System Assurance. Beyond Detecting. Vulnerabilities. Djenana Campara. Nikolai Mansourov

Transcription

1 System Assurance Beyond Detecting Vulnerabilities Nikolai Mansourov Djenana Campara ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SYDNEY TOKYO Morgan Kaufmann Publishers is an Imprint of Elsevier

2 Contents Foreword Preface xiii xv CHAPTER 1: Why hackers know more about our systems Operating in cyberspace involves risks Why hackers are repeatedly successful What are the challenges in defending cybersystems? Difficulties in understanding and assessing risks Complex supply chains Complex system integrations Limitations of system assessment practices Limitations of white-box vulnerability detection Limitations of black-box vulnerability detection Where do we go from here? Systematic and repeatable defense at affordable cost The OMG software assurance ecosystem Linguistic modeling to manage the common vocabulary Who should read this book? 21 CHAPTER 2: Confidence as a product Are you confident that there is no black cat in the dark room? The nature of assurance Engineering, risk, and assurance Assurance case Contents of an assurance case Structure of the assurance argument Overview of the assurance process Producing confidence Economics of confidence 45 CHAPTER 3: How to build confidence Assurance in the system life cycle Activities of system assurance process Project definition Project preparation 58

3 viii Contents CHAPTER 4: CHAPTER 5: Assurance argument development Architecture security analysis Discover system facts Threat identification Safeguard identification Vulnerability detection Security posture analysis Evidence analysis Assurance case delivery 78 Knowledge of system as an element of cybersecurity argument What is system? Boundaries of the system Resolution of the system description Conceptual commitment for system descriptions System architecture Example of an architecture framework Elements of system System knowledge involves multiple viewpoints Concept of operations (CONOP) Network configuration System life cycle and assurance System life cycle stages Enabling systems Supply chain System life cycle processes The implications to the common vocabulary and the integrated system model 108 Knowledge of risk as an element of cybersecurity argument Introduction Basic cybersecurity elements Assets Impact Threats Safeguards Vulnerabillities Risks Common vocabulary for threat identification Defining discernable vocabulary for Assets Threats and hazards 123

4 Contents Defining discernable vocabulary for injury and impact Defining discernable vocabulary for threats Threat scenarios and attacks Defining discernable vocabulary for vulnerabilities Defining discernable vocabulary for safeguards Risk Systematic threat identification Assurance strategies Injury argument Entry point argument Threat argument Vulnerability argument Security requirement argument Assurance of the threat identification 145 CHAPTER 6: Knowledge of vulnerabilities as an element of cybersecurity argument Vulnerability as a unit of knowledege What is vulnerability? The history of vulnerability as a unit of knowledge Vulnerabilities and the phases of the system life cycle Enumeration of vulnerabilities as a Knowledge product Vulnerability databases US-CERT Open source vulnerability database Vulnerability life cycle NIST Security content automation protocol (SCAP) ecosystem Overview of SCAP ecosystem Information exchanges in SCAP ecosystem 166 CHAPTER 7: Vulnerability patterns as a new assurance content Beyond current SCAP ecosystem Vendor-neutral vulnerability patterns Software fault patterns Safeguard clusters and corresponding SFPs 179

5 X Contents Authentication Access control Privilege Direct injury clusters and corresponding SFPs Information leak Memory management Memory access Path resolution Tainted input Example software fault pattern 186 CHAPTER 8: OMG software assurance ecosystem Introduction OMG assurance ecosystem: toward collaborative cybersecurity 193 CHAPTER 9: Common fact model for assurance content Assurance content The objectives Design criteria for information exchange protocols Trade-offs Information exchange protocols The nuts and bolts of fact models Objects Noun concepts Facts about existence of objects Individual concepts Relations between concepts Verb concepts Characteristics Situational concepts Viewpoints and views Information exchanges and assurance Fact-oriented integration Automatic derivation of facts The representation of facts Representing facts in XML Representing facts and schemes in Prolog The common schema System assurance facts 227

6 Contents CHAPTER 10: Linguistic models Fact models and linguistic models Background Overview of SBVR How to use SBVR Simple vocabulary Vocabulary entries Statements Statements as formal definitions of new concepts Definition of a noun concept Definition of a verb concept The general concept caption SBVR vocabulary for describing elementary meanings SBVR vocabulary for describing representations SBVR vocabulary for describing extensions Reference schemes SBVR semantic formulations Defining new terms and facts types using SBVR 250 CHAPTER 11: Standard protocol for exchanging system facts Background Organization of the KDM vocabulary Infrastructure layer Program elements layer Resource layer Abstractions layer The process of discovering system facts Discovering the baseline system facts Inventory views Inventory viewpoint vocabulary in SBVR Build views Data views UI views Code views Code views: elements of structure 274

7 xii Contents Code views: elements of behavior Micro KDM Platform views Event views Performing architecture analysis Structure views Conceptual views Linguistic viewpoint Behavior viewpoint 297 CHAPTER 12: Case study Introduction Background Concepts of operations Executive summary Purpose Locations Operational authority System architecture Clicks2Bricks Web server Database server SMTP server System assumptions External dependencies Implementation assumptions Interfaces with Other Systems Security assumptions External security notes Internal security notes Business vocabulary and security policy for Clicks2Bricks in SBVR Building the integrated system model Building the baseline system model Enhancing the baseline model with the system architecture facts Mapping cybersecurity facts to system facts Assurance case 330 Index 337