The claim bridge

Gunnar Peterson writes a must-read post which follows up on another must-read post by Ian Grigg about how banking systems tend to be based on a "series of claims" which "meet together in a holy ring of righteous architecture. Each of the proponents claim loudly that their part is strong, but the ring has no strength. Eventually, one of the claims in the links is broken."

In his post, Gunnar points out that banks often "build a web silo and then they hook it up the legacy silo and put a wide open messaging system in between. There is no end to end security design, just silos". There is a series of claims, but each can be broken.

Often, as Gunnar has pointed out before, the messaging system front-ending a mainframe is the point of weakness in the system. These systems tend to run on a "if a message has gotten this far, then it must be trusted" basis. And, rather than thinking in terms of the overall security context (tying the end-user right back to the mainframe transaction, with an audit trail all the way), the security context tends to collapse down to a single "MQ User" at the mainframe. This is often why, perhaps the case of the account siphoning example in Ian Grigg's post, information about the user identity (withdrawing $300,000 unnoticed over the course of 15 months) was not tied back through the system [and it was left to the user, analysing their statements, to figure out that the money was being withdrawn fraudently].

One way to address this is to think about the security context over the whole transaction (i.e. across the "series of claims") and not just thinking about each step on a claim-by-claim basis. For example, this is why Vordel has worked with Risaris to map X.509 certificates to a RACF/ACF2 or Top Secret User ID. So, rather than accessing the mainframe as a "MQ User", meaningless in an audit trail and unable to benefit from the native mainframe security, access to the mainframe happens in the context of a particular user.

Freud wrote that dreams are the "Royal Road" to the unconscious. Messaging Systems and mainframes can be the Royal Road for a malicious user to attack a banking system, unless the security thinking moves from a "claim by claim" thinking to thinking about the full transaction.