1 Security Engineering for Software Dimitry Averin CS996 – Information Security Management March 30, 2005.

Slides:



Advertisements
Similar presentations
Configuration Management
Advertisements

Configuration Management
Software Quality Assurance Plan
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Security Development Lifecycle Randy Guthrie Microsoft Developer Evangelist
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security Controls – What Works
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Computer Security: Principles and Practice
Stephen S. Yau CSE , Fall Security Strategies.
IT:Network:Microsoft Applications
Release & Deployment ITIL Version 3
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.
SEC835 Database and Web application security Information Security Architecture.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Introduction to RUP Spring Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.
RUP Fundamentals - Instructor Notes
 Computer security policy ◦ Defines the goals and elements of an organization's computer systems  Definition can be ◦ Highly formal ◦ Informal  Security.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
The Trustworthy Computing Security Development Lifecycle Steve Lipner Director of Security Engineering Strategy Security Business and Technology Unit.
Understand Application Lifecycle Management
CS 360 Lecture 3.  The software process is a structured set of activities required to develop a software system.  Fundamental Assumption:  Good software.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security.
Service Transition & Planning Service Validation & Testing
Microsoft Security Development Lifecycle
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Engineering Essential Characteristics Security Engineering Process Overview.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Module 6: Designing Security for Network Hosts
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
1 Software Engineering and Security DJPS April 12, 2005 Professor Richard Sinn CMPE 297: Software Security Technologies.
Malicious Software.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Computer Security By Duncan Hall.
Understand Malware LESSON Security Fundamentals.
Software Development Process CS 360 Lecture 3. Software Process The software process is a structured set of activities required to develop a software.
Introduction to ITIL and ITIS. CONFIDENTIAL Agenda ITIL Introduction  What is ITIL?  ITIL History  ITIL Phases  ITIL Certification Introduction to.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
The NIST Special Publications for Security Management By: Waylon Coulter.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Security Development Lifecycle (SDL) Overview
CS457 Introduction to Information Security Systems
Chapter 7. Identifying Assets and Activities to Be Protected
Securing Network Servers
Security Standard: “reasonable security”
Compliance with hardening standards
The Microsoft® Security Development Lifecycle (SDL)
AppExchange Security Certification
How to Mitigate the Consequences What are the Countermeasures?
Presentation transcript:

1 Security Engineering for Software Dimitry Averin CS996 – Information Security Management March 30, 2005

2 Definitions  Software Engineering: Concept of creating and maintaining software applications by applying technologies and practices from computer science and project management fields [  Secure Software Engineering

3 MAINTENANCE DEPLOYMENTTESTINGIMPLEMENTATIONDESIGN “Current”/Traditional Software Engineering  Over 30 years of software development experience created a well defined application software development lifecycle REQUIREMENTS  There are many software development methodologies (ex. XP, waterfall, etc) they all have these basic steps  Capability Maturity Model for Software (SW-CMM), is used to measure quality of methodologies employed

4 Motivation  This application development process in its essence fails to address security issues  Consequently, security flaws are identified only at the later stages of the application lifecycle. And thus  Much greater cost to fix  High maintenance cost  …  Nearly every company/organization utilizes network security infrastructure (e.g. Firewalls, IDS, etc)  But very small number of them invest in application security strategy, design, and code review services

5 So  For the software industry, the key to meeting demand for improved security, is to implement repeatable processes that reliably deliver measurably improved security  Thus, there must be a transition to a more stringent software development process that greatly focuses on security  Goal: minimize the number of security vulnerabilities in design, implementation, and documentation  Identify and remove vulnerabilities in the development lifecycle as early as possible!!!

6 Building Secure Software Three essential components  Repeatable process  Engineer Education  Metrics and Accountability  SDL – Secure Development Lifecycle  Used along with traditional/current software development lifecycle/techniques in order to introduce security at every stage of software development

7 SDL – Requirements Phase  Development of requirements  Gather information about application [costumer/experience/survey]  Analysis of requirements  Are all the security issues addressed  CIA – [Confidentiality, Integrity, Availability]  Verification of requirements  Are there are any inconsistencies / system interface / correctness  Documentation!!!  Feasibility of requirements  [repeat]  The bottom line: Planning at this stage offers the best opportunity to build secure software in the most efficient manner [cost, time, etc] RequirementsDesignImplementationVerificationDeploymentMaintenance

8 SDL – Requirements Phase  Develop Security Requirements  Security Requirements of a system/application must be developed along with any other requirements requirements (e.g. functional, legal, user, etc)  Risk analysis  Identify all the assets at risk  Identify all the threats  Develop security policies  Used as guidelines for requirements  Develop security metrics RequirementsDesignImplementationVerificationDeploymentMaintenance

9 SDL – Design Phase  At this stage all design decisions are made, about  Software Architecture  Software components  Programming languages  Interfaces  …  Develop documentation  Confirm that all requirements are followed and met RequirementsDesignImplementationVerificationDeploymentMaintenance

10 SDL – Design Phase  Treat Models  Input Data Types  Security Use Cases  Security Architecture  Defense in Layers / Separate Components / Least Privilege  Tool  SecureUML – Secure Unified Modeling Language SecureUML - example RequirementsDesignImplementationVerificationDeploymentMaintenance

11 SDL – Implementation Phase  This is the stage where coding is done.  To produce secure software  Coding Standards  Centralized Security Modules  Secure builds and configurations Known security vulnerabilities - use good programming practices. Be aware of –Race conditions –Buffer overflow –Format string –Malicious logic –…  Follow Design & Develop Documentation [further] RequirementsDesignImplementationVerificationDeploymentMaintenance

12 SDL – Implementation Phase RequirementsDesignImplementationVerificationDeploymentMaintenance “Vulnerability-free” Application Robust Programming Practices Good design and coding practices Design and implementation of security features. From the Requirements

13 SDL – Verification Phase  Testing of the code developed in the previous stage  Cleared security tests  Security vulnerability tracking  Code Reviews  Documentation RequirementsDesignImplementationVerificationDeploymentMaintenance

14 SDL – Release Phase  Secure Management Procedures  Monitoring Requirements  Security Upgrade Procedures RequirementsDesignImplementationVerificationDeploymentMaintenance

15 SDL – Response Phase  Causes:  Costumer feedback  Security incident details and vulnerability reports ……  Types of maintenance  Need to introduce new functionality  Need to upgrade to keep up with technology  Discovered vulnerability RequirementsDesignImplementationVerificationDeploymentMaintenance

16 Facts:  Every security vulnerability / flaw overlooked in an earlier phase will end-up at later phase[s]  Resulting into greater  Cost  Time of the software development and/or maintenance

17 Microsoft – Case Study SD 3 + C  Secure by Design  Software designed and implemented to “protect” itself and its information  Secure by Default  Accept the fact that software will not achiever perfect security  To minimize the harm when vulnerabilities exploited, software’s default state should promote security (ex. least necessary privileges)  Secure in Deployment  Software accompanied by tools and guidance to assist secure use  Communications  Developers should be prepared for discovery of product vulnerabilities and should communicate openly and responsibly with end users. (e.g. patching, deploying workarounds)

18 Microsoft RequirementsDesignImplementationVerificationReleaseResponse Inception - Security Advisor assigned - Ensure security milestones are understood - Identify security requirements Design & Threat Modeling - Design guidelines documented - Threat models produced - Security architecture documented -Threat model and design review completed Security Push -Threat models reviewed - Code reviewed - Attack testing - New threats evaluated - Security testing completed Security Response Feedback - Tools/processes evaluated - Postmortems completed Guidelines & Best Practices - Coding and test standards - Test plans developed and executed - Tools used Final Security Review - Threat models reviewed - Unfixed bugs reviewed - New bugs reviewed - Penetration testing completed - Documentation achieved

19 SDL – Requirements Microsoft  Product and central security teams assign “security buddy” – security advisor  Point of contact / resources / guide  Review plans / recommendations / resources  Product team considers  How security will be integrated into the development process  Key security objectives  Documentation RequirementsDesignImplementationVerificationReleaseResponse

20 SDL – Design Microsoft  Define security architecture and design guidelines  Document the elements of the software attack surface  Conduct threat modeling  Define supplemental ship criteria RequirementsDesignImplementationVerificationReleaseResponse

21 SDL – Implementation Microsoft  Apply coding and testing standards  Apply fuzzing tools  Supplies structured but invalid inputs  Apply static-analysis code scanning tools  Conduct code reviews RequirementsDesignImplementationVerificationReleaseResponse

22 SDL – Verification Microsoft  “Beta” testing stage  “Security push”  security code reviews beyond ones completed in implementation phase  Testing of high priority code  Trying to “break” the code RequirementsDesignImplementationVerificationReleaseResponse

23 SDL – Release Microsoft  During the release, software is subject to Final Security Review [FSR]  The goal of FSR is to determine whether, from security viewpoint, the software is ready to be delivered to costumers  Not pass / fail  Goal is to find every remaining security vulnerability in software  If found, revisit all the preceding phases and fix the root problem  Conducted by central security team RequirementsDesignImplementationVerificationReleaseResponse

24 SDL – Response Microsoft  Despite use of SDL, resulting software is not vulnerability free; and even if it could be so, new attacks would be possible  Evaluation of reports  Development of patches and security updates RequirementsDesignImplementationVerificationReleaseResponse

25 Microsoft  Mandatory Application of the SDL  Mandatory Education  Metrics for Product Teams  The Central Security Team

26 Mobile Malicious Code  Malicious code:  Code is that which is intentionally included in hardware, software, firmware or data for unauthorized purposes. Computer Viruses, Worms, Trojan Horses, Trapdoors, and Logic/Time Bombs all fall under the definition of malicious code.  Mobile code:  Technology which allows for the creation of executable information which can be delivered to an information system and then directly executed on any hardware/software architecture which has an appropriate host execution environment.

27 Mobile Malicious Code [cont’d]  Malicious Mobile Code:  Mobile code is the software designed, employed, distributed, or activated with the intention of compromising the performance or security of information systems and computers, increasing access to those systems, providing the unauthorized disclosure of information, corrupting information, denying service, or stealing resources.  Types of mobile code are direct and indirect:  Direct mobile code can be recognized within the primary transport mechanism, such as a virus within a file.  Indirect mobile code may be embedded, such as inside of an attachment to an .

28 Mobile Code Technologies  Category 1  Mobile code that can exhibit broad functionality using unmediated access to services and resources of workstations, hosts and remote systems. [e.g. Active X, VBA, Unix shell script]  Category 2  Mobile code that has full functionality using mediated or controlled access to services and resources of workstations, hosts and remote systems. [e.g. Java Applets, Postscript]  Category 3  Mobile code that has limited functionality, with no capability for unmediated or uncontrolled access to services and resources of workstations, hosts and remote systems. [e.g. JavaScript, VB script]  Exempt technologies are those which are not considered true mobile code  [e.g. XML, Web server scripts]

29  Trusted Source  A trusted source is a source that is adjudged to provide reliable software code or information and whose identity can be verified by authentication. [e.g. Joint Worldwide Intelligence Communications System [JWICS ] ]  Screening  Preventive measure to monitor processes and data to intercept malicious code before it is introduced to an IS. Screening also includes monitoring IS for the presence of malicious code which is already present. Malicious code occurs in different forms, which may have different methods for screening.

30 Questions