J.J. Brennan
The MITRE Corporation
USA
Don Faatz
The MITRE Corporation
USA
Mindy Rudell
The MITRE Corporation
USA
Carson Zimmerman
The MITRE Corporation
USA
This paper discusses VIEWS, a specification for building diagrams that describe the security features of systems. The authors' recent experience with providing security architecture and engineering support to organizations with large, distributed applications suggests that it is often difficult to comprehend security designs when they are embedded in voluminous written documents. It is our belief that security architecture and assurance efforts could benefit by following the lead of other engineering disciplines where expressing designs using graphical models, drawings, or notation is the norm. Producing a high-level, graphical depiction of a design would not only help overcome the problems that come with complexity per se, but would also position security architects to better understand a system's security posture, and consequently how it deals with the threats that might exist.
VIEWS is a formalized approach to building diagrams. The output of a modeling effort using VIEWS is a diagram depicting a system's security features as well as those of the environment in which the system operates. A goal of VIEWS is to allow the display of important security features without injecting cluttering detail. The focus of this paper is to demonstrate how the specification can be used to build a security diagram, which is done with an example.
Keywords: visual models, distributed systems, enterprise security