Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security.

Slides:



Advertisements
Similar presentations
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Advertisements

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Security Development Lifecycle Randy Guthrie Microsoft Developer Evangelist
Now Bill Gates writes “Trustworthy Computing” memo early 2002 “Windows security push” for Windows Server 2003 Security push.
12 November 2009 Bryan Sullivan Senior Security Program Manager, Microsoft SDL.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Sixth Hour Lecture 10:30 – 11:20 am, September 9 Framework for a Software Management Process – Artifacts of the Process (Part II, Chapter 6 of Royce’ book)
Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.
Getting Ahead: Integrating Development and Response for Improved Security Steven B. Lipner Director of Security Engineering Strategy Security Business.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
MICROSOFT PLATFORM  Microsoft is a platform company is committed to providing a rich ecosystem for building and managing connected systems.  Microsoft.
1 Security Engineering for Software Dimitry Averin CS996 – Information Security Management March 30, 2005.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Iterative development and The Unified process
Software Configuration Management
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
IT:Network:Microsoft Applications
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
4/20/2017 6:38 PM © 2004 Microsoft Corporation. All rights reserved.
S/W Project Management
Introduction to RUP Spring Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.
Microsoft Dynamics AX 2009 Integration and Development with the.NET Framework Closing.
Applying the Secure Development Lifecycle to the WCF
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.
The Trustworthy Computing Security Development Lifecycle Steve Lipner Director of Security Engineering Strategy Security Business and Technology Unit.
GBA IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.
SEC303 Assessing and Managing Privacy in the Enterprise JC Cannon Privacy Strategist.
Microsoft Security Development Lifecycle
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
IS 2620: Developing Secure Systems Jan 13, 2011 Secure Software Development Models/Methods Week 2: Lecture 2.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
04 | Define a Software Iteration Steven Borg | Co-founder & Strategist, Northwest Cadence Anthony Borton | ALM Consultant, Enhance ALM.
© Mahindra Satyam 2009 Configuration Management QMS Training.
Randy Beavers CS 585 – Computer Security February 19, 2009.
Security Development Life Cycle Baking Security into Development September 2010.
1 Software Engineering and Security DJPS April 12, 2005 Professor Richard Sinn CMPE 297: Software Security Technologies.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Advancing Security Progress and Commitment Stuart Okin Chief Security Advisor – Microsoft UK Delivering on security (an update on progress)
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.
Copyright © Microsoft Corp 2006 The Security Development Lifecycle Eric Bidstrup, CISSP Group Program Manager Security Engineering and Communication.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.
How We Got Here PC and Internet changed the rules –Viruses, information sharing, “outside” and “inside” indistinguishable –Vulnerability research for.
IV&V Facility 7/28/20041 IV&V in NASA Pre-Solicitation Conference/ Industry Day NASA IV&V FACILITY July 28, 2004.
IS&T Project Reviews September 9, Project Review Overview Facilitative approach that actively engages a number of key project staff and senior IS&T.
Security Development Lifecycle (SDL) Overview
CS457 Introduction to Information Security Systems
Customer Guide to Limited-Time Offer
Managing the Project Lifecycle
The Microsoft® Security Development Lifecycle (SDL)
Microsoft’s Security Strategy
COMPTIA CAS-003 Dumps VCE
SAM Financial Services Cybersecurity Assessment
Deployment timeline This template is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION.
Microsoft SAM Managed Service Program
Deployment timeline This template is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION.
IS&T Project Reviews September 9, 2004.
The role of the test organization in a Security Sensitive project
Delivering great hardware solutions for Windows
5/12/2019 2:57 PM © Microsoft Corporation. All rights reserved.
Albeado - Enabling Smart Energy
Security in the Real World – Plenary Day One
{Project Name} Organizational Chart, Roles and Responsibilities
Using Software Restriction Policies
Presentation transcript:

Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security Business and Technology Unit Microsoft Corporation

Microsoft’s Security Focus

Origin Of Microsoft Security Efforts Through Windows 2000 release Secure Windows Initiative (SWI) Expert resource for consulting and code reviews Through Windows XP release SWI as company wide resource Security training Common tools Team-wide “security days” Introduction of Trustworthy Computing Windows (and other) security pushes Focused reviews of designs, code, penetration resistance

Threat modeling Code inspection Penetration testing Unused features off by default Reduce attack surface area Least Privilege Prescriptive guidance Security tools Training and education Community engagement Transparency Clear policy Framework for Better Security Security Development Lifecycle addresses Secure by Design, Secure by Default

Engineering Excellence The Security Development Lifecycle (SDL) A PROCESS by which Microsoft develops software, that defines security requirements and milestones MANDATORY for products that are exposed to meaningful security risk EVOLVING and new factors, such as privacy, are being added COMPATIBLE with COTS product development processes EFFECTIVE at addressing security issues; designed to produce DEMONSTRATABLE RESULTS (not all methodologies do this) It has shown itself to be highly effective at reducing vulnerabilities in commercial software In sum, the SDL puts Microsoft on path toward more secure software

Traditional Baseline Process

Integrating SDL into the development process

Requirements Phase Opportunity to consider security at the outset Secure Windows Initiative (SWI) team assigns SWI Buddy Development team identifies security requirements SWI Buddy reviews product plan, makes recommendations, ensures resources allocated by management SWI Buddy assesses security milestones and exit criteria (NOTE: This SWI Buddy will stay with the project through the Final Security Review)

Design Design stage Define and document security architecture Identify security critical components (“trusted base”) Identify design techniques (e.g., layering, managed code, least privilege, attack surface minimization) Document attack surface and limit through default settings Create threat models (e.g., identify assets, interfaces, threats, risk) and mitigate threats through countermeasures Identify specialized test tools Define supplemental ship criteria due to unique product issues (e.g., cross-site scripting tests) Confer with SWI Buddy on questions Exit criteria: Design review complete and signed off by development team and SWI Buddy

Development Apply coding and testing standards (e.g., safe string handling) Apply fuzz testing tools (structured invalid inputs to network protocol and file parsers) Apply static code analysis tools (to find, e.g., buffer overruns, integer overruns, uninitialized variables) Conduct code reviews

Verification Software functionality complete and enters Beta Because code complete, testing both new and legacy code Security Push Security push is not a substitute for security work during development Security push does provide an opportunity to focus on security Code reviews (especially legacy/unchanged code) Penetration and other security testing Review design, architecture, threat models in light of new threats

Final Security Review (FSR) “From a security viewpoint, is this software ready to deliver to customers?” Two to six months prior to software completion, depending on the scope of the software. Software must be in a stable state with only minimal non-security changes expected prior to release FSR results: If the FSR finds a pattern of remaining vulnerabilities, the proper response is not just to fix the vulnerabilities found, but to revisit the earlier phases and take pointed actions to address root causes (e.g., improve training, enhance tools)

Final Security Review (FSR) What is in the FSR? Completion of a questionnaire by the product team Interview by a security team member assigned to the FSR Review of bugs that were initially identified as security bugs, but on further analysis were determined not to have impact on security, to ensure that the analysis was done correctly Analysis of any newly reported vulnerabilities affecting similar software to check for resiliency Additional penetration testing, possibly by outside contractors to supplement security team

Response Phase Microsoft Security Response Center Sustained Engineering Teams Patch Management Post Mortems and feedback to the SDL

Education For The SDL New employees do not arrive with ability to develop secure software Microsoft trains staff as a part of New Employee Orientation Microsoft trains staff as part of a security push Microsoft trains developers, testers, program managers, user education staff and architects annually Microsoft funds academic curriculum development through Microsoft Research Microsoft publishes material on writing secure code, threat modeling, and SDL (pending) and offers courses (see

Education Resources

Source: Microsoft Security Bulletin Search SDL Results: Windows 2003

Affecting Office 2003 All Office Bulletins since ship 8/ Office Bulletins since Office 2003 shipped (Aug 2003) Bulletins after August 2003: (* affected Office 2003) September: MS03-035, MS , MS03-037, MS03-038September: MS03-035, MS , MS03-037, MS03-038September: MS03-035, MS , MS03-037, MS03-038September: MS03-035, MS , MS03-037, MS November: MS03-050November: MS03-050November: MS03-050November: MS October: MS04-033October: MS04-033October: MS04-033October: MS September: MS04-028* (GDI+ issue) …September: MS04-028* (GDI+ issue) …September: MS04-028September: MS September: MS04-027* (WordPerfect converter)September: MS04-027* (WordPerfect converter)September: MS04-027September: MS March: MS04-009March: MS04-009March: MS04-009March: MS February: MS05-005February: MS05-005MS February: MS05-012*February: MS05-012*MS (OLE issue) … April: MS05-023*April: MS05-023*MS (Word buffer overflow) SDL Results: Office 2003

SDL Results: SQL Server SQL Server (YTD)

SDL Results: IIS 4.0, 5.0, 5.1, 6.0 IIS 4.0, 5.0, 5.1, (YTD)

SDL Results: Exchange Exchange 5.0, 5.5, 2000, (YTD)

DiscussionDiscussion

© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.