Engineering Secure Software. Taher El-Gamal, inventor of SSL Security professionals always struggle with the general public because usability always wins.

Slides:

Advertisements

Similar presentations

User-Driven Access Control Rethinking Permission Granting in Modern OSes Franziska Roesner, Tadayoshi Kohno University of Washington Alexander Moshchuk,

Advertisements

Programming Paradigms and languages

ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Java.  Java is an object-oriented programming language.  Java is important to us because Android programming uses Java.  However, Java is much more.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

1 An Overview of Computer Security computer security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

05-899/ Usable Privacy and Security Colleen Koranda February 7, 2006 Usable Privacy and Security I.

Graphical Passwords with Integrated Trustworthy Interface TIPPI Workshop June 19, 2006 Patricia Lareau V P Product Management.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

Chapter 5 Attention and Memory Constraints Presentation By: Sybil Calvillo.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.

Understanding Task Orientation Guidelines for a Successful Manual & Help System.

Introduction 01_intro.ppt

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

“Automate Anything You See” Uses image recognition to identify and control GUI components Useful when there is no easy access to a GUI's internal or source.

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.

CS CS 5150 Software Engineering Lecture 18 Security.

 Knowledge Acquisition  Machine Learning. The transfer and transformation of potential problem solving expertise from some knowledge source to a program.

References  Cranor & Garfinkel, Security and Usability, O’Reilly  Sasse & Flechais, “Usable Security: Why Do We Need It? How Do We Get It?”  McCracken.

The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

USER DRIVEN ACCESS CONTROL: RETHINKING PERMISSION GRANTING IN MODERN OPERATING SYSTEM Presentation by: Manik Challana Presented at : IEEE Symposium on.

“TK8 Safe” – Easy-to-use, secure password manager Download a free trial copy: Product Info Highlights TK8 Safe is a perfect password manager.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Security CS Introduction to Operating Systems.

INTERNET SAFETY FOR KIDS

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

Understanding Users Cognition & Cognitive Frameworks

Jawaharlal Nehru National College of Engineering, Shimoga – Department of Computer Science & Engineering Technical Seminar on, Under the guidance.

ECE450 - Software Engineering II1 ECE450 – Software Engineering II Today: Introduction to Software Architecture.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Stein-65 Slide 1 PW security measures PWE3 – 65 th IETF 10 November 2005 Yaakov (J) Stein.

Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.

Intro This paper explores various authentication systems to see if it is possible for any one of them to be deemed cheap, practical and secure enough to.

Design Reuse Earlier we have covered the re-usable Architectural Styles as design patterns for High-Level Design. At mid-level and low-level, design patterns.

Yonglei Tao School of Computing & Info Systems GVSU Ch 7 Design Guidelines.

Chapter 5:User Interface Design Concepts Of UI Interface Model Internal an External Design Evaluation Interaction Information Display Software.

Software Reuse Course: # The Johns-Hopkins University Montgomery County Campus Fall 2000 Session 4 Lecture # 3 - September 28, 2004.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.

Software Quality Assurance and Testing Fazal Rehman Shamil.

Java How to Program, 9/e Presented by: José M. Reyes Álamo © by Pearson Education, Inc. All Rights Reserved.

CSCE 201 Identification and Authentication Fall 2015.

From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:

ZIMBRA ROADMAP. Contains proprietary and confidential information owned by Synacor, Inc. © / 2015 Synacor, Inc. Deliver an advanced, feature rich collaboration.

SteLLLa2.0 Final Meeting, Avignon SMS group. Structured Dialogic Design Process SDDP Face-to-face session in Geel Virtual synchronous online session via.

From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.

Effective Password Management Neil Kownacki. Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect.

Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0

Usability Overview Upsorn Praphamontripong CS

Chapter 1: Introduction

Network security threats

ASSESSMENT OF STUDENT LEARNING

CMPE419 Mobile Application Development

Research for Cyber Security Warwick University Industry Day 2018

Engineering Secure Software

Operating System Concepts

CMPE419 Mobile Application Development

Getting Started With LastPass Enterprise

Presentation transcript:

Engineering Secure Software

Taher El-Gamal, inventor of SSL Security professionals always struggle with the general public because usability always wins.

Users are NOT the Enemy  Security mechanisms are designed, implemented, applied, and breached by people. Human Factors is a key. Hackers can leverage human factors too. e.g. social engineering, “rubber hose cryptanalysis”  Why do users not adhere to security criteria? Lack of security knowledge Lack of motivation Users are guided by what they actually see—or don’t. Not considering human factors wrt security mechanisms. e.g. constantly changing passwords

Do not overload users’ memory  Human memory has limitations of about 7 items Balloon Giraffe Sphinx Ball Moon Jerry Alex India Chair Graph Be Pluto Daisy All Train Byte Lime Fact Screen Zoo

Do not overload users’ memory  Users will use externalization to cope Sticky notes, password managers Facilitates insider attacks

Human Factors  Minimize the mental workload for the user Recognition rather than recall (e.g. recognize images) Forgiving mechanisms (93% successful login with 9 th attempt) ○ Realistic security vs. theoretical security ○ Resetting passwords overload helpdesks ○ Delay logins instead of lockouts

Human Factors  Awkward behavior Example: organizations mandate that users must lock their screens when leaving their desks, even for brief periods Users will not comply with security mechanisms that conflicts with their values, or self-image Solution: label such behaviors positively

Usability of Permission Granting  Global resources e.g. Smartphones expose a global clipboard to apps User friendly violates least-privilege  Manifests (Android, Win phone) Out of context: Checked at time of install, not time of use. Disruptive: Only prompted at first use to avoid prompt-fatigue. Violates least-privilege  Prompts (iOS, browsers) Used to verify user intent Repetitiveness teaches users to ignore them (prompt fatigue)  User- driven access control Via access control gadgets Captures user’s intent, minimize interaction Enables in-context, non- disruptive, and least-privilege permission granting

Usability of Authentication Mechanisms

 Attacked by phishing  Protection software: Password Alert Chrome extension

Usability of Authentication Mechanisms: Graphical passwords  Categorized by memory task: recall-based (drawmetric systems) ○ Users recall and reproduce a secret drawing (on grid, canvas) ○ Drawbacks: phishing, easy to guess (users draw their initials)

Usability of Authentication Mechanisms: Graphical passwords  Categorized by memory task: Recognition-based (cognometric systems) ○ Users memorize a portfolio of images during password creation, and then recognize their images from among decoys to log in ○ More difficult to be attacked by phishing ○ Drawbacks: password space is small, shoulder-surfing

Usability of Authentication Mechanisms: Graphical passwords  Categorized by memory task: cued-recall (locimetric systems) ○ Easier memory task than pure recall ○ Users remember and target specific locations in an image ○ Tolerance area 14x14 pixels ○ Vulnerable to hotspots and simple geometric patterns in images

Vulnerabilities are a Usability Problem  Every developer mistake could be justified as a usability mistake, e.g. misusing C  SW vulnerabilities are blind spots in developer’s heuristic-based decision- making processes Humans use heuristics (simple computational models) to find feasible (not optimized) solutions quickly due to: ○ Limitation of working memory ○ Cognitive effort

Development Tools Can Help  Reusable components that accomplish a single task Example: SSL/TSL implementations (e.g. Java, OpenSSL)  Security information should reach users (App developers) when they need it, on the spot Example: IDEs, text editors, browsers, compilers, etc. bring security information while coding

An Example from PGP  From “Why Johnny Can’t Encrypt”, USENIX 1999 by Whitten et al.  Advanced technical users failed to encrypt and decrypt their mail using PGP 5.0, even after receiving instruction and practice. Encryption concept is complex Terminology employed is fundamentally at odds with everyday language (e.g. key, private, public)  Corroborated by similar studies

Usable OpenSSL  Confusion  OpenSSL is an open source implementation for SSL, TLS, cryptography library, written in C. Easy to use for simple encryption Becomes synonym for “secure” To encrypt the text “I love OpenSSL!” with the AES algorithm using CBC mode and a key of 256 bits that is computed from the password “hello”: To decrypt:

Reminders  End users are humans  Developers are humans  Humans have memory limitations  Humans have cognitive limitations  If security will complicate the system, humans will probably not use it  Security designers forget that users are humans, while attackers do not!