SAE 599: Resilient, Cyber Secure Systems

1
SAE 599Resilient, Cyber SecureSystems
System-of-Systems University of Southern
CaliforniaViterbi School of EngineeringSystems
Architecture Engineering (SAE)

• Ken Cureton
• November 2014
• cureton_at_usc.edu

2
SAE 599 General Objective

• Part of Systems Architecting Engineering (SAE)
  Series
• ObjectiveProvide System Engineers and
  Architects with Methods and Tools for the Design
  and Analysis of Current and Future Complex
  Systems and System-of-Systems, with Emphasis on
  Cloud Computing, Cyber Security, and Resiliency.
• Elective Course in University of Southern
  Californias Masters Program in Systems
  Architecting Engineering
• New Class Starting in Fall 2014
• Will be re-numbered and added to the Course
  Catalog when formally approved by the University
• Supplants SAE 574 Net-Centric Systems
  Architecting Engineering

3
SAE 599 Detailed Learning Objectives

• To provide students with the ability to develop
  understand requirements and apply the right
  analytical methods when architecting complex
  System-of-Systems
• To improve the students understanding of the
  role of system architects and their relationship
  to systems engineering of complex
  System-of-Systems
• To introduce the students to new and advanced
  topics relevant to complex System-of-Systems
  architecting and modeling
• Emphasis on the Systems Architecting Systems
  Engineering of Cloud Computing, Cyber Security,
  and Resiliency
• To improve the students ability to generate a
  professional-level research paper, suitable for
  presentation at a systems engineering conference
  or publication in a professional journal

4
SAE 599 Class Format

• Semester Class, 16 Weeks, One night/week
• 13 Weekly Lectures, 2 hours 40 minutes each
• 2 days off (Holiday or Break, Study Days)
• 1 Final Exam week (scheduled but not used)
• Distance Learning Format
• Few (if any) students in the TV Studio, majority
  of students attending remotely via Distance
  Learning
• Class content webcasted for online/offline
  viewing
• Webex for real-time interaction E-mail,
  Telephone, and Office Hours for backup
  interaction
• Class content talking points and illustrations in
  PowerPoint format, hosted on Blackboard Software
  for student preview
• Blackboard Software used for repository of class
  lecture content, assignment submission grade
  recording, andoff-line discussion Boards

5
SAE 599 Class Grading

• One Research Paper required of each student
• In place of a Final Exam, 2/3 of class grade
• Papers are typically 25 single-spaced pages,
  suitably formatted for publication in a technical
  journal
• Student materials on How to Write a Research
  Paper
• Students are encouraged to e-mail Instructor with
  questions, outlines, drafts, etc.
• Students choose research topic
• Submit abstract for approval by Instructor
• Bi-Weekly Homework
• In place of a Mid-Term Exam, 1/3 of class grade
• Structured analysis required for paper, homework
• Specific analyses required in each case to
  demonstrate students ability to apply the class
  fundamentals

6
SAE 599 Lecture 1

• Syllabus
• Definitions Characteristics
• Systems Architecting Systems Engineering
• Resilient Systems
• System-of-Systems System-of-Systems Engineering
• Evolution of Service-Oriented Architectures(leadi
  ng up to Cloud Computing)
• Networked System Characteristics(fixed/mobile
  networks, fixed/mobile nodes)
• Cyber Security
• Net-Enabled Ecosystem, Emergent Behavior
• Complexity Theory applied to Complex Networked
  Systems (such as Cloud Computing)

7
SAE 599 Lecture 2

• Characteristics of Cloud Computing
  Architectures(from a Systems Architecting/
  Systems Engineering Perspective)
• Fundamentals of Service-Oriented Architectures
  (SOA)
• Data-as-a-Service (DaaS)
• Infrastructure-as-a-Service (IaaS)
• Platform-as-a-Service (PaaS)
• Software-as-a-Service (SaaS)
• Into the Future Everything-as-a-Service?
• Public/Private (or Hybrid) Clouds
• Mobile (or Tactical) Clouds
• Open/Standard Proprietary/Closed Cloud
  Interfaces

8
SAE 599 Lecture 3

• Benefits Drawbacks of Cloud Computing
• The Business Case
• Reduced Cost Development Time
• Commonality Open Applications
• Software Development Support Environment
• Agility to Meet Changing Environment
• The Risks Drawbacks
• System Complexity
• Shared Multi-tenant Environment
• Internet-facing Services
• Loss of Some Control
• Visibility of Governance Policy Adherence
• Security Trust

9
SAE 599 Lecture 4

• Sample Application of Cloud Computing
• Response to a Major Complex Humanitarian Disaster
• Haiti Earthquake 12 Jan 2010, M7 Earthquake
• Multi-National Incident Response
• Dissimilarity of Organizations
• Military Other Government Organizations,Non-Gov
  ernmental Organizations, Private Entities
• Lack of Surviving Infrastructure
• Use of Cloud-Based Services to Coordinate
  activities for
• Search-And-Rescue, Medical Transportation,
  Logistics of Supply Pickup/Storage/Delivery,
  Peace-Keeping (e.g. looting control), Asset
  Tracking (personnel equipment locations),
  Situational Awareness (e.g. weather, road
  conditions)

10
SAE 599 Lecture 5

• Resilient Architecture in Cloud Computing
• BEFORE Phase I of Disruption in Cloud-Based
  Services
• Allows Anticipation, Design Margins Corrective
  Action to be Considered in an Incident Response
  Plan for Typical Disruptions of Cloud-Based
  Services
• DURING Phase II of Disruption in Cloud-Based
  Services
• How the System Survives the Impact of Disruptions
• Implement Incident Response Plan, Ranging from
  Fail-Operational Down to Manual Methods
• AFTER Phase III of Disruption in Cloud-Based
  Services
• How the System Recovers from Disruptions
• Incident Analysis and Resolution
• Incident Response Plan Optimization
• Note that a disruption may be Accidental or
  Deliberate

11
SAE 599 Lecture 6

• Cyber Security for Cloud Computing (Part
  I)Assuring Availability Fault Tolerance
• Fundamentals of Fault Tolerance for
  ResiliencyAssured Operation, Inadvertent
  Operation, Intermittent Operation, Generic
  Failures, Fault Containment
• Impacts on Reliability, Maintainability, Training
• Typical Hardware Software Steps to Assure
• Network Availability
• Data Availability
• Processing Capability
• Advantages Disadvantages of Cross-Strapping of
  Redundant Capability

12
SAE 599 Lecture 7

• Cyber Security for Cloud Computing (Part
  II)Assuring Integrity Trust
• Fundamentals of Trust for Critical
  Safety-Of-Life Applications
• Trusted System Concepts (Hardware, People,
  Processes)
• Trusted Software Concepts Methodologies(includi
  ng Formal Methods)
• Data Integrity (Checksums, CRC, Hash codes, etc.)
• Data in Storage (Local in the Cloud)
• Data in Transit
• Data in Computation (Local in the Cloud)

13
SAE 599 Lecture 8

• Cyber Security for Cloud Computing (Part
  III)Handling Accidental Deliberate Threats
• Cyber Security vs. Information Assurance
  INFOSEC
• Vulnerabilities, Threat Sources their
  Tools/Methods
• Trusted Federated Identity Management
• Confidentiality (PKI, Certificates, IPSEC, TLS,
  PGP)
• Authentication of Identity (methods for Weak
  Strong)
• Authorization Access Control
• Non-Repudiation Audit Trails
• Network Security Management (Enclaves, Layered
  Security)
• Security Risk Management
• Guidance Regarding Cyber Security of Cloud
  Computing
• Cyber Security Standards Resource Sites

14
SAE 599 Lecture 9

• Cyber Security for Cloud Computing (Part IV)Risk
  Management in Cloud Computing
• Failure Modes Effects with Criticality Analysis
  (FMECA)of Complex Networked Systems
• Risk Management Framework the Security Life
  Cycle
• Categorize the Information Systems and the
  Information Processed, Stored, and Transmitted
• Select an Initial Set of Baseline Security
  Controls
• Implement the Security Controls
• Assess the security controls using appropriate
  procedures to determine the extent to which the
  controls are implemented correctly, operating as
  intended, and producing the desired outcome
• Authorize Information System Operation
• Monitor and Assess Selected Security Controls
• Recommended Process for Applying Risk Management
  in Cloud Computing

15
SAE 599 Lecture 10

• Interoperability Challenges in Cloud
  Computing(System-of-Systems)
• Interaction of Processes, People, Technology
• Layers of Interoperability
• Network Transport
• Information Services
• Applications, Processes, and People
• Application Program Interfaces (APIs)
• Multiple, Conflicting Standards
• Cloud Provider-Specific Proprietary Interfaces
• Cloud Brokerage
• Methods to
• Develop Validated Interoperability Requirements
• Verify Compliance with Interoperability
  Requirements

16
SAE 599 Lecture 11

• Architecture Modeling for Cloud Computing
• Goals Objectives of Architecture Modeling
• Why Model-Based Systems Engineering (MBSE) is a
  recommended approach for Complex Systems SoS
• Brief Introduction to System-of-Systems Analysis
  Modeling Tools
• Unified Modeling Language (UML)
• System Modeling Language (SysML)
• Enterprise Architecture Frameworks (DoDAF, etc.)
• Model-Driven Architecture (MDA) Development
• Use of Executable Models Visualization of
  Scenarios, Validation of Requirements,
  Verifiability of Requirements
• Recommended Process for Applying Architecture
  Modeling in Cloud Computing

17
SAE 599 Lecture 12

• Complexity Theory Applied to Cloud Computing
• Characterization Of Network Types
• Ranging from Uniform to Highly Heterogeneous
• Characterize Structure of Networks in Terms of
  Correlation Measures
• Heterogeneity, Randomness, Modularity
• Mutual Information, Noise Joint Entropies
• Network Clustering in Domain of Entropy/Noise
  Space
• Entropy Measure of Uncertainty
• Noise Level Measure of Assortativeness
• Key Properties Include
• Resilience
• Constraints on Possible Types of Complex Networks

18
SAE 599 Lecture 13

• Guest Lecture
• Topics Pertinent to Systems Architecting and
  Systems Engineering of Complex System and
  System-of-Systems
• Cloud Computing, Cyber Security, and Resiliency
• Ranging from Practical Experience to
  State-of-the-Art
• Emphasis on Tools, Methods, Lessons-Learned

19
SAE 599 Summary

• Students Exposed to a Broad Range of Cloud
  Computing Architecture Fundamentals
  Implementation Details
• Students Required to Demonstrate (for their
  chosen topic)
• Cloud Computing Architecture Characteristics
• Expected Benefits Drawbacks of the Architecture
• Resiliency Before, During, and After Disruption
  of Service
• Assured Availability/Fault Tolerance of the
  Architecture
• Assured Integrity Trust of the Architecture
• Handling of Accidental Deliberate Threats
• Risk Management Assessment of the Architecture
• Interoperability Characteristics of the
  Architecture
• Architecture Model
• Complexity Theory Assessment of the Architecture
• Objective Train Systems Architects Systems
  Engineers in the application of methods and tools
  for the design and analysis of current and future
  complex systems and system-of-systems, with
  emphasis on Cloud Computing, Cyber Security, and
  Resiliency