Protection is one of the fundamental issues in system architecture. Layered architecture is used to provide protection. The critical protected assets are placed at a lowest level in the system, with various layers of protection around them.
Let us consider the example of patient record system in which the critical assets to be protected are the records of individual patients. In order to access the assets of patient records, an attacker has to penetrate three system layers. As it is difficult to penetrate all the layers, protection increases. So the layered architecture improves security.
The three layers that an attacker has to go through to access and modify patient records are:
1. Platform-level protection involves user signing to a particular computer and also includes integrity of files on the system, backups, etc.
2. Application level protection involves a user accessing the application, being authenticated and getting authorization for viewing or modifying data. Application-specific integrity management support is available.
3. Record level protection involves checking that a user is authorized to carry out the requested operations on that record. Protection at this level might also involve encryption to ensure that records cannot be browsed using a file browser.