development lifecycle & Principles

Slides:

Advertisements

Similar presentations

CS5038 The Electronic Society

Advertisements

Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.

1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Chapter 1 Introduction to Security

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Storage Security and Management: Security Framework

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

BUSINESS B1 Information Security.

Computer & Network Security

Attacking Applications: SQL Injection & Buffer Overflows.

Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Engineering Essential Characteristics Security Engineering Process Overview.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Information Security What is Information Security?

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Module 11: Designing Security for Network Perimeters.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Computer Security By Duncan Hall.

Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.

Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.

Security Issues in Information Technology

CS457 Introduction to Information Security Systems

Securing Network Servers

SE-1021 Software Engineering II

Information Security, Theory and Practice.

TMG Client Protection 6NPS – Session 7.

Module: Software Engineering of Web Applications

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Design for Security Pepper.

Security Standard: “reasonable security”

Chapter 1: Introduction

Software Security Testing

COMPUTER SECURITY CONCEPTS

Secure Software Confidentiality Integrity Data Security Authentication

EN Lecture Notes Spring 2016

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

Chapter 5 Electronic Commerce | Security

Uses Uses of cryptography Lab today on RSA

Chapter 5 Electronic Commerce | Security

How to Mitigate the Consequences What are the Countermeasures?

CS 465 Terminology Slides by Kent Seamons Last Updated: Sep 7, 2017.

Operating System Concepts

Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment

Module 4 System and Application Security

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Engineering Secure Software

6. Application Software Security

Digital Signatures Network Security.

Definition Of Computer Security

Presentation transcript:

development lifecycle & Principles Engineering Secure Software development lifecycle & Principles

Information Systems Security The CIA Triad Source: By I, JohnManuel, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=8838636

Core Security Properties Software security breaks into these categories Confidentiality Integrity Availability Auditability or non-repudiation (some people add it as the fourth property, but we can consider it as a part of integrity) Very broad, multi-dimensional categories

Confidentiality The system must not disclose any information intended to be hidden E.g. your credit card information on a website Note: open source software can still be confidential

Integrity The system must not allow assets to be subverted by unauthorized users E.g. changing a prisoner’s release date We must be able trust what is in the system The data being stored The functionality being executed

Availability The system must be able to be available and operational to users E.g. bringing down Amazon.com These are extremely hard to protect against Any system performance degradation that can be triggered by a user can be used for denial of service attacks Concurrency issues, infinite loop, or resource exhaustion

Auditability or Nonrepudiation An actor should not be able to deny or dispute its actions For example, key-card access A party of a transaction cannot deny having received a transaction, and the other party cannot deny having sent the transaction Trusted third parties

An Example Security Incident AOL voluntarily releases data including 20 million web queries from 650,000 AOL users. Data included all searches from those users within a three month period, as well as whether they clicked on a result, and what that result was/where it appeared on the result page. Security property violated: Confidentiality

An Example Security Incident Dutch Government Identity Management Platform DigiD Disrupted by DDOS Attack. Security property violated: Availability

An Example Security Incident A secondary domain hosted by Bluehost was defaced by an opportunistic attack. We are consolidating the secondary domains in our primary provider and all domains will be pointing to our web site. Security property violated: Integrity

An Example Security Incident Hackers breach website of Hong Kong police force and publish non-public data, deface we page. Security properties violated: CIA

A Ubiquitous Concern You can make a security mistake at every step of the development lifecycle Requirements that allow for privacy violations e.g. secretary can view everyone’s patient records Introducing a design flaw, e.g. giving plug-ins total access Introducing a code-level vulnerability, e.g. buffer overflow Missing a vulnerability in code inspections & testing Introducing a vulnerability by regression in maintenance Not facilitating a secure deployment, e.g. installation defaults © 2011-2012 Andrew Meneely

Security at Every Step Requirements & Planning Design Implementation Abuse cases Risk Assessment Threat Modeling Design Architectural risk Secure design patterns Formalism Implementation Vulnerability Taxonomy Input/Output Handling Auditability Testing Penetration Testing Exploratory Testing Automated Testing Deployment Networking & Cryptography Defaults Permissions Maintenance Patching Regression Assessment

Misc. Philosophies & Proverbs Defense in depth If they break into this, they can’t get any farther Think Middle-Age castles Original meaning of “firewall”, not today’s firewall Least privilege Every user or module is given the least amount of privilege it needs Evil: sudo chmod –R a+rw /

More Misc. Philosophies & Proverbs Fail securely Exceptions put the system into weird states Error message information leak Take care of those exceptions properly! Security by obscurity You can’t rely upon being obscure to be secure Crowds are good at guessing Insiders are corruptible Some notable exceptions: passwords, encryption keys

Even More Misc. Philosophies & Proverbs Detect and record Even if you can’t always sift through that data ahead of time Post-mortem analysis Don’t trust [input | environment | dependencies | *] Know what to trust Know how to trust

Even Even More Misc. Philosophies & Proverbs Secure by default Don’t rely on your users to use it correctly Convention over configuration Keep it simple YAGNI Speculative generality can be risky Minimize the attack surface

Discussion Exercise: Spam Bot Server Suppose we had a vulnerability in the RIT mail servers where you could send a special packet and it would bypass authentication for outgoing email. This allowed attackers to send emails using any account. Which of CIA does this violate? Immediately? As a secondary consequence? Using the following philosophies, discuss how each of these can be applied here: Defense in Depth Security by obscurity Detect and record Don’t trust input