Lecture 16 Page 1 CS 236 Online Evaluating Program Security What if your task isn’t writing secure code? It’s determining if someone else’s code is secure?

Slides:



Advertisements
Similar presentations
Object Oriented Analysis And Design-IT0207 iiI Semester
Advertisements

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
4.1 Blended approaches: Information Engineering IMS Information Systems Development Practices.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Algorithms and Problem Solving. Learn about problem solving skills Explore the algorithmic approach for problem solving Learn about algorithm development.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Fundamentals of Information Systems, Second Edition
Info1409 De Montfort University1 Requirements Modelling Systems Analysis & Design Academic Year 2008/9 Info 1409 Lecture 7.
Recall The Team Skills Analyzing the Problem
Introduction to Computer Technology
Architecting secure software systems
Information Systems Security Computer System Life Cycle Security.
1 BTEC HNC Systems Support Castle College 2007/8 Systems Analysis Lecture 9 Introduction to Design.
Chapter 8: Systems analysis and design
Lecture 16 Page 1 CS 136, Fall 2012 Evaluating System Security CS 136 Computer Security Peter Reiher November 27, 2012.
CC3020N Fundamentals of Security Management CC3020N Fundamentals of Security Management Lecture 2 Risk Identification and Risk Assessment.
Lecture 31 Risk Management. Introduction Information security departments are created primarily to manage IT risk Managing risk is one of the key responsibilities.
CSCE 522 Secure Software Development Best Practices.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Lecture # 17 PRM 702 Project Risk Management Ghazala Amin
Lecture 18 Page 1 CS 136, Fall 2010 Evaluating System Security Web Security CS 136 Computer Security Peter Reiher December 2, 2010.
Practical Threat Modeling for Software Architects & System Developers
CS5103 Software Engineering Lecture 02 More on Software Process Models.
CSCE 201 Secure Software Development Best Practices.
Oktalia Juwita, S.Kom., M.MT. SYSTEMS DEVELOPMENT Dasar-dasar Sistem Informasi – IKU1102.
What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE Risk/Threat.
By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.
Threat Modeling: Employing the 5 Ws Security Series, December 13, 2013 Jeff Minelli Penn State ITS
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Introduction To System Analysis and Design
Software Development.
Algorithms and Problem Solving
CSCE 548 Secure Software Development Risk-Based Security Testing
Outline What if your task isn’t writing secure code?
Information Systems Development
Security Testing Methods
Fundamentals of Information Systems, Sixth Edition
Systems Planning and Analysis
Fundamentals of Information Systems, Sixth Edition
Architecture Concept Documents
Evaluating Existing Systems
Topic for Presentaion-2
Recall The Team Skills Analyzing the Problem
Evaluating Existing Systems
Classical Waterfall Model
FORMAL SYSTEM DEVELOPMENT METHODOLOGIES
Evaluating Program Security
What You Can Learn From System About Devepolment By: DeveloperDeveloper.
Evaluating Program Security
Evaluating System Security Computer Security Peter Reiher May 31, 2016
EECE 310 Software Engineering
Introduction to Systems Analysis and Design
Systems analysis and design, 6th edition Dennis, wixom, and roth
Systems analysis and design, 6th edition Dennis, wixom, and roth
Usability Techniques Lecture 13.
Introduction To software engineering
CS240: Advanced Programming Concepts
Analyzing Student Work Sample 2 Instructional Next Steps
S.T.A.I.R CSCI N207 Data Analysis Using Spreadsheet Lingma Acheson
Algorithms and Problem Solving
Topic 5: Communication and the Internet
Evaluating Program Security
Applying Use Cases (Chapters 25,26)
Applying Use Cases (Chapters 25,26)
Engineering Secure Software
Outline The concept of perimeter defense and networks Firewalls.
Evaluating Program Security
Presentation transcript:

Lecture 16 Page 1 CS 236 Online Evaluating Program Security What if your task isn’t writing secure code? It’s determining if someone else’s code is secure? –Or, perhaps, their overall system How do you go about evaluating code for security? Much of this material is from “The Art of Software Security Assessment,” Dowd, McDonald, and Schuh

Lecture 16 Page 2 CS 236 Online Stages of Review You can review a program’s security at different stages in its life cycle –During design –Upon completion of the coding –When the program is in place and operational Different issues arise in each case

Lecture 16 Page 3 CS 236 Online Design Reviews Done perhaps before there’s any code Just a design Clearly won’t discover coding bugs Clearly could discover fundamental flaws Also useful for prioritizing attention during later code review

Lecture 16 Page 4 CS 236 Online Purpose of Design Review To identify security weaknesses in a planned software system Essentially, identifying threats to the system Performed by a process called threat modeling Usually (but not always) performed before system is built

Lecture 16 Page 5 CS 236 Online Threat Modeling Done in various ways One way uses a five step process: 1.Information collection 2.Application architecture modeling 3.Threat identification 4.Documentation of findings 5.Prioritizing the subsequent implementation review

Lecture 16 Page 6 CS 236 Online 1. Information Collection Collect all available information on design Try to identify: –Assets –Entry points –External entities –External trust levels –Major components –Use scenarios

Lecture 16 Page 7 CS 236 Online Sources of Information Documentation Interviewing developers Standards documentation Source profiling –If source already exists System profiling –If a working version is available

Lecture 16 Page 8 CS 236 Online 2. Application Architecture Modeling Using information gathered, develop understanding of the proposed architecture To identify design concerns And to prioritize later efforts Useful to document findings using some type of model

Lecture 16 Page 9 CS 236 Online Modeling Tools for Design Review Markup languages (e.g., UML) –Particularly diagramming features –Used to describe OO classes and their interactions –Also components and uses Data flow diagrams –Used to describe where data goes and what happens to it

Lecture 16 Page 10 CS 236 Online 3. Threat Identification Based on models and other information gathered Identify major security threats to the system’s assets Typically done with attack trees

Lecture 16 Page 11 CS 236 Online Attack Trees A way to codify and formalize possible attacks on a system Makes it easier to understand relative levels of threats –In terms of possible harm –And probability of occurring

Lecture 16 Page 12 CS 236 Online A Sample Attack Tree For a web application 1. Attacker gains access to user’s personal information 1.1 Gain direct access to database 1.2 Login as target user 1.3 Hijack user session 1.4 Intercept personal data Brute force password attack Steal user credentials Exploit application hole Steal user cookie ID user connection Sniff network

Lecture 16 Page 13 CS 236 Online 4. Documentation of Findings Summarize threats found –Give recommendations on addressing each Generally best to prioritize threats –How do you determine priorities?

Lecture 16 Page 14 CS 236 Online DREAD Risk Ratings Assign number from 1-10 on these categories: Damage potential Reproducibility Exploitability Affected users Discoverability Gives better picture of important issues for each threat

Lecture 16 Page 15 CS 236 Online 5. Prioritizing Implementation Review Review of actual implementation should follow review of design Immediately, if implementation already available Later, if implementation not mature yet Need to determine how to focus your efforts in this review

Lecture 16 Page 16 CS 236 Online Why Prioritize? There are usually many threats Implementation reviews require a lot of resources So you probably can’t look very closely at everything Need to decide where to focus limited amount of attention

Lecture 16 Page 17 CS 236 Online One Prioritization Approach Make a list of the major components Identify which component each risk (identified earlier) belongs to Total the risk scores for categories Use the resulting numbers to prioritize

Lecture 16 Page 18 CS 236 Online Application Review Reviewing a mature (possibly complete) application A daunting task if the system is large And often you know little about it –Maybe you performed a design review –Maybe you read design review docs –Maybe less than that How do you get started?

Lecture 16 Page 19 CS 236 Online Need to Define a Process Don’t just dive into the code Process should be: –Pragmatic –Flexible –Results oriented Will require code review –Which is a skill one must develop

Lecture 16 Page 20 CS 236 Online Review Process Outline 1.Preassessment –Get high level view of system 2.Application review –Design review, code review, maybe live testing 3.Documentation and analysis 4.Remediation support –Help them fix the problems

Lecture 16 Page 21 CS 236 Online Reviewing the Application You start off knowing little about the code You end up knowing a lot more You’ll probably find the deepest problems related to logic after you understand things A design review gets you deeper quicker –So worth doing, if not already done The application review will be an iterative process

Lecture 16 Page 22 CS 236 Online General Approaches To Design Reviews Top-down –Start with high level knowledge, gradually go deeper Bottom-up –Look at code details first, build model of overall system as you go Hybrid –Switch back and forth, as useful

Lecture 16 Page 23 CS 236 Online Code Auditing Strategies Code comprehension (CC) strategies –Analyze source code to find vulnerabilities and increase understanding Candidate point (CP) strategies –Create list of potential issues and look for them in code Design generalization (DG) strategies –Flexibly build model of design to look for high and medium level flaws

Lecture 16 Page 24 CS 236 Online Some Example Strategies Trace malicious input (CC) –Trace paths of data/control from points where attackers can inject bad stuff Analyze a module (CC) –Choose one module and understand it Simple lexical candidate points (CP) –Look for text patterns (e.g., strcpy() ) Design conformity check (DG) –Determine how well code matches design

Lecture 16 Page 25 CS 236 Online Guidelines for Auditing Code Perform flow analysis carefully within functions you examine Re-read code you’ve examined Desk check important algorithms Use test cases for important algorithms –Using real system or desk checking –Choosing inputs carefully

Lecture 16 Page 26 CS 236 Online Useful Auditing Tools Source code navigators Debuggers Binary navigation tools Fuzz-testing tools –Automates testing of range of important values

Lecture 16 Page 27 CS 236 Online Conclusion Many computer security problems are rooted in insecure programming We have scratched the surface of the topic here Similarly, we’ve scratched the surface of auditing issues If your job is coding or auditing, you’ll need to dig deeper yourself

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.