Calypso Security Guide

VERSION 16.1
February 2019 – First Edition

The security of your Calypso installation is critical; however, it is not just a switch that one flips. Securing
Calypso is a complex process and requires work across multiple layers, including but not limited to
factors external to Calypso like the networking infrastructure to providing the right controls at the user
level.
Calypso has a global client base of regulated financial institutions. Regulations differ from country to
country and securing Calypso could require compliance with local guidelines resulting in customizations
specific to those requirements.
Certain elements of security involve the use of features and functions outside of the Calypso software,
for example, our recommendation that terminal servers like Citrix are used for the client-side binaries.
This guide does not replace the Calypso user documentation. Please familiarize yourself with the
following documents prior to your implementation.
• Calypso Out-of-the-box Installation Guide
• Calypso Developer’s Guide
• Calypso Security User Guide

Revision date Comments

February 2019 First edition for Version 16.1.

© 2 0 1 9 | Calypso Confidential - Copyright © Calypso Technology, Inc. All Rights Reserved

Calypso is a registered trademark of Calypso Technology, Inc. The Calypso logo is a trademark of Calypso
Technology, Inc. All other trademarks and service marks are the property of their respective holders.
2 Calypso Security Guide

Contents
Section 1. Introduction ......................................................................................................... 3
Section 2. A Robust and Secure Architecture .................................................................... 3
Section 3. Security and Access Permissions ..................................................................... 4
3.1 Calypso User Security.................................................................................................................... 4
3.2 Service Security ............................................................................................................................. 4
3.3 Application Security ...................................................................................................................... 4
3.4 Logon/Authentication ................................................................................................................... 5
3.4.1 Calypso System Login ................................................................................................................ 5
3.4.2 Cipher Suites ............................................................................................................................. 5
Section 4. Network Security ................................................................................................ 6

© 2 0 1 9 | Calypso Confidential - Copyright © Calypso Technology, Inc. All Rights Reserved

Calypso Security Guide 3

Section 1. Introduction
This document provides a high-level overview of Calypso’s security model. The following terms will be
useful in order to understand the remainder of this document:
• Authentication is the process by which a system verifies the identity of a user accessing the
system. This is used to ensure non-trusted users do not access the system. This identity is then
used as the basis of enforcing the application’s access control.

• Authorization is the process by which a system leverages a series of access control rules defined
by administrators in order to grant or restrict access to resources, actions and/or data.

• JAAS is a part of Java’s security standards, which standardizes the API for authentication and
authorization. This standard is leveraged by most application servers to provide a simple
extensible mechanism to separate authentication implementations from the application and
simplify the addition of new and replacement of existing authentication implementations of the
application.
Oracle provides detailed documentation on the JAAS specification:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html

Section 2. A Robust and Secure Architecture

Calypso security is ensured by a combination of out-of-the-box features and specific deployment
guidelines. Calypso standard third-party tools (RDBMS, Java and Application Servers’ infrastructure)
bring in industry-standard security. The use of JAAS (see definition above) adds stricter compliance to
security standards. Some of the other benefits are:
• 100% Java – Calypso is built entirely in the Java programming language and thus inherently
benefits from some exploit protection such as buffer overflows.

• De-coupled architecture – The Calypso platform is an N-tiered architecture consisting of Java-

based server-side components that provide services for the trading applications exposed as both
Java-based desktop applications and web applications. Users do not have direct access to the
RDBMS and all queries are performed by the Calypso Data Server. This offers Calypso an
opportunity to set up controls to protect from SQL injection attacks.

• Standard technologies – Calypso uses standard Java Enterprise Application Servers (JBoss EAP)
for all server-side components and relies upon the security features provided by the Application
Server for authentication, authorization and connection privacy. These include SSL support and
standard JAAS APIs for the authentication providers.

• Non-privileged user space – Calypso runs in the user space (i.e. it does not require any specific
OS privileges). This guarantees that a proper hardening of the application can be put into place
when installing the application.
4 Calypso Security Guide

Section 3. Security and Access Permissions

Calypso has a sophisticated access control mechanism that enables organizations to define at a fine level
of granularity exactly what users can and cannot do. Calypso also provides a field level audit trail of all
changes made in the system. All persistent data in Calypso is stored in robust databases like Oracle and
Sybase and runs on UNIX, Linux and Windows operating systems. As noted above, these databases and
operating systems have provisions for specifying security rules as well, which can complement the
security features built into Calypso. Calypso can also be run without any security features as is typically
done during the development or test phase.

3.1 Calypso User Security

User security is described in detail in the Calypso Security User Guide.
The primary supported features are:
• User maintenance, including user groups and user password maintenance
Please refer to sections 2.2: Specifying Groups and 2.3: Specifying Users Using Calypso of the
Calypso Security User Guide for details.

• Access permissions, which control the ability to restrict what individual users can and cannot do
Please refer to section 2: Access Permissions of the Calypso Security User Guide for details.

• Setup authorizations for all modified static data, commonly referred to as the “4-eyes principle”
Please refer to section 5: Data Authorization of the Calypso Security User Guide for details.

• Audit all types of data and compare versions

Please refer to section 8: Data Auditing of the Calypso Security User Guide for details.
Application servers allow organizations to implement custom security and authorization procedures
using JAAS.

3.2 Service Security

All services in the platform are secured by the Application Server security domain. Each incoming
request is intercepted by the Application Server security interceptors and validated against the login
module configured in the security domain.
All server-side components can be configured to expose their services through Secure Socket Layer (SSL)
in order to protect the information flowing over the wire.
Please refer to sections 6: SSL Configuration of the Calypso Out-of-the-box Installation Guide for
details.

3.3 Application Security

Calypso’s rich desktop applications are usually deployed via Citrix “remoting”. Calypso has detailed
documentation on the hardening procedures expected on the Citrix farm. Web applications are hosted
within servers that enforce an additional layer of security.
Please refer to the Citrix Hardening Guide for more information

© 2 0 1 9 | Calypso Confidential - Copyright © Calypso Technology, Inc. All Rights Reserved

Calypso Security Guide 5

All applications can be configured to timeout after some level of inactivity. On top of strong data
validation, desktop applications are layered with input traps that ensure SQL injection characters are not
allowed in valid characters in form fields. The Calypso documentation provides guidelines for database
hardening and secure system administration.
Please refer to the following sections of the Calypso Out-of-the-box Installation Guide for details.
• 21: SQL Injection Detection Framework
• 18.2: Database Hardening
• 18.3: Calypso Application Security

3.4 Logon/Authentication

3.4.1 Calypso System Login

Calypso provides a default login module. The user logs in by providing a username and password that
are authenticated on the server. The password is encrypted and passed as a hashed value, rather than
the password itself; this is then compared to the hashed value stored in the database. The password
itself is not passed across the network as clear text.
Please refer to section 1.2: Logon/Authentication of the Calypso Security User Guide for details.
You can also provide a custom password validation routine. Your routine could prevent a user from re-
using a previous password or from choosing a "forbidden" password (dictionary words, etc.), for
example. To do so, you would implement your validation routine using the CustomPasswordValidator
API.
Calypso’s server-side services are deployed as EJBs inside J2EE Application Server. Calypso automatically
configures the Application Server to authenticate all incoming calls against a standard JAAS Login
Module provided. The default login module configured in Calypso is the Database JAAS Login Module.
This Login Module leverages SQL statements provided in the Application configuration files in order to
load the user details and roles from the Calypso data-model and authenticate each request.
Please refer to section 19.2: How to Customize Password Encryption – Login of the Calypso
Developer’s Guide for details on implementing a custom password validation routine.

3.4.2 Cipher Suites

There are a number of cryptographic primitives made available by JBoss for use as building blocks to
form cipher suites. Recommended and market standard options are listed below:
• RSA with 2048-bit keys and OAEP
• AES-128 in CBC mode
• SHA-256
• HMAC-SHA-256
• HMAC-SHA-1
• RSA with key sizes larger than 1024 and legacy padding
• AES-192 AES-256 3DES (triple DES, with two or three 56-bit keys)
• RC4 (for legacy)
• HMAC-MD5
6 Calypso Security Guide

Section 4. Network Security

Calypso communication between its components is based on TCP/IP and occurs within configured ports
and is firewall-friendly. Communication maintains session tokens to prevent from session hijacking.
Depending on the requirement, Calypso deployment can be hardened to the desired level of security.
Calypso’s communication relies on messaging and remoting (i.e. service-level Remote Method
Invocation), both of which are implemented by JBoss. The configuration of SSL for these communication
channels is thus standard and well documented. SSL communication can make use of standard X.509
certificates, thus reusing existing certification from the customer organization.

© 2 0 1 9 | Calypso Confidential - Copyright © Calypso Technology, Inc. All Rights Reserved