Chapter 11: Security – Protecting Systems from Threats

Security – Protecting Systems from Threats on security in software architecture establishes the foundation for protecting systems by focusing on the core characteristics: confidentiality, integrity, and availability (CIA). Security is defined as the system's capacity to safeguard data and information from unauthorized access, while still allowing access to authorized users, noting that attacks are actions intended to cause harm, potentially through unauthorized data access, modification, or denial of service. A closely related concern is privacy, which centers on limiting access to personally identifiable information (PII). Architects and security engineers utilize threat modeling techniques, such as constructing an attack tree (similar to a fault tree), to determine possible threats where the goal is to compromise CIA. The chapter introduces a detailed security general scenario, which structures analysis by defining the Source of the attack, the Stimulus (e.g., unauthorized attempts to display or change data or reduce availability), the Artifact (the target, such as services or data), the system's Environment (e.g., online or behind a firewall), and the necessary Responses, including maintaining CIA and measures like recording access attempts and notifying appropriate entities. To achieve robust security, four architectural tactics categories are detailed: Detect Attacks (e.g., verifying message integrity using checksums or hash values, identifying intrusions based on malicious signatures, and monitoring for denial-of-service (DoS) patterns); Resist Attacks (encompassing identification, authentication using methods like two-factor authentication or biometrics, authorization via access control mechanisms, limiting system access or exposure through techniques like a demilitarized zone (DMZ), data encryption, validation of input against threats like SQL injection and cross-site scripting (XSS), and separating sensitive entities); React to Attacks (such as restricting login attempts after failures and promptly informing actors like operators when an apparent attack occurs); and Recover from Attacks (leveraging availability tactics, maintaining thorough audit trails to trace attackers, and guaranteeing nonrepudiation through digital signatures). Finally, the chapter discusses architectural patterns like the Intercepting Validator and the Intrusion Prevention System (IPS), which support detection and reaction tactics, alongside a tactics-based questionnaire used for architectural review. Other aspects for secure systems include secure coding and organizational processes.