The Open Source Security Myth — And How to Make it A Reality Michael Davis Dynamic Security Concepts, Incorporated Track 3, 1300 Sunday, 1 August 2004.

Slides:



Advertisements
Similar presentations
Module 1 Evaluation Overview © Crown Copyright (2000)
Advertisements

ARCH-05 Application Prophecy UML 101 Peter Varhol Principal Product Manager.
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
Design Concepts and Principles
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
Effective Design of Trusted Information Systems Luděk Novák,
IT Security Evaluation By Sandeep Joshi
Using UML, Patterns, and Java Object-Oriented Software Engineering Royce’s Methodology Chapter 16, Royce’ Methodology.
Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Security Controls – What Works
Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.
Week 7: Requirements validation Structured walkthroughs Why have walkthroughs When to have walkthroughs Who participates What procedures are helpful Thoughtless.
Capturing the requirements
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
Iterative development and The Unified process
Systems Engineering Management
1 Software Testing and Quality Assurance Lecture 1 Software Verification & Validation.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
© 2005 Prentice Hall2-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
Software Quality Assurance For Software Engineering && Architecture and Design.
What is Business Analysis Planning & Monitoring?
The Software Development Life Cycle: An Overview
S/W Project Management
Chapter 4 Interpreting the CMM. Group (3) Fahmi Alkhalifi Pam Page Pardha Mugunda.
UML - Development Process 1 Software Development Process Using UML (2)
Introduction to Software Quality Assurance (SQA)
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Verification and Validation.
Information Systems Security Computer System Life Cycle Security.
CLEANROOM SOFTWARE ENGINEERING.
N By: Md Rezaul Huda Reza n
Rational Unified Process Fundamentals Module 4: Disciplines II.
©Ian Sommerville 2000, Mejia-Alvarez 2009 Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing and testing.
Software Quality Assurance SE Software Quality Assurance What is “quality”?
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
1.  Describe an overall framework for project integration management ◦ RelatIion to the other project management knowledge areas and the project life.
Product Documentation Chapter 5. Required Medical Device Documentation  Business proposal  Product specification  Design specification  Software.
1 Common Criteria Ravi Sandhu Edited by Duminda Wijesekera.
Software Testing. What is Testing? The process consisting of all life cycle activities, both static and dynamic, concerned with planning, preparation.
CS 3610: Software Engineering – Fall 2009 Dr. Hisham Haddad – CSIS Dept. Chapter 2 The Software Process Discussion of the Software Process: Process Framework,
Quality Concepts within CMM and PMI G.C.Reddy
Software Engineering Prof. Ing. Ivo Vondrak, CSc. Dept. of Computer Science Technical University of Ostrava
Object-Oriented Software Engineering using Java, Patterns &UML. Presented by: E.S. Mbokane Department of System Development Faculty of ICT Tshwane University.
Project quality management. Introduction Project quality management includes the process required to ensure that the project satisfies the needs for which.
Capturing the requirements  Requirement: a feature of the system or a description of something the system is capable of doing in order to fulfill the.
Requirements Management with Use Cases Module 10: Requirements Across the Product Lifecycle Requirements Management with Use Cases Module 10: Requirements.
1 Common Evaluation Methodology for IT Security Part 2: Evaluation Methodology chapter 5-8 Marie Elisabeth Gaup Moe 06/12/04.
Over View of CENELC Standards for Signalling Applications
1 EMS Fundamentals An Introduction to the EMS Process Roadmap AASHTO EMS Workshop.
Chapter 1: Fundamental of Testing Systems Testing & Evaluation (MNN1063)
Project Management Risk and Quality.
TM8104 IT Security EvaluationAutumn Evaluation - the Main Road to IT Security Assurance CC Part 3.
1 SYS366 Week 1 - Lecture 1 Introduction to Systems.
Overview PRINCE Hogeschool Rotterdam. 2 Project definition  A project is a temporary organization that is created for the purpose of delivering.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.
RUP RATIONAL UNIFIED PROCESS Behnam Akbari 06 Oct
Introduction to Software Engineering 1. Software Engineering Failures – Complexity – Change 2. What is Software Engineering? – Using engineering approaches.
by: Er. Manu Bansal Deptt of IT Software Quality Assurance.
Verification vs. Validation Verification: "Are we building the product right?" The software should conform to its specification.The software should conform.
 System Requirement Specification and System Planning.
Software Project Configuration Management
The Systems Engineering Context
Lecture 9- Design Concepts and Principles
Lecture 9- Design Concepts and Principles
Stumpf and Teague Object-Oriented Systems Analysis and Design with UML
Stumpf and Teague Object-Oriented Systems Analysis and Design with UML
Presentation transcript:

The Open Source Security Myth — And How to Make it A Reality Michael Davis Dynamic Security Concepts, Incorporated Track 3, 1300 Sunday, 1 August 2004

The Open Source Security Myth — And How to Make it A Reality: Slide 2 of 22 Track August 2004 Michael Disclaimer DSCI’s Sponsorship of this speaker does not necessarily express or imply approval or endorsement of the speaker’s views. DSCI makes no promises or warranties of any kind, express or implied, including those of merchantability and fitness for a particular purpose, as to the content of this presentation. In no event shall DSCI be liable for any damages resulting from use of this presentation even if DSCI has been informed of the possibility of such liability

The Open Source Security Myth — And How to Make it A Reality: Slide 3 of 22 Track August 2004 Michael Agenda Introduction Benefits – Up Front Functional versus Assurance Assurance Model (ISO 15408) Development in Depth The Path Ahead Summary

The Open Source Security Myth — And How to Make it A Reality: Slide 4 of 22 Track August 2004 Michael Introduction Presentation Title – confessions Information Availability ≠ Security Not just an Open Source problem Benefits of Open Source Community Software Lifecycle Mistakes – also known as Status Quo Good Examples

The Open Source Security Myth — And How to Make it A Reality: Slide 5 of 22 Track August 2004 Michael Benefits – Up Front Improve Open Source Software (OSS) development –Lower the bar for project participation –Communicate design decisions –Communicate alternatives considered, but not implemented Assess Assurance –Gain confidence that the OSS does what it claims –Gain confidence that the OSS does not do what it isn’t supposed “to do”

The Open Source Security Myth — And How to Make it A Reality: Slide 6 of 22 Track August 2004 Michael Functional versus Assurance Functional Requirements and Statements Assurance Requirements and Statements The Common Criteria Model (ISO 15408) –CC Functional Requirements and Statements –CC Assurance Requirements and Statements –CC Evaluation Methodology (CEM) Roles Requirements

The Open Source Security Myth — And How to Make it A Reality: Slide 7 of 22 Track August 2004 Michael Assurance Model (ISO 15408) Configuration Management Delivery and Operation Development Guidance Documents Life Cycle Support Tests Vulnerability Assessment

The Open Source Security Myth — And How to Make it A Reality: Slide 8 of 22 Track August 2004 Michael Configuration Management Defined: Configuration management (CM) helps to ensure that the integrity of the TOE is preserved, by requiring discipline and control in the processes of refinement and modification of the TOE and other related information. CM prevents unauthorized modifications, additions, or deletions to the TOE, thus providing assurance that the TOE and documentation used for evaluation are the ones prepared for distribution. Open Source: de facto Standard is CVS

The Open Source Security Myth — And How to Make it A Reality: Slide 9 of 22 Track August 2004 Michael Delivery and Operation Defined: Delivery and operation defines requirements for the measures, procedures, and standards concerned with secure delivery, installation, and operational use of the TOE, ensuring that the security protection offered by the TOE is not compromised during transfer, installation, start-up, and operation. Open Source: Some use of PGP

The Open Source Security Myth — And How to Make it A Reality: Slide 10 of 22 Track August 2004 Michael Development Defined: Development defines requirements for the stepwise refinement of the TSF from the TOE summary specification in the ST down to the actual implementation. Each of the resulting TSF representations provide information to help the evaluator determine whether the functional requirements of the TOE have been met. Open Source: Status Quo is high level functional description and comments in the source code.

The Open Source Security Myth — And How to Make it A Reality: Slide 11 of 22 Track August 2004 Michael Guidance Documents Defined: Guidance documents defines requirements directed at the understandability, coverage and completeness of the operational documentation provided by the developer. This documentation, which provides two categories of information, for users and for administrators, is an important factor in the secure operation of the TOE. Open Source: Varies significantly by project with architecture, system administrator, technical user, and “typical” user

The Open Source Security Myth — And How to Make it A Reality: Slide 12 of 22 Track August 2004 Michael Life Cycle Support Defined: Life cycle support defines requirements for assurance through the adoption of a well defined life- cycle model for all the steps of the TOE development, including flaw remediation procedures and policies, correct use of tools and techniques and the security measures used to protect the development environment. Open Source: Ad Hoc

The Open Source Security Myth — And How to Make it A Reality: Slide 13 of 22 Track August 2004 Michael Tests Defined: Tests states testing requirements that demonstrate that the TSF satisfies the TOE security functional requirements. Open Source: Caveat Emptor – but what should expect for nothing?

The Open Source Security Myth — And How to Make it A Reality: Slide 14 of 22 Track August 2004 Michael Vulnerability Assessment Defined: Vulnerability assessment defines requirements directed at the identification of exploitable vulnerabilities. Specifically, it addresses those vulnerabilities introduced in the construction, operation, misuse, or incorrect configuration of the TOE. Open Source: ? Subject for DEFCON 13?

The Open Source Security Myth — And How to Make it A Reality: Slide 15 of 22 Track August 2004 Michael Development in Depth What is the Requirement? –Capture the Design philosophy –Traceability Functional Description → HLD HLD → LLD (Implementation) “Tools”

The Open Source Security Myth — And How to Make it A Reality: Slide 16 of 22 Track August 2004 Michael Don’t Fake It Paste pseudo code before real code Bury comments that address configuration management issues (e.g. This “fixes” that) Include comments that address the obvious LEAVE Design and Code out of sync Assume that well commented, modular code is enough Don’t:

The Open Source Security Myth — And How to Make it A Reality: Slide 17 of 22 Track August 2004 Michael Documentation Requirements The requirement is to understand flow and purpose of “what is there”. A security review needs traceability between functional description and HLD and between HLD and LLD (Implementation) Capture the Design philosophy! (Overall Architecture and subsystem design documents) Document alternatives considered Vulnerabilities are (traceable) to the boundaries. Therefore: (1) Identify the boundaries, and (2) Describe protection (bounds checking, error cases, etc.)

The Open Source Security Myth — And How to Make it A Reality: Slide 18 of 22 Track August 2004 Michael Documentation Tools Text (e.g. Mozilla) Source Code comments Parsing Source Code comments Flow Charts UML – Static Structure (Class Diagrams) UML – Interaction Diagram UML – Sequence Diagram FSM and State Charts

The Open Source Security Myth — And How to Make it A Reality: Slide 19 of 22 Track August 2004 Michael Password Safe Andrew Mullican (now a Developer) Software Patterns Analysis

The Open Source Security Myth — And How to Make it A Reality: Slide 20 of 22 Track August 2004 Michael Devil’s Advocate Market driven to develop code correctly Customer demand for reliability Requirement to make code “approachable” Commercial Developers are more likely to develop more useful documentation from high-level down to meaningful source comments:

The Open Source Security Myth — And How to Make it A Reality: Slide 21 of 22 Track August 2004 Michael The Path Ahead The OpenSSL Project Improved comments in the source code must be the foundation for progress: –The current work is focus on the source code. –Tools are available – parsing source code comments (e.g. JavaDocs) Effort driven from the bottom up

The Open Source Security Myth — And How to Make it A Reality: Slide 22 of 22 Track August 2004 Michael Summary What I don’t know: –How to motivate developers to write more documentation –How much is enough What I do know: –Tools are available –Open exchange of information is essential –Feedback priorities

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.