# Week-4 Cybersecurity Architecture

In this notebook, we explore the development of various cybersecurity architectures and threat models critical for securing modern web platforms. These architectures include MVC, Defense in Depth, Zero Trust, TOGAF, SABSA, and SSDLC, implemented across AWS and Azure. Each section includes diagrams, tables, and detailed analyses to visualize and explain concepts, enriched with educational content and references to industry standards.

**Learning Objectives:**
- Understand key cybersecurity architecture frameworks and their principles.
- Learn how to implement these architectures using cloud services.
- Analyze their applicability, usage, challenges, and historical incidents.

## Install Requirements

Before running the code, ensure the `diagrams` library is installed to generate architecture diagrams, and `tabulate` for formatted tables. These libraries aid in visualizing complex systems and presenting data clearly for educational purposes.

In [None]:
# Install required libraries using pip
!pip install diagrams tabulate

## 1. MVC (Model-View-Controller) Architecture

The **Model-View-Controller (MVC)** architecture is a foundational design pattern in software engineering, particularly for web applications.

### Core Principles
- **Separation of Concerns**: Divides application into Model (data/logic), View (interface), and Controller (input processing).
- **Modularity**: Enables independent development and maintenance.
- **Reusability**: Components can be reused across projects.

### When to Use
- Ideal for scalable web applications needing clear separation.
- Suitable for maintainable projects with frequent updates.

### When Not to Use
- Avoid for simple apps where separation adds unnecessary complexity.
- Not recommended if the team lacks MVC expertise.

### Appropriate Platforms
- Web frameworks like Flask, Django, Ruby on Rails.

### Usage
- **How Widely Used**: Extensively in e-commerce, finance, healthcare.
- **What It’s Used For**: Building scalable, testable web applications.

### Issues
- **Complexity**: Overkill for small apps.
- **Learning Curve**: Requires pattern familiarity.

### Well-Known Problems
- **Tight Coupling**: Poor implementation creates dependencies.
- **Performance**: Large datasets can slow unoptimized systems.

### Known Cybersecurity Incidents
- **SQL Injection**: Model input flaws (e.g., early web apps).
- **XSS**: View escaping issues (e.g., e-commerce sites).

**Reference**: Gamma, E., et al. (1994). *Design Patterns*. Addison-Wesley.

In [None]:
from diagrams import Diagram, Cluster
from diagrams.onprem.client import Users, Client
from diagrams.onprem.network import Internet, Haproxy
from diagrams.programming.framework import Flask
from diagrams.onprem.database import PostgreSQL
from diagrams.aws.network import ELB
from IPython.display import Image

# Create a diagram for MVC architecture
with Diagram("Flask Web Platform with MVC Architecture", show=False, outformat="png", filename="flask_mvc_arch"):
    user = Users("User")  # End-user
    browser = Client("Browser")  # View layer interface
    internet = Internet("Internet")  # Network layer
    lb = ELB("Load Balancer")  # Traffic distribution

    with Cluster("Web Platform (MVC)"):
        view = browser
        nginx = Haproxy("Nginx (Web Server)")  # View serving
        controller = Flask("Flask App (Controller)")  # Logic processing
        model = PostgreSQL("PostgreSQL (Model)")  # Data management
        view >> nginx >> controller >> model  # MVC flow

    user >> view >> internet >> lb >> nginx  # External flow

Image(filename="flask_mvc_arch.png")

## 2. Defense in Depth

**Defense in Depth** uses multiple security layers to protect assets.

### Core Principles
- **Layered Security**: Multiple controls at different levels.
- **Redundancy**: Overlapping measures for resilience.
- **Diversity**: Varied controls for multiple threats.

### When to Use
- High-value assets (e.g., financial data).
- Environments with diverse threats (e.g., cloud).

### When Not to Use
- Low-risk settings where cost exceeds benefits.
- Limited resource scenarios.

### Appropriate Platforms
- Enterprise networks, cloud systems, critical infrastructure.

### Usage
- **How Widely Used**: Common in finance, healthcare, government.
- **What It’s Used For**: Protecting against malware, phishing.

### Issues
- **Complexity**: Hard to manage multiple layers.
- **Cost**: High implementation expense.

### Well-Known Problems
- **Misconfiguration**: Creates vulnerabilities.
- **Over-Reliance**: Neglects weaker layers.

### Known Cybersecurity Incidents
- **Target Breach (2013)**: HVAC exploit, 40M cards stolen.
- **Equifax (2017)**: Web flaw, 147M affected.

**Reference**: NIST. (2018). *Cybersecurity Framework*. https://www.nist.gov/cyberframework

In [None]:
from tabulate import tabulate

# Table for Defense in Depth
data = [
    ["User Access", "IAM policies, MFA", "Azure AD policies, MFA", "Verify identity"],
    ["Edge Protection", "WAF, CloudFront", "Azure Front Door", "DDoS mitigation"],
    ["Network", "VPC, Security Groups", "VNet, NSGs", "Traffic control"]
]
headers = ["Layer", "AWS Controls", "Azure Controls", "Purpose"]
print(tabulate(data, headers=headers, tablefmt="fancy_grid"))

## 3. Zero Trust Architecture

**Zero Trust** assumes no trust by default, requiring continuous verification.

### Core Principles
- **Never Trust, Always Verify**: Continuous authentication.
- **Least Privilege**: Minimal access rights.
- **Continuous Monitoring**: Ongoing activity checks.

### When to Use
- Cloud, hybrid, or remote work environments.
- High-security data protection needs.

### When Not to Use
- Small, low-risk setups.
- Resource-constrained organizations.

### Appropriate Platforms
- Cloud services, remote setups, multi-partner ecosystems.

### Usage
- **How Widely Used**: Growing in cloud transitions.
- **What It’s Used For**: Regulatory compliance (e.g., finance).

### Issues
- **Complexity**: Significant infrastructure changes.
- **User Experience**: Strict controls may hinder productivity.

### Well-Known Problems
- **Visibility**: Hard to monitor everything.
- **False Positives**: Over-monitoring issues.

### Known Cybersecurity Incidents
- **SolarWinds (2020)**: Supply chain attack.
- **Colonial Pipeline (2021)**: Access control failure.

**Reference**: NIST SP 800-207. (2020). *Zero Trust Architecture*. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

In [None]:
from tabulate import tabulate

# Table for Zero Trust
zta_data = [
    ["Identity", "IAM", "Azure AD", "Authentication"],
    ["Device", "Inspector", "Security Center", "Posture check"],
    ["Network", "VPC", "VNet", "Segmentation"]
]
headers = ["Pillar", "AWS Controls", "Azure Controls", "Purpose"]
print(tabulate(zta_data, headers=headers, tablefmt="fancy_grid"))

## 4. TOGAF Security Architecture

**TOGAF** provides a structured enterprise architecture approach.

### Core Principles
- **ADM**: Step-by-step architecture development.
- **Enterprise Continuum**: Organizes artifacts.
- **Content Framework**: Defines deliverables.

### When to Use
- Large enterprises aligning IT with business.
- Complex IT environments.

### When Not to Use
- Small projects needing lightweight frameworks.
- Immature organizations.

### Appropriate Platforms
- Large enterprises, government agencies.

### Usage
- **How Widely Used**: Broad in enterprise architecture.
- **What It’s Used For**: Standardized IT systems.

### Issues
- **Complexity**: Overwhelming for small setups.
- **Resources**: Time and expertise heavy.

### Well-Known Problems
- **Documentation**: Over-focus on paperwork.
- **Adaptability**: Slow to adapt to tech changes.

### Known Cybersecurity Incidents
- No specific breaches tied to TOGAF; generic enterprise failures apply.

**Reference**: The Open Group. (2018). *TOGAF 9.2*. https://www.opengroup.org/togaf

In [None]:
from tabulate import tabulate

# Table for TOGAF
togaf_data = [
    ["Business", "IAM", "Azure AD", "Role governance"],
    ["Application", "CodeDeploy", "App Services", "App security"],
    ["Data", "RDS", "Azure DB", "Data protection"]
]
headers = ["Domain", "AWS Controls", "Azure Controls", "Purpose"]
print(tabulate(togaf_data, headers=headers, tablefmt="fancy_grid"))

## 5. SABSA Security Architecture

**SABSA** aligns security with business objectives.

### Core Principles
- **Business-Driven**: Security reflects business needs.
- **Layered**: Contextual to component levels.
- **Risk-Based**: Controls based on risk.

### When to Use
- Aligning security with business goals.
- Structured security needs.

### When Not to Use
- Unclear business objectives.
- Simple frameworks suffice.

### Appropriate Platforms
- Complex enterprises (e.g., finance).

### Usage
- **How Widely Used**: Popular in business-aligned security.
- **What It’s Used For**: Business-security integration.

### Issues
- **Complexity**: Requires deep knowledge.
- **Resources**: Time-consuming.

### Well-Known Problems
- **Translation**: Business to tech gap.
- **Over-Engineering**: Complex solutions.

### Known Cybersecurity Incidents
- No direct SABSA breaches; enterprise failures apply.

**Reference**: Sherwood, J., et al. (2005). *Enterprise Security Architecture*. CMP Books.

In [None]:
from tabulate import tabulate

# Table for SABSA
sabsa_data = [
    ["Contextual", "Business reqs", "Business reqs", "Business alignment"],
    ["Conceptual", "IAM", "Azure AD", "Policy definition"],
    ["Logical", "VPC", "VNet", "Control design"]
]
headers = ["Layer", "AWS Controls", "Azure Controls", "Purpose"]
print(tabulate(sabsa_data, headers=headers, tablefmt="fancy_grid"))

## 6. SSDLC (Secure Software Development Life Cycle)

**SSDLC** integrates security into software development.

### Core Principles
- **Security by Design**: Embedded security.
- **Continuous Testing**: Regular security checks.
- **Risk Management**: Early risk mitigation.

### When to Use
- Software with sensitive data.
- High-risk environments.

### When Not to Use
- Small, low-risk projects.
- Teams lacking security skills.

### Appropriate Platforms
- Software in finance, healthcare, government.

### Usage
- **How Widely Used**: Increasing adoption.
- **What It’s Used For**: Secure software development.

### Issues
- **Time**: Delays development.
- **Resources**: Needs training/tools.

### Well-Known Problems
- **Resistance**: Developer pushback.
- **Pace**: Hard in fast environments.

### Known Cybersecurity Incidents
- **Adobe Flash**: Persistent exploits.
- **Heartbleed (2014)**: OpenSSL flaw.

**Reference**: OWASP. (2021). *SSDLC*. https://owasp.org/www-project-secure-software-development-life-cycle/

In [None]:
from tabulate import tabulate

# Table for SSDLC
ssdlc_data = [
    ["Requirements", "Threat modeling", "Threat modeling", "Risk ID"],
    ["Design", "Arch review", "Arch review", "Secure planning"],
    ["Development", "Inspector", "SAST", "Secure coding"]
]
headers = ["Phase", "AWS Controls", "Azure Controls", "Purpose"]
print(tabulate(ssdlc_data, headers=headers, tablefmt="fancy_grid"))

## Comparison Table

Below is a comparison of the architectures based on key criteria.

In [None]:
from tabulate import tabulate

# Comparison table
comparison_data = [
    ["Architecture", "Core Principle", "Best Use Case", "Complexity", "Widely Used", "Major Issue", "Notable Incident"],
    ["MVC", "Separation of Concerns", "Web apps", "Moderate", "Extensive", "Tight Coupling", "SQL Injection"],
    ["Defense in Depth", "Layered Security", "High-value assets", "High", "Common", "Misconfiguration", "Target (2013)"],
    ["Zero Trust", "Never Trust", "Cloud/Remote", "High", "Growing", "User Experience", "SolarWinds (2020)"],
    ["TOGAF", "Structured ADM", "Enterprise IT", "Very High", "Broad", "Documentation", "Generic breaches"],
    ["SABSA", "Business-Driven", "Business alignment", "Very High", "Popular", "Translation", "Generic breaches"],
    ["SSDLC", "Security by Design", "Software dev", "Moderate", "Increasing", "Time Delay", "Heartbleed (2014)"]
]
print(tabulate(comparison_data, headers="firstrow", tablefmt="fancy_grid"))

## Appendix: Abbreviations

This appendix expands abbreviations used throughout the notebook.

| Abbreviation | Full Form |
|--------------|-----------|
| EC2          | Elastic Compute Cloud |
| ELB          | Elastic Load Balancer |
| VPC          | Virtual Private Cloud |
| RDS          | Relational Database Service |
| IAM          | Identity and Access Management |
| WAF          | Web Application Firewall |
| KMS          | Key Management Service |
| S3           | Simple Storage Service |
| MFA          | Multi-Factor Authentication |
| VNet         | Virtual Network |
| NSG          | Network Security Group |
| SAST         | Static Application Security Testing |
| DAST         | Dynamic Application Security Testing |
| TOGAF        | The Open Group Architecture Framework |
| SABSA        | Sherwood Applied Business Security Architecture |
| SSDLC        | Secure Software Development Life Cycle |
| ADM          | Architecture Development Method |
| XSS          | Cross-Site Scripting |