Open Reference Architecture for Security and Privacy

Note

This publication is also available as hard-copy, see here. Support our work an buy a hardcopy! The latest version of this Open Referene Architecture is always available online at https://security-and-privacy-reference-architecture.readthedocs.io

This reference architecture is built around information that helps you creating security or privacy architectures. This reference architecture is created to improve security and privacy designs in general. In our opinion it is time to stop reinventing the wheel when it comes down to creating architectures and designs for security and privacy solutions.

The reference architecture is not just another security book. Since libraries and book stores are filled with decent books on security and privacy we wanted to create a book that is all about reuse.

(c) 2015,2016,2017,2018, 2019 Asim Jahan and Maikel Mardjan

Published by the Business Management Support Foundation, Apeldoorn, The Netherlands.

All trademarks, trade names, product names and logos appearing in this report are the property of their respective owners.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. Use of these materials is permitted only in accordance with license rights granted. Materials provided “AS IS”; no representations or warranties provided. User assumes all responsibility for use, and all liability related thereto, and must independently review all materials for accuracy and efficacy.

Content

• Foreword
• Introduction
  • Why another reference architecture
  • Why security and privacy
  • Advantage of using this reference architecture
  • Who should use this reference architecture
  • Scope of this reference architecture
  • What about security patterns?
  • How this reference architecture is structured
• Creating a Solution
  • The steps
  • OSS Security and Privacy SBB Selection
  • Architecture view of Security Applications
  • Architecture view of Privacy Applications
• Security and Privacy models
  • Introduction
  • Common attack vectors
  • HTTPS Interception
  • Hosting, hardware, firmware and other invisible threats
  • Security Personas
  • Threat Models
  • Security Models
  • Privacy Models
• Security and Privacy Principles
  • What are principles?
  • Principles or requirements?
  • What are requirements?
  • Reuse requirements
• Security Principles
  • Address Privacy & Security
  • Always consider the users
  • Asset protection and resilience
  • Assume that external systems are insecure
  • Audit information provision to consumers
  • Authenticate users and processes
  • Authorize after you authenticate
  • Avoid security by obscurity
  • Check the return value of functions
  • Clearly delineate the physical and logical security boundaries
  • Compartmentalise
  • Compile with all warnings enabled
  • Complete mediation
  • Computer security is constrained by societal factors
  • Computer Security Requires a Comprehensive and Integrated Approach
  • Computer Security Responsibilities and Accountability Should Be Made Explicit
  • Computer Security Should Be Cost-Effective
  • Computer Security should be periodically reassessed
  • Computer Security Supports the Mission of the Organization
  • Data in transit protection
  • Data is always protected
  • Declare data objects at the smallest possible level of scope
  • Defense in depth
  • Design and implement audit mechanisms
  • Design and operate an IT system to limit damage and to be resilient in response.
  • Design for secure updates
  • Design for security properties changing over time
  • Design reviews
  • Design security to allow for regular adoption of new technology
  • Develop and exercise contingency or disaster recovery procedures to ensure appropriate availability
  • Do not implement unnecessary security mechanisms.
  • Don’t trust infrastructure
  • Don’t trust services (from others)
  • Earn or give, but never assume or trust
  • Economy of mechanism
  • Ensure proper security in the shutdown or disposal of a system
  • Ensure that developers are trained in how to develop secure software.
  • Establish a sound security policy as the“foundation” for design.
  • Establish secure defaults
  • External interface protection
  • Fail Safe Defaults
  • Fail-safe default settings for security and access
  • Formulate security measures to address multiple overlapping information domains
  • Governance framework
  • HTTP header use
  • Identify and prevent common errors and vulnerabilities
  • Identify potential trade-offs
  • Identity and authentication
  • Implement layered security (Ensure no single point of vulnerability).
  • Implement least privilege
  • Implement tailored system security measures to meet organizational security goals.
  • Isolate public access systems from mission critical resources
  • Least common mechanism
  • Least privilege
  • Limit the use of pointers
  • Limit the use of the preprocessor to file inclusion and simple macros
  • Logging secrets
  • Minimize secrets
  • Minimize the system elements to be trusted.
  • Open design
  • Operational security
  • Personnel security
  • Protect information while being processed, in transit, and in storage.
  • Provide assurance that the system is, and continues to be, resilient in the face of expected threats.
  • Psychological acceptability
  • Reduce risk to an acceptable level.
  • Risk Based Approach to Security
  • Secure use of the service by the consumer
  • Security by Design
  • Sensitive Data
  • Sensitive data must be identified
  • Separation between consumers
  • Separation of privilege
  • Session lifetime
  • Strive for operational ease of use.
  • Strive for simplicity
  • Supply chain security
  • Systems Owners Have Security Responsibilities Outside Their Own Organizations
  • Treat security as an integral part of the overall system design.
  • Use an authentication mechanism that cannot be bypassed
  • Use only Secure Protocols
  • Use standard solutions
  • Use unique identities to ensure accountability
  • Where possible, base security on open standards for portability and interoperability.
• Privacy Principles
  • EU GDPR privacy principles
  • Other privacy principles
  • Access to Personal data
  • Data anomyzation
  • Collection Limitation Principle
  • Collection of personal data
  • Defensive data collection
  • Design reviews
  • Disclosure to third parties
  • Don’t trust infrastructure
  • Don’t trust services (from others)
  • Individual Participation Principle
  • Management Responsibility
  • Monitoring and enforcement
  • Purpose Specification Principle
  • Security for privacy
  • Security Safeguards
  • Use Limitation Principle
• Security and Privacy designs
  • Handling privacy regulations
  • How do I apply privacy by design
  • How do I manage API security
  • How do I validate a password?
  • What are good privacy design patterns?
  • How to handle privacy when designing new protocol specifications?
  • How to build the Internet yourself?
• Using Open Source for security and privacy protection
  • Introduction
  • What is open Source Software (OSS)?
  • The power of open for security and privacy
  • Determining quality of OSS for security and privacy applications
• OSS Security Applications
  • About this list
  • AIL framework
  • American fuzzy lop
  • Bandit
  • Bosun
  • Cameradar
  • CLIP OS
  • ClusterFuzz
  • Data Seal
  • Datastream
  • Deeptracy
  • Diffoscope
  • Duplicity
  • Evilginx2
  • Fail2ban
  • FIDO (Fully Integrated Defense Operation)
  • FourOneOne
  • Ghidra
  • GNUnet
  • Gophish
  • Gryffin
  • Hammertime
  • Hashcat
  • Httpswatch
  • Kali
  • Keycloak
  • Kismet
  • Lascar
  • Libreswan
  • Lightbulb
  • Lynis
  • Magic Wormhole
  • Malspider
  • Mantra
  • MITMEngine
  • Mitmproxy
  • ModSecurity
  • MOSP
  • Mozilla HTTP Observatory
  • Mythril
  • OpenVAS
  • ORY Hydra
  • osquery
  • OWASP ZCR Shellcoder
  • OWASP Zed Attack Proxy (ZAP)
  • Phpseclib (PHP Secure Communications Library)
  • PySyft
  • Radare
  • Requests: HTTP for Humans
  • RIPS (code analyser)
  • RouterSploit
  • SecLists
  • Security Monkey
  • SigPloit
  • SIMP (The System Integrity Management Platform)
  • Simplify
  • Sonarqube
  • SpiderFoot
  • Streisand
  • Stunnel
  • Suricata
  • Susanoo
  • SWAMP (Software Assurance Marketplace)
  • Tamper Chrome
  • Threat Dragon
  • Tink
  • Tlsfuzzer
  • Tor
  • Unfurl
  • URL Abuse
  • Vault
  • VERIS
  • VSAQ: Vendor Security Assessment Questionnaire
  • w3af (Web Application Attack and Audit Framework)
  • Wapiti
  • Wifite 2
  • WireGuard
  • YARA
  • Zeek
• OSS Privacy Applications
  • About this list
  • Amiunique
  • Blockstack
  • BRIAR
  • ChatSecure
  • Diaspora
  • Fingerprintjs2
  • FreedomBox
  • GNUnet
  • IRMA
  • Jami
  • MAT: Metadata Anonymisation Toolkit
  • Matrix
  • Mitmproxy
  • Open Whisper (Signal)
  • PrivacyScore
  • Searx
  • Steghide
  • Streisand
  • Tails
  • Tor
  • Tox
  • Tribler
  • WireGuard
  • XPIR
• Open Toolbox
  • Secure Coding Guidelines
  • Reproducible builds
  • Mozilla
  • GOlang programming
  • OSS Security Software Repositories
  • General information on information security
  • Attacks methods
  • Thread Models
  • Security Frameworks
  • Privacy References Architectures and Models
  • Open Access Privacy Journals
  • Transactions on Data Privacy
  • Guide to data protection
  • Open Foundations on security & Privacy
  • Checklists
  • Vulnerability Databases
  • Learning and training resources
  • Open Source Initiative (OSI)
  • Libre Router project
  • Information Security Guide
• About the authors
  • Asim Jahan
  • Maikel Mardjan
• Licensing
• Contributing