CPSC 875 John D. McGregor Security. Write down the AADL specification for a simple queue.

Slides:

Advertisements

Similar presentations

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Advertisements

Operating System Security

Avoiding The Top 10 Software Security Design Flaws Summary of Report Boston.NET Architecture Group Robert Hurlbut Presented 9/17/2014 This summary is distributed.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Agenda Scope of Requirement Security Requirements

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Towards Application Security On Untrusted OS

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

OWASP Mobile Top 10 Why They Matter and What We Can Do

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

SEC835 Database and Web application security Information Security Architecture.

Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

G53SEC 1 Reference Monitors Enforcement of Access Control.

Computer & Network Security

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Operating system Security By Murtaza K. Madraswala.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

Information Security What is Information Security?

G53SEC 1 Reference Monitors Enforcement of Access Control.

(a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always the same. So please give three examples.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

Chapter 2 Securing Network Server and User Workstations.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.

Operating Systems Security

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Archictecture for MultiLevel Database Systems Jeevandeep Samanta.

Class Presentation Pete Bohman, Adam Kunk, Erik Shaw (ONL)

VMM Based Rootkit Detection on Android

ASP.NET 2.0 Security Alex Mackman CM Group Ltd

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

Non Functional Testing. Contents Introduction – Security Testing Why Security Test ? Security Testing Basic Concepts Security requirements - Top 5 Non-Functional.

CS457 Introduction to Information Security Systems

Threat Modeling for Cloud Computing

SE-1021 Software Engineering II

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.

Cybersecurity First Principles

Design for Security Pepper.

Comments on 18 mitigations proposed by OICA(TFCS-06-11)

Security Shmuel Wimer prepared and instructed by

Operating system Security

Mitigation Principles PROPOSAL OICA/CLEPA

How to Mitigate the Consequences What are the Countermeasures?

Final Conference in Paris WP6 – Protection Profiles Specification

Chapter 29: Program Security

Sai Krishna Deepak Maram, CS 6410

Operating System Concepts

Security in SDR & cognitive radio

Access Control What’s New?

Presentation transcript:

CPSC 875 John D. McGregor Security

Write down the AADL specification for a simple queue

Microsoft’s Definition Security is the capability of a system to prevent malicious or accidental actions outside of the designed usage, and to prevent disclosure or loss of information. A secure system aims to protect assets and prevent unauthorized modification of information.

Security decomposes to Confidentiality Integrity Availability Reliability Maintainability

QA scenario - Integrity Source of stimulus – would-be hacker Stimulus – rapid sequence of DSRC messages Environment – car is idling in parking lot Artifacts – meta-data logging system activity Response – message queue overflows but control is passed to a routine that resets the queue Response measure – car did not change state

QA scenario - Confidentiality Source of stimulus – would-be hacker Stimulus – unexpected Bluetooth message attempting to load phone contacts list Environment – car is moving; Bluetooth is active Artifacts – phone contacts list in txt format Response – the system checks for authentication code and does not find it Response measure – all unauthorized contacts are rejected

QA scenario - Availability Source of stimulus – would-be hacker Stimulus – repeated door lock messages Environment – car is parked in parking lot Artifacts – door lock queue on the same bus as the engine controls Response – message queue overflows but control is passed to a routine that refuses to respond to requests for a period of time Response measure – system processes all authorized messages on time

Intrusion points

Vehicle networks

Some things to do Understand the potential threats for your domain Reduce the attack surface Set explicit policies such as access rights Build complete system specification – Use flows to identify unusual use of system – Design responses to identified intrusions

IEEE guidelines Earn or give, but never assume, trust Use an authentication mechanism that cannot be bypassed or tampered with Authorize after you authenticate Strictly separate data and control instructions, and never process control instructions received from untrusted sources Define an approach that ensures all data are explicitly validated Use cryptography correctly Identify sensitive data and how they should be handled Always consider the users Understand how integrating external components changes your attack surface Be flexible when considering future changes to objects and actors See more at: toward-secure-software-design/107965#sthash.QNrM7zZZ.dpuf

Security patterns Singleton pattern ensures that there is no spoofing of critical functions by spawning new copies Single authenticator Single authorizer Use static configurations – the configuration never changes during execution

nicalReport/2009_005_001_15110.pdf

Distrustful Decomposition The intent of the Distrustful Decomposition secure design pattern is to move separate functions into mutually untrusting programs, thereby reducing the attack surface of the individual programs that make up the system functionality and data exposed to an attacker if one of the mutually untrusting programs is compromised This allows each program to run at lowest privilege level that fits

Privilege separation Similar to the Distrustful Decomposition A process that has a high privilege level should adjust the privilege level of any child it forks An initial connection before authentication should not have administrative privilege

Defer to Kernel Use existing authentication routines in the OS. Developers don’t have to write their own authentication routines that might have holes in them.

Reference monitor Intercept all requests for resources and check their authentication.

Secure Factory Design Pattern A Factory requires a request to create an instance of a specific type and requires credentials that allow the caller to ask for that instance

/toc.pdf

Security requirements for vehicles SR.1 Autonomous, strongly isolated security processing environment SR.2 Minimal immutable trusted code to be executed prior to ECU processor SR.3 Internal non-volatile memory for storing root security artifacts SR.4 Non-detachable (tamper-protected) connection with ECU hardware SR.5 Authentic, confidential, fresh comm. channel between HSM and ECU SR.6 Autonomously controlled alert functionality (e.g., log entry, ECU halt) SR.7 Only standardized, established security algorithms (e.g., NIST1, BSI2)

Functional requirements FR.1 Physical stress resistance to endure an automotive life-cycle of 20 years FR.2 Bandwidth and latency performance that meets at least ISO [24] FR.3 Compatibility with existing ECU security modules, i.e. with HIS-SHE [21] FR.4 Compatibility with existing ECU microprocessor architectures FR.5 Open, patent free specifications for cost- efficient OEM-wide application

world-applications/ /Security- challenges-in-automotive-hardware-software- architecture-design world-applications/ /Security- challenges-in-automotive-hardware-software- architecture-design sagstetter.pdf?ip= &id= &acc=ACTIVE %20SERVICE&key=A79D83B43E50B5B8.EB6DCC A5. 4D4702B0C3E38B35.4D4702B0C3E38B35&CFID= & CFTOKEN= &__acm__= _fadf7758ac684a 735ba2678bc280bd21

Opinion-Software-insecurity-software-flaws- in-application-architecture 89/350066/3/paper.pdf 89/350066/3/paper.pdf project.org/Publications/WG11.pdf