Cost-Effective Protection of Information Systems

Commercial and government organizations are deploying database management system (DBMS) technology as the backbone for their electronic commerce and Internet-based computing applications. As one would expect, these organizations require high performance, scaleable, fault-tolerant systems that can efficiently and securely process transactions from thousands of concurrent, distributed clients. As application requirements for performance increase, multi-vendor, multi-component architectures to support these requirements are becoming more complex. However, commercial off-the-shelf technologies are being utilized for a variety of new web-based applications that support these application requirements in terms of both performance and security. Historically, client/server applications were developed and the security of these “two-tier” applications was fairly straightforward. The client application was written and tested to verify correctness. The client application communicated directly with the backend commercial DBMS, which had already been evaluated as meeting various internationally recognized security metrics (e.g., Orange Book, ITSEC). Additionally, the networks were “closed” to protect the information from flowing outside the defined community of interest. Therefore, even if there was a security flaw in the application code, the damage was restricted to those already possessing sufficient “need to know.” Today’s “service centric” application architectures are more complex. They include multiple tiers on multiple platforms performing specific tasks. For example, a browser client might authenticate to a web page that accesses information stored in a database behind a firewall, with the database obtaining authorizations for the user based upon information stored in a directory. Therefore, the application architecture must rely upon, for example, 1) a Secure Sockets Layer (SSL) connection to the web application server, 2) a secure connection through a firewall to the database, 3) a secure lookup of user information in a (LDAP) directory, and 4) mutual authentication of each of these interfaces using smartcards, Kerberos, X.509 certificates, or passwords. While the integration of these components may add complexity to the application (versus client/server), organizations require this type of configuration to enhance security. This architecture, while more complex than client/server, is more performant, supports a variety of user authentication mechanisms, and adds layers of protection as the application process flows between tiers. In essence, each layer has the capability to re-verify the transaction as it passes through its realm. This gives rise to applications that are costeffective and secure. It is for this and other reasons that organizations in defense, healthcare, social services, and electronic commerce are deploying applications with multi-tier architectures. In addition to process isolation and separation for performance and throughput, these additional layers add to the security of the overall system. The presentation will describe customer implementations of this architecture and the benefits and challenges involved in their deployment.