|
234 | (2) |
|
21.3 Asynchronous Messaging Security |
|
|
236 | (2) |
|
|
238 | (5) |
|
|
243 | (2) |
|
Chapter 22 Virtual Application Data Center |
|
|
245 | (14) |
|
|
245 | (1) |
|
22.2 Enterprise Level Security and VADC Concepts |
|
|
246 | (2) |
|
|
248 | (3) |
|
22.4 Resource Utilization |
|
|
251 | (4) |
|
22.5 Distributed Benefits and Challenges |
|
|
255 | (2) |
|
22.6 Virtual Application Data Center Conclusions |
|
|
257 | (2) |
|
Chapter 23 Managing System Changes |
|
|
259 | (10) |
|
|
259 | (1) |
|
|
259 | (2) |
|
|
261 | (3) |
|
23.4 Realizing the Vision |
|
|
264 | (4) |
|
23.5 Moving into the Future |
|
|
268 | (1) |
|
23.6 Managing Information Technology Changes |
|
|
268 | (1) |
|
Chapter 24 Concluding Remarks |
|
|
269 | (6) |
|
24.1 Staying Secure in an Uncertain World |
|
|
269 | (1) |
|
24.2 The Model is Important |
|
|
269 | (1) |
|
24.3 Zero Trust Architecture |
|
|
270 | (1) |
|
24.4 Computing Efficiencies |
|
|
270 | (2) |
|
24.5 Current Full ELS System |
|
|
272 | (1) |
|
|
272 | (3) |
References |
|
275 | (22) |
Acronyms |
|
297 | (4) |
Index |
|
301 | |