Security Engineering for Software

Similar documents
Quality Software Requirements By J. Chris Gibson

Security: The Key to Affordable Unmanned Aircraft Systems

Secure Development Lifecycle

CYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun

4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints

CS 307: Software Engineering. Lecture 10: Software Design and Architecture

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Advanced Security Tester Course Outline

CS 356 Operating System Security. Fall 2013

Chapter 9 Quality and Change Management

Pearson Education 2007 Chapter 9 (RASD 3/e)

Lecture 15 Software Testing

Chapter 9. Firewalls

CS6501: Great Works in Computer Science

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Quality Software Requirements By J. Chris Gibson

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Using Threat Modeling To Find Design Flaws

Is Your Web Application Really Secure? Ken Graf, Watchfire

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

Assuring Certainty through Effective Regression Testing. Vishvesh Arumugam

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

Chapter 5: Vulnerability Analysis

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

This tutorial also elaborates on other related methodologies like Agile, RAD and Prototyping.

COMPUTER NETWORK SECURITY

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Transforming Security from Defense in Depth to Comprehensive Security Assurance

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

MIS Week 9 Host Hardening

Component-Based Software Engineering TIP

Why testing and analysis. Software Testing. A framework for software testing. Outline. Software Qualities. Dependability Properties

Device Discovery for Vulnerability Assessment: Automating the Handoff

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

TEL2813/IS2820 Security Management

Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO

Carbon Black PCI Compliance Mapping Checklist

Top-Down Network Design

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Security Management Models And Practices Feb 5, 2008

COMPUTER NETWORK SECURITY

Best Practices in ICS Security for System Operators

Continuously Discover and Eliminate Security Risk in Production Apps

CS SOFTWARE ENGINEERING QUESTION BANK SIXTEEN MARKS

CompTIA Cybersecurity Analyst+

Outline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines

SE 2730 Final Review

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

deep (i) the most advanced solution for managed security services

Automated Acceptance Testing

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief

Objectives of the Security Policy Project for the University of Cyprus

WHY TEST SOFTWARE?...

align security instill confidence

Introduction to Software Specifications and Data Flow Diagrams. Neelam Gupta The University of Arizona

Information Security Policy

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Practical Guide to Securing the SDLC

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

Test Automation. Fundamentals. Mikó Szilárd

VETRI VINAYAHA COLLEGE OF ENGINEERING AND TECHNOLOGY DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

INFORMATION ASSURANCE DIRECTORATE

10. Software Testing Fundamental Concepts

Test design techniques

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Adaptive Authentication Adapter for Juniper SSL VPNs. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Lecture 4: Threats CS /5/2018

University of Pittsburgh Security Assessment Questionnaire (v1.7)

IBM SmartCloud Notes Security

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Write perfect C code to solve the three problems below.

Cyber Security Maturity Model

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Certified Software Quality Engineer Preparation On Demand, Web-Based Course Offered by The Westfall Team

Course 834 EC-Council Certified Secure Programmer Java (ECSP)

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

(See related materials in textbook.) CSE 435: Software Engineering (slides adapted from Ghezzi et al & Stirewalt

Information Security Management System

Secure Development Processes

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Bachelor of Science in Business Administration - Information Systems and Technology Major

What is Penetration Testing?

Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED

Building Security Into Applications

Sample Exam Syllabus

T22 - Industrial Control System Security

Building Secure Systems

Cloud Under Control. HyTrust Two-Man Rule Solution Brief

LECT 8 WEB SECURITY BROWSER SECURITY. Repetition Lect 7. WEB Security

90% of data breaches are caused by software vulnerabilities.

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

The Need for Confluence

Courses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Transcription:

Security Engineering for Software CS996 CISM Jia An Chen 03/31/04

Current State of Software Security Fundamental lack of planning for security Most security issues come to light only after completion of the development. As a result, security is often managed in an adhoc fashion, as an afterthought Examples: Almost every company buys some kind of security infrastructure, such as firewalls, VPNs, IDS Many companies perform penetration tests and automated security scans

Security should be done EARLY @stake: Findings indicate that significant cost savings and other advantages are achieved when security analysis and secure engineering practices are introduced early in the development cycle.

Integrating security into software lifecycle Engineering software to implement security features Security Features Vs. Robustness Engineering software to be safe

Requirement Phase Security is like adding brakes to cars. The purpose of brakes is not to stop you: it s to enable you to go fast! --- Gene Spafford A security requirement is complementary to the functional requirement of a system. It is a manifestation of a high-level organizational policy into the detailed requirements of a specific system. Security requirements should be based on an analysis of the assets and services to be protected and the security threats from which these assets and services should be protected.

Quality Properties of Requirements Design Independent - A software requirement is free of design and implementation decisions except in the form of a constraint Unambiguous - A requirement is unambiguous if it has only one possible interpretation Precise - A requirement is precise if it exactly defines a behavioral aspect of the software including data sets and ranges for outputs and inputs Understandable - A requirement is understandable if it accurately conveys the requirement to its intended audience. Traceable - Any document that references the requirement must be identifiable Verifiable - A requirement is verifiable if there is a quantifiable or observable effect of the software that is directly expressed by the requirement.

Quality Properties of Requirements Prioritized - Unless all requirements are of equal importance a requirement should be ranked by priority. Complete Include all the information needed to produce a design description of the software and no more. everything that the software is supposed to do is represented in the document, software responses to all possible classes of input in all possible situations is described, all references are made, pages numbered and terms are defined. Consistent - There are no contradictory statements between the requirement statements contained within. Organized - Requirements are arranged in such a way that readers can easily locate information Modifiable - Requirements are organized in such a way that it is easy to change.

Requirement Engineering Process Requirements Elicitation Requirements Analysis Modeling the requirements and writing the specification Verification of the requirements

Requirements Elicitation Collect data about the overall system and its operational characteristics Negotiate with the customer on feasibility issues of attributes or other requirements Through surveys of, and interview with users of the software

Requirements Analysis The process of evaluating existing conditions that represent the primary motivation of the problem domain as evidenced by data gathered during the requirements elicitation phase Derive security requirements Confidentiality Integrity Availability

Requirements Modeling and Specification The process of presenting and formalizing the requirements in a document format The goal is to communicate user needs to the system developers Security Requirements Role requirements Security Use Cases and Misuse Cases

Security Use Cases and Misuse Cases

Requirements Verification The process of ensuring that the allocation of the overall system requirements is appropriate and correct Examination of the project documentation Evaluation of product testability Interface analysis

Design Phase A period of time during which the designs are made for architecture, software components, interfaces, and data are created, documented, and verified to satisfy requirements. General Design Concepts Data Abstraction Procedural Abstraction Stepwise Refinement Modular Design Cohesion Coupling Information Hiding Design testing Documentations procedural design interface design modular design data structure & algorithms architectural design

Model Driven Security SecureUML Strives to integrate security requirements with the design of the system Extends UML to include the explicit modeling of security dimensions like authentication, access control, etc. Use the same principles of software design to solve security-related problems in making software systems more secure

Sample SecureUML

Design with security Defense in depth Manage risk with multiple defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense will, ideally, prevent a full breach Compartmentalization Break the system up into as many isolated units as possible, in order to minimize the amount of damage that can be done to a system when an unit is compromised Least privilege Only the minimum access necessary to perform an operation should be granted, and that access should be granted only for the minimum amount of time necessary

Implementation Phase Process of translating the detailed design into code Know what you do Read documentation Thorough testing Understand underlying mechanisms Common security bugs Buffer overflow Format string attack Race condition False assumption

Implementation Phase Best programming practice Be paranoia: don t trust anything Robustness: assume the user is an idiot, so protect everything because the evil guy is not a common user. (check all user inputs) Make no assumption: don t suppose something would never happen, never say never

Software Security Configuration Management Defined as the art of identifying, organizing, and controlling modifications to software Programming standards and controls Documentation Change controls Tools: Concurrent Versions System (CVS) Example: Bugs sometimes creep in when software is modified, and you might not detect the bug until a long time after you make the modification.

Software Security Software security mechanisms to protect information Internal labeling Application security features Audit trails and logging Need-to-know controls Malicious logic protection

Maintenance Phase Maintenability has to be built into a product from the very beginning and must not be compromised at any time during the development process Three types of maintenance Corrective Perfective Adaptive Management of Maintenance Fault reports Authorizing changes to the product Ensuring maintenability

Software Testing Step 1 Planning Understanding the application and its requirements Develop testing plan Develop test cases Step 2 Execution Execute test cases Performing identification and investigation Performing fix validation on resolved issues Step 3 Reporting Document issues found

Software Testing Black box testing Test of the externally observable behavior of the system No knowledge of internal structure needed Tools: PROTOS White box testing Test the internal interaction between components of a system Requires detailed knowledge of structure Tools: RATS, FlawFinder, ITS4

Regression Testing Retesting of a software system that has been modified to ensure that any bugs have been fixed and that no other previously working functions have failed as a result of the bug fixes and that newly added features have not created problems with previous versions of the software Regression Test Framework A repository which maintains the test cases and allows the test cases to be run

Regression Testing Comprehensive Regression Testing A general regression test suite that provides for a comprehensive retest of most or all of the application Selective Regression Testing Selectively retesting the system based on the modules that were changed or the modules to which an interface was changed

Selective Regression Testing The selection of test cases for regression testing Requires knowledge on the bug fixes and how it affect the system Includes the area of frequent defects Includes the area which has undergone many/recent code changes Includes the area which is highly visible to the users Includes the core features of the product which are mandatory requirements of the customer

Mobile Code Technology which allows for the creation of executable information which can be delivered to an information system and then directly executed on any hardware/software architecture which has an appropriate host execution environment Malicious Mobile Code Trusted Source Trusted networks, e.g. SIPRNET & JWICS a digital signature over the mobile code itself using either DoD or IC-approved PKI certificate a commercial certificate approved by either the DoD CIO or the IC CIO; or authentication of the source of the transfer by public key certificate (e.g., S/MIME, SSL web server)

Mobile Code Technologies Category 1 Mobile code that can exhibit broad functionality using unmediated access to services and resources of workstations, hosts and remote systems (Active X, Visual Basic for Applications (VBA), Windows Scripting Host, when used as mobile code ) Category 2 Mobile code that has full functionality using mediated or controlled access to services and resources of workstations, hosts and remote systems (Java Applets and other Java Mobile Code, LotusScript, Postscript)

Mobile Code Technologies Category 3 Mobile code that has limited functionality, with no capability for unmediated or uncontrolled access to services and resources of workstations, hosts and remote systems (JavaScript, VBScript, PDF files, Shockwave/Flash ) Others that are not considered true mobile code XML QuickTime Web server scripts that execute on a server (Java servlets, Java Server Pages, CGI, Active Server Pages, CFML, PHP, SSI, server-side JavaScript, server-side Lotus Script)

Review Current State of Software Security Requirement Phase Design with security Software Testing Mobile Code

References @stake Strategic Security Resources (http://www.atstake.com/research/strategic_security/) Donald G. Firesmith, Security Use Cases, JOURNAL OF OBJECT TECHNOLOGY, Vol. 2, No. 3, May-June 2003 J. Chris Gibson, Quality Software Requirements applab Technologies, (http://www.applabs.com/funtionality.htm) J. Chris Gibson, Quality Software Requirements, Regression Testing Framework and Strategy DOD Malicious Code Prevention http://web.umr.edu/~umreec/web-courses/cs306/lecturenotes/chapter13.pdf http://www-106.ibm.com/developerworks/security/library/s-fail.html http://www-106.ibm.com/developerworks/security/library/s-priv.html http://www.cvshome.org/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback