Architecture Risk Analysis
Architecture Risk Analysis (ARA) is a systematic approach to identifying, analyzing, and prioritizing security risks in software and system architectures before they become vulnerabilities.
Attack Surface Analysis
The attack surface is the sum of all points where an attacker can try to enter or extract data. Reducing the attack surface is a fundamental security principle.
Network Attack Surface
- • Open ports and services
- • API endpoints
- • Network protocols
- • Load balancers
- • DNS configuration
Software Attack Surface
- • User input fields
- • File upload mechanisms
- • Authentication endpoints
- • Third-party libraries
- • Configuration files
Physical Attack Surface
- • Physical access points
- • USB ports
- • IoT devices
- • Removable media
- • Physical security controls
Attack Surface Reduction Techniques
1. Minimize Entry Points
Close unnecessary ports, disable unused services, remove debug endpoints in production.
2. Reduce Code Complexity
Remove dead code, minimize third-party dependencies, use proven libraries.
3. Enforce Least Privilege
Services run with minimum permissions, users have only necessary access rights.
4. Segment Networks
Isolate sensitive systems, use firewalls between zones, implement micro-segmentation.
Trust Boundaries
Trust boundaries are lines in an architecture where the level of trust changes. Data crossing trust boundaries must be validated, sanitized, and authenticated.
Common Trust Boundaries
External → Internal
- • Internet → DMZ
- • User browser → Web server
- • Mobile app → API gateway
- • Partner systems → Integration layer
Internal Boundaries
- • DMZ → Internal network
- • Application tier → Database tier
- • User zone → Admin zone
- • Container → Host system
Trust Boundary Rule
Risk Assessment Methods
Quantitative vs Qualitative
Quantitative Analysis
Uses numerical values and formulas to calculate risk.
- • ALE = SLE × ARO
- • Annualized Loss Expectancy
- • Single Loss Expectancy
- • Annual Rate of Occurrence
Best for: Business justification, ROI calculations
Qualitative Analysis
Uses ratings and categories to assess risk.
- • High/Medium/Low ratings
- • Risk matrices
- • Expert judgment
- • DREAD scoring
Best for: Quick assessments, prioritization
Risk Matrix
| Low Impact | Medium Impact | High Impact | |
|---|---|---|---|
| High Likelihood | Medium | High | Critical |
| Medium Likelihood | Low | Medium | High |
| Low Likelihood | Low | Low | Medium |
Data Flow Diagrams (DFDs)
DFDs are essential for architecture risk analysis. They visualize how data moves through a system and help identify where security controls are needed.
DFD Elements
- □ External Entity - Outside the system boundary
- ○ Process - Transforms data
- ═ Data Store - Persists data
- → Data Flow - Movement of data
- - - Trust Boundary - Security perimeter
DFD Levels
- Level 0: Context diagram - System as single process
- Level 1: Major subsystems and data flows
- Level 2: Detailed view of each subsystem
- Level 3+: Granular component analysis
Architecture Review Checklist
Authentication & Identity
- ☐ How are users authenticated?
- ☐ How are service-to-service calls authenticated?
- ☐ Where are credentials stored?
- ☐ Is MFA implemented for sensitive operations?
Authorization & Access Control
- ☐ What authorization model is used (RBAC, ABAC, etc.)?
- ☐ Where are authorization decisions made?
- ☐ How is privilege escalation prevented?
- ☐ Are there admin backdoors?
Data Protection
- ☐ Is sensitive data encrypted at rest?
- ☐ Is data encrypted in transit (TLS 1.2+)?
- ☐ How are encryption keys managed?
- ☐ What data classification levels exist?
Logging & Monitoring
- ☐ What security events are logged?
- ☐ Are logs protected from tampering?
- ☐ Is there real-time alerting for security events?
- ☐ How long are logs retained?