IT Architecture Automa/c Verifica/on: A Network Evidencebased Approach António Alegria (Presen0ng) Portugal Telecom Ins/tuto Superior Técnico – Universidade Técnica de Lisboa André Vasconcelos Center for Opera/onal Design and Engineering Ins/tuto Superior Técnico – Universidade Técnica de Lisboa
27
Embed
IT Architecture Automatic Verification (RCIS 2010)
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
IT Architecture Automa/c Verifica/on: A Network Evidence-‐based Approach
António Alegria (Presen0ng) Portugal Telecom
Ins/tuto Superior Técnico – Universidade Técnica de Lisboa
André Vasconcelos
Center for Opera/onal Design and Engineering Ins/tuto Superior Técnico – Universidade Técnica de Lisboa
Roadmap
• Problem Statement
• Proposed Approach • Proof of Concept Prototype • Case Study • Results • Future Work
2
Problem Statement
Is the expected model correct?
Does the implementa5on meet expecta5ons?
3
Informa5on Systems Architecture (ISA) Planning Process
How to Check the Reality of IT Architecture?
• Actual architecture emerges from Informa/on Systems’ (IS) func/on
• IS manifest themselves through: – Input and Output ar/facts – Interac/ons with other agents (humans or machines)
• Interac/ons with other systems are predominantly through TCP/IP networks
• At the technology level it’s possible to capture all IS’ manifesta/ons in corporate networks – Security experts have been doing it for a long /me although with a different purpose and at a lower level of abstrac/on
4
How to Check the Reality of IT Architecture?
• How to infer evidence of the actual architecture through the “bits” captured in the network? – Protocol headers and applica/on-‐layer payload contain informa/on that serve as explicit or implicit evidence for the status quo of the IS and their architecture
• If we capture all IS’ network interac/ons how can we verify an IT Architecture (ITA) model? – By confron/ng that model with all the evidence collected from the network
5
Research Ques/on
How to automa5cally verify if an IT Architecture
model is actually in sync with current IS, resor5ng
exclusively to the passive analysis of their network
traffic?
6
Approach
Cap/on
Common ISA Planning Process
Extensions: Verifica5on Process
Extensions: Verifica/on Cycle
Extensions: Lifecycle
7
This subprocess is our main focus (at the technology level)
Verifica/on Process (Simplified)
8
Verifica/on Process (Simplified)
Dis/lls evidence of the real ITA from passively captured and analyzed network traffic
9
Traffic Monitoring
• Discover evidence of the actual ITA from network packets, headers and payloads
• Par/ally Iden/fied architecture elements (due to lack of “built-‐in knowledge”): – «IT Pla^orm Block» – Excep/ons:
§ .Net Framework 2.0 in SFAP’s frontends § SQL Server 2005 in SFAP’s data backends
– «IT Services» Realiza/on – Excep/ons: § One data service supported by SQL Server 2005 (SFAP’s data backend)
20
Results (Con/nued…)
• Incorrect Model: – All devia/ons were detected – Most of them explicitly reported as errors – A few cases were undecidable
§ Lack of evidence to support or refute that architecture component § Prototype raises a “red flag” § Architect is lead to inves/gate these specific cases
• Knowledge Discovery – All of the Ne^acts evidence – Undocumented Architecture Elements:
§ over 50 «IT Services» § several «IT Opera/ons» and used parameters § Database Tables and Columns
21
Future Work
• Automa/c elicita/on of ITA model • From low-‐level evidence infer high-‐level model Automa/c Discovery of ITA
• Middleware • Enterprise Service Bus Complex IS Technical Rela/onships
• Applica/on Logs • Ac/ve Probing and Agent-‐based solu/ons Other Data Sources
• Informa/on Architecture • Applica/on Architecture Other IS Architecture Levels
22
Thank You
Ques/ons?
23
Thank You
Ques/ons?
24
Thank You
Ques/ons?
25
Extending the CEO Framework
New En5ty New A^ribute: «concreteName» New A^ribute: «version»