Software Engineering for Secure Systems Individual Research Project Hiram Garcia.

Slides:



Advertisements
Similar presentations
Software Quality Seung Yang CS 525 Software Engineering II Dr. Sheldon X. Liang.
Advertisements

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
  Cyberbullying can be as simple as continuing to send e- mail or text harassing someone who has said they want no further contact with the sender.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
Evaluating Architectures Quality control: rarely fun, but always necessary
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Threats to I.T Internet security By Cameron Mundy.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Chapter 10: Authentication Guide to Computer Network Security.
Confidential Crisis Management Innovations, LLC. CMI CrisisPad TM Product Overview Copyright © 2011, Crisis Management Innovations, LLC. All Rights Reserved.
Secure Software Development Mini Zeng University of Alabama in Huntsville 1.
Requirements Engineering
Information Security Phishing Update CTC
Cyber Crime & Security Raghunath M D BSNL Mobile Services,
ISEC0511 Programming for Information System Security
What is Software Engineering? the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software”
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
Karolina Muszyńska. Reverse engineering - looking at the solution to figure out how it works Reverse engineering - breaking something down in order to.
Software System Engineering: A tutorial
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Software Software is omnipresent in the lives of billions of human beings. Software is an important component of the emerging knowledge based service.
Configuring Electronic Health Records Privacy and Security in the US Lecture f This material (Comp11_Unit7f) was developed by Oregon Health & Science University,
Software Security Testing Vinay Srinivasan cell:
PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
Software Requirements Engineering: What, Why, Who, When, and How
Software Engineering Quality What is Quality? Quality software is software that satisfies a user’s requirements, whether that is explicit or implicit.
SOFTWARE SYSTEMS DEVELOPMENT 4: System Design. Simplified view on software product development process 2 Product Planning System Design Project Planning.
Basic of Software Testing Presented by The Smartpath Information System An ISO 9001:2008 Certified Organization
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.

Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.
About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.
CS551 - Lecture 5 1 CS551 Lecture 5: Quality Attributes Yugi Lee FH #555 (816)
Evaluating Architectures. Quality Control Rarely fun, but always necessary 1.
Internet safety By Kenan.  Viruses are written by malicious programmers who wish to cause problems for other computer users.  The primary source of.
This Guide is going to be about how to  attach files  create a signature  send to multiple recipients with using ‘Cc’ and ‘Bcc’  change the priority.
Electronic Mail. Gmail Accounts USERNAME Skyward PASSWORD Same password as you use to log in to your computer.
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
Phishing Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money)
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
Policies and Security for Internet Access
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Non Functional Testing. Contents Introduction – Security Testing Why Security Test ? Security Testing Basic Concepts Security requirements - Top 5 Non-Functional.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Internet Security TEAMS March 18 th, ISP:Internet Service Provider.
Group 18: Chris Hood Brett Poche
Introduction Edited by Enas Naffar using the following textbooks: - A concise introduction to Software Engineering - Software Engineering for students-
The Development Process of Web Applications
Secure Software Confidentiality Integrity Data Security Authentication
Theodore Lawson CSCE548 Student Presentation, Topic #2
Introduction Edited by Enas Naffar using the following textbooks: - A concise introduction to Software Engineering - Software Engineering for students-
Malware, Phishing and Network Policies
Software engineering Lecturer: Nareena.
CS2S562 Secure Software Development
Computer Security.
Chapter 7 Software Engineering.
Cyber Security - Protecting Information
Module 4 System and Application Security
Unit 1.6 Systems security Lesson 1
Cybersecurity Simplified: Phishing
Chapter 1: Software and Software Engineering
Presentation transcript:

Software Engineering for Secure Systems Individual Research Project Hiram Garcia

Security Engineering “Security engineering is about building systems that are and can remain dependable in the face of malice, error or mischance. As a discipline, security engineering focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.”

Requirements Engineering* A cooperative, iterative and incremental process which aims at ensuring that: 1.All relevant requirements are explicitly known and understood at the required level of detail 2.A sufficient agreement about the system requirements is achieved between the stakeholders involved 3.All requirements are documented and specified in compliance with the defined documentation/specification formats and rules *Requirements Engineering: Fundamentals, Principles & Techniques – Klaus Pohl 3

Why Is RE SE Important? Flawed requirements a major cause of project failure – one of top ten failures in Standish CHAOS Reports Fixing an error in later phases 10x more expensive Incorrect requirements  Incorrect system leads to wasted costs System maybe unreliable for practical use disrupting normal day-to-day operations The primary vehicle for going from “vision” to “realization” 4

Main Kinds of Requirements 5 Product Requirements – Capability Requirements local to system, specific system functionality – Level of Service Requirements local to system, may affect many system requirements System Interface Requirements – varies, affects groups system requirements Project Requirements – global to project, affects overall system requirements Evolutionary Requirements – varies, effects design and implementation

Examples of Levels of Service Dependability – Reliability – Availability Usability – Ease of learning – Ease of use Performance Maintainability Portability Inter-operability (or binary portability) Reusability Security 6

Top 25 Most Dangerous Software Errors in SQL-injection 7.Used of Hard-coded credentials 8.Missing encryption of sensitive data 9.Unrestricted upload of file with dangerous type 11.Execution with unnecessary privileges Non errors: Phishing attacks, malware

SQL Injection 1.Figure out how the application handles bad inputs Insert something like into an address form field then there are basically 2 possibilities: 1 - The application will first “sanitize” the input, then, the application may run the sanitized input in the database query 2 - The application will not sanitize the input first - This is what the hacker is hoping would happen 2.Run the actual SQL injection attack

Phishing Attack Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. - Wikipedia

Phishing Attack - Amazon

Associated Press Twitter DOW Jones Index immediately following attach. injury

Types of Defenses AttackDefense SQL-injectionParameterized Queries or Stored Procedures Used of Hard-coded credentialsAvoid hard coding Missing encryption of sensitive dataEncrypt any sensitive data Unrestricted upload of file with dangerous type Restrict dangerous file type uploads Execution with unnecessary privilegesExecute with elevated privileges only when required Phishing Challenge–response Secret questions Multi-factor authentication Malware Keep Antivirus up to date Perform scheduled scans

Multi Factor Authentication Requires the presentation of two or more of the three authentication factors: 1.a knowledge factor ("something the user knows“) like password or pin, 2.a possession factor ("something the user has“) like phone call, text message or , and 3.an inherence factor ("something the user is") like a finger print or retina scan.

Keywords & References 14 Keywords Secure Systems, Security, Software, Cloud computing References 1.“Software Engineering for Security: a Roadmap”, Premkumar T. Devanbu, Stuart Stubblebine 2.“SECURITY IN SOFTWARE ARCHITECTURE: A CASE STUDY”, Adam Sachitano, Richard O. Chapman, Ph.D., Member, IEEE and John A. Hamilton, Jr.,Ph.D., Senior Member, IEEE 3.“Secure Software Systems Engineering: The Secure Tropos Approach”, Haralambos Mouratidis 4.“Requirements Engineering”, Nupul Kukreja, Barry Boehm 5.Evernote hack shows that passwords aren't good enough by Tony Bradley Twitter 2-Factor Authentication: What It Is and Why It Would Help National Security desperately/story?id= #.UXv727XbPHR desperately/story?id= #.UXv727XbPHR 7.Common Weakness Enumeration Provide an example of SQL Injection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.