Sunday, October 4, 2015

The Extended Domain Concept

One interesting problem that comes up during the course of security architecture is the concept of domains and how those domains interact with each other.  A simple example is shown in the figure below.










The figure depicts a few security policies (SA1, SA2, and SA3) along with some policy domains (domain 1, domain 2, domain 3).  The users A, and B belong to domain 1 and the users X and Y belong to domain 2.  For the above scenario, the following is true

  • If user A wants to talk to user B, they must conform to security policy 1
  • If user X wants to talk to user Y, they must conform to security policy 2
  • domain 1 and domain 2 are sub-domains of domain 3
  • If a user in domain 1 wants to talk to domain 2, they must conform to the security policy 3
Domains can generally interact with their environment in several different ways. For example, a domain could follow the example above where inter-domain communication is governed by a policy of the super domain.  In other cases, domain communication could be facilitated by a trusted third party.  This is similar to the current certificate authority system (if clients were also using certificates to validate their identity). 

One concept that I like in this space is that of the extended domain policy.  This policy is generally used when facilitating communication between a domain of stricter policies with that of a weaker one.  In this case, the domain with the stronger policy extends their domain into the weaker domain policy, only allowing communication to be facilitated via that broker.

Being a Canadian citizen, a nice way to illustrate this is to compare and contrast airport customs between Canada and the US.  When I travel to the US from Canada, I pass US customs in Canada.  This is a great example of the extended domain concept at work.  The US, believing their security requirements are much greater than Canada, will not let you board a plane destine for the US without first authorizing you.

Canada, on the other hand, acts more like a traditional inter-domain policy association.  Canada enforces it's controls at it's own border.

In the business world, I think that the extended domain concept is an important one.  One use case would be a corporate entity that owns several subsidiaries.  Using the extended domain model, the entity could enforce strict control over communication into it's network by deploying trusted agents in each subsidiary to facilitate communication.

 **Image taken from the book: Enterprise Security Architecture - Nicholas A Sherwood