Software component evaluation A developer’s perspective Sony Corporation’s presentation for the 6 th International Common Criteria Conference.

Slides:



Advertisements
Similar presentations
MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.
Advertisements

SOFTWARE DEVELOPMENT METHODOLOGIES Methodologies Waterfall Prototype model Incremental Iterative V-Model Spiral Scrum Cleanroom RAD DSDM RUP.
MIS 2000 Class 20 System Development Process Updated 2014.
Chapter 2 – Software Processes
CS 411W - Notes Product Development Documentation.
Policies vs Threats by Albert Dorofeev, Sony Corporation 10 th International Common Criteria Conference, 2009.
Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.
Chapter 10 – Digital System Projects Using HDL Copyright © 2011, 2007, 2004, 2001, 1998 by Pearson Education, Inc. Upper Saddle River, New Jersey
Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.
© Janice Regan, CMPT 102, Sept CMPT 102 Introduction to Scientific Computer Programming The software development method algorithms.
Chapter 2 Data Models Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
CBSD – Component Based Software Development - Introduction -
Algorithms and Problem Solving-1 Algorithms and Problem Solving.
The Architecture Design Process
Algorithms and Problem Solving. Learn about problem solving skills Explore the algorithmic approach for problem solving Learn about algorithm development.
Fundamentals of Information Systems, Second Edition
9 1 Chapter 9 Database Design Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
Design, Implementation and Maintenance
Introduction to Computer Technology
Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.
 1. Introduction  2. Development Life-Cycle  3. Current Component Technologies  4. Component Quality Assurance  5. Advantages and Disadvantages.
2 1 Chapter 2 Data Model Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.
PROGRAMMING LANGUAGES The Study of Programming Languages.
Systems Analysis – Analyzing Requirements.  Analyzing requirement stage identifies user information needs and new systems requirements  IS dev team.
Test Organization and Management
INFO 637Lecture #81 Software Engineering Process II Integration and System Testing INFO 637 Glenn Booker.
Design Patterns OOD. Course topics Design Principles UML –Class Diagrams –Sequence Diagrams Design Patterns C#,.NET (all the course examples) Design Principles.
Software Engineering 2003 Jyrki Nummenmaa 1 REQUIREMENT SPECIFICATION Today: Requirements Specification Requirements tell us what the system should.
Software Testing Life Cycle
Data Flow Diagram A method used to analyze a system in a structured way Used during: Analysis stage: to describe the current system Design stage: to describe.
SE-02 SOFTWARE ENGINEERING LECTURE 3 Today: Requirements Analysis Requirements tell us what the system should do - not how it should do it. Requirements.
CSE 303 – Software Design and Architecture
©Ian Sommerville 2000, Mejia-Alvarez 2009 Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing and testing.
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
Software component evaluation A developer’s perspective Sony Corporation’s presentation for the 6 th International Common Criteria Conference.
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
CSE 219 Computer Science III Program Design Principles.
Database System Development Lifecycle 1.  Main components of the Infn System  What is Database System Development Life Cycle (DSDLC)  Phases of the.
Rapid software development 1. Topics covered Agile methods Extreme programming Rapid application development Software prototyping 2.
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
Chapter 7 Software Engineering Introduction to CS 1 st Semester, 2015 Sanghyun Park.
Chapter 10 Analysis and Design Discipline. 2 Purpose The purpose is to translate the requirements into a specification that describes how to implement.
Chapter 1 Program design Objectives To describe the steps in the program development process To introduce the current program design methodology To introduce.
IT Essentials: PC Hardware and Software v4.0. Chapter 4 Objectives 4.1 Explain the purpose of preventive maintenance 4.2 Identify the steps of the troubleshooting.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 4 1 Chapter 4: Basics of Preventive Maintenance and Troubleshooting IT.
Software Engineering Principles. SE Principles Principles are statements describing desirable properties of the product and process.
Chapter 10 Software Engineering. Understand the software life cycle. Describe the development process models. Understand the concept of modularity in.
Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.
LESSON 3. Properties of Well-Engineered Software The attributes or properties of a software product are characteristics displayed by the product once.
(SRS) SOFTWARE REQUIREMENT SPECIFICATION(SRS) 1. Topics to be discussed.. What is an SRS? Purpose of an SRS Who reads the SRS? Who writes the SRS? Characteristics.
1-1 Software Development Objectives: Discuss the goals of software development Identify various aspects of software quality Examine two development life.
Chapter 2 – Software Processes Lecture 1 Chapter 2 Software Processes1.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
Chapter 1: Fundamental of Testing Systems Testing & Evaluation (MNN1063)
Topic 4 - Database Design Unit 1 – Database Analysis and Design Advanced Higher Information Systems St Kentigern’s Academy.
Software Requirements Specification Document (SRS)
Software Development Process CS 360 Lecture 3. Software Process The software process is a structured set of activities required to develop a software.
WATERFALL METHOD Robbie Campbell WHAT IS IT  Considered the classic approach to the SDLC.  It is a linear method with goals for each development phase.
Copyright © 2004, Keith D Swenson, All Rights Reserved. OASIS Asynchronous Service Access Protocol (ASAP) Tutorial Overview, OASIS ASAP TC May 4, 2004.
PROGRAMMING FUNDAMENTALS INTRODUCTION TO PROGRAMMING. Computer Programming Concepts. Flowchart. Structured Programming Design. Implementation Documentation.
Algorithms and Problem Solving
Software Development methodologies
The Systems Engineering Context
Systems Analysis and Design
Requirements Analysis and Specification
Decomposition.
Software System Integration
CS310 Software Engineering Lecturer Dr.Doaa Sami
Algorithms and Problem Solving
Presentation transcript:

Software component evaluation A developer’s perspective Sony Corporation’s presentation for the 6 th International Common Criteria Conference

6th ICCC PresentationCopyright © 2005 Sony Corporation2 Contents The discussion of the modularity of systems versus the modularity of software The discussion of the modularity of systems versus the modularity of software The discussion of disparity between the hardware and software evaluations The discussion of disparity between the hardware and software evaluations The discussion of the complexity of software and components The discussion of the complexity of software and components A preview of what is coming A preview of what is coming

6th ICCC PresentationCopyright © 2005 Sony Corporation3 System security Current approach is to evaluate “finished products” Current approach is to evaluate “finished products” Those products are later used as components to build secure systems Those products are later used as components to build secure systems Security of the system depends more on the overall security policies and system design than on the product security Security of the system depends more on the overall security policies and system design than on the product security Products specify how they should be used to remain secure even inside a system Products specify how they should be used to remain secure even inside a system Most of the time, systems are not externally evaluated Most of the time, systems are not externally evaluated

6th ICCC PresentationCopyright © 2005 Sony Corporation4 Product security Products are seen as almost completely independent units Products are seen as almost completely independent units Products are rigorously evaluated for their security Products are rigorously evaluated for their security Product is seen as a big lump of matter, thus contradicting the design principles of the product Product is seen as a big lump of matter, thus contradicting the design principles of the product The consequence is that the effort is wasted on reinventing the wheel The consequence is that the effort is wasted on reinventing the wheel Product security should be looked at from the point of view of a system and components that go into this system Product security should be looked at from the point of view of a system and components that go into this system

6th ICCC PresentationCopyright © 2005 Sony Corporation5 Component security Products consist of components Products consist of components At the system level, we can evaluate individual components, known as “products”, independently At the system level, we can evaluate individual components, known as “products”, independently At the product level, we may not evaluate individual components? At the product level, we may not evaluate individual components? There is an obvious disparity between the approaches to the security at different levels There is an obvious disparity between the approaches to the security at different levels This disparity is greatest when we look at the software evaluations This disparity is greatest when we look at the software evaluations

6th ICCC PresentationCopyright © 2005 Sony Corporation6 The spectrum of security System security Component security Product security

6th ICCC PresentationCopyright © 2005 Sony Corporation7 Overall security The components of a product must be evaluated the way we evaluate the products The components of a product must be evaluated the way we evaluate the products The context of a product provides the environment for the component just as the system provides the context for the product The context of a product provides the environment for the component just as the system provides the context for the product The approach must be systematically consistent from evaluating software and hardware components all the way to building the systems The approach must be systematically consistent from evaluating software and hardware components all the way to building the systems

6th ICCC PresentationCopyright © 2005 Sony Corporation8 Current state Lots of experience in evaluating hardware and hardware-based products Lots of experience in evaluating hardware and hardware-based products Even complex composite products are evaluated without much trouble Even complex composite products are evaluated without much trouble Evaluation of software components is far behind Evaluation of software components is far behind Lagging of software component evaluations drags down the natural process of product composition from certified components Lagging of software component evaluations drags down the natural process of product composition from certified components

6th ICCC PresentationCopyright © 2005 Sony Corporation9 What is so peculiar about software? Much higher complexity Much higher complexity Much easier to develop using logically separated components Much easier to develop using logically separated components Quick development of the functionality but long time to get the details right Quick development of the functionality but long time to get the details right Infinite stability Infinite stability

6th ICCC PresentationCopyright © 2005 Sony Corporation10 Complexity Software is much easier to develop compared to hardware Software is much easier to develop compared to hardware Therefore we make very complex things in software Therefore we make very complex things in software The way we deal with the increasing complexity is to split the software into components The way we deal with the increasing complexity is to split the software into components Components, in turn, get increasingly complex Components, in turn, get increasingly complex

6th ICCC PresentationCopyright © 2005 Sony Corporation11 Development cycle There are different models for managing the complexity of development There are different models for managing the complexity of development In the end, there are always two phases: In the end, there are always two phases: –Development of the functionality –Getting the functionality exactly right The second stage may take longer The second stage may take longer A fully understood, tested and verified software can be easily reused A fully understood, tested and verified software can be easily reused

6th ICCC PresentationCopyright © 2005 Sony Corporation12 Software stability As opposed to the hardware, the software is not subject to wear and tear As opposed to the hardware, the software is not subject to wear and tear Software does not need the maintenance or protection required for the hardware Software does not need the maintenance or protection required for the hardware Software will keep performing the required function indefinitely Software will keep performing the required function indefinitely

6th ICCC PresentationCopyright © 2005 Sony Corporation13 Software vs. hardware: implementation Hardware is built from real-world matter while software is built of ideal mathematical objects with behaviour defined precisely with abstract rules Hardware is built from real-world matter while software is built of ideal mathematical objects with behaviour defined precisely with abstract rules Hardware can fail, software cannot Hardware can fail, software cannot Hardware can have dependencies that would be absurd for the software Hardware can have dependencies that would be absurd for the software The dependencies in the software are much easier to identify and analyze. The dependencies in the software are much easier to identify and analyze.

6th ICCC PresentationCopyright © 2005 Sony Corporation14 What is the point? Software, once written, stays functional forever Software, once written, stays functional forever Software can be evaluated once and for all Software can be evaluated once and for all The total sum of software in a product is usually split into building blocks – components The total sum of software in a product is usually split into building blocks – components A product may be created by using infinitely stable, evaluated components A product may be created by using infinitely stable, evaluated components

6th ICCC PresentationCopyright © 2005 Sony Corporation15 More interestingly Hardware does not know how it will be used, software knows exactly what it needs to do and how it will use the hardware. Hardware does not know how it will be used, software knows exactly what it needs to do and how it will use the hardware. Hardware is operated according to the plan that is the software. Hardware is operated according to the plan that is the software.

6th ICCC PresentationCopyright © 2005 Sony Corporation16 Software summary Software is the master plan of function Software is the master plan of function High level of complexity High level of complexity Precisely defined behaviour Precisely defined behaviour Infinite stability Infinite stability No possibility of failure No possibility of failure Dependencies are easy to define Dependencies are easy to define

6th ICCC PresentationCopyright © 2005 Sony Corporation17 What all this leads to? The software should be the basis of the evaluation The software should be the basis of the evaluation We are used to evaluating the hardware first and then seeing how it is used by the software We are used to evaluating the hardware first and then seeing how it is used by the software We should do the other way around We should do the other way around

6th ICCC PresentationCopyright © 2005 Sony Corporation18 Compare with the evaluation flow In a CC evaluation, we start from ST to see what has to be done and we proceed downwards to see how it is supported In a CC evaluation, we start from ST to see what has to be done and we proceed downwards to see how it is supported The current state is like starting from the code to see what it can do and proceeding upwards to check that ST does not break the security of the code The current state is like starting from the code to see what it can do and proceeding upwards to check that ST does not break the security of the code Let’s start from the logical beginning – the software that rules the functionality! Let’s start from the logical beginning – the software that rules the functionality!

6th ICCC PresentationCopyright © 2005 Sony Corporation19 Certified components The purpose is to make components self-contained The purpose is to make components self-contained The functionality of a component is not affected by the functionality of other components The functionality of a component is not affected by the functionality of other components A component can be fully tested and relied on to keep the set functionality A component can be fully tested and relied on to keep the set functionality Certified components become the basis for building secure systems Certified components become the basis for building secure systems

6th ICCC PresentationCopyright © 2005 Sony Corporation20 What is in it for us? Assembly from certified components: lower cost Assembly from certified components: lower cost Independent component support: lower effort Independent component support: lower effort Clear “separation of duty”: higher security Clear “separation of duty”: higher security

6th ICCC PresentationCopyright © 2005 Sony Corporation21 What is the problem then? Software requires some hardware to be able to run for testing. Software requires some hardware to be able to run for testing. Hardware introduces dependencies. Hardware introduces dependencies. Software is much more complex and big, it takes a lot of time to analyze, especially when it has many dependencies. Software is much more complex and big, it takes a lot of time to analyze, especially when it has many dependencies.

6th ICCC PresentationCopyright © 2005 Sony Corporation22 And what is the solution? The solution is to use the component evaluation. The solution is to use the component evaluation. The solution is two-fold: The solution is two-fold: –Make sure the components are self-contained for the most part and contain a clearly defined and stable functionality –Make sure the component describes clearly what it will expect from the environment and how that environment will be used.

6th ICCC PresentationCopyright © 2005 Sony Corporation23 What do we need? An agreed way to provide the description of the software and hardware dependencies An agreed way to provide the description of the software and hardware dependencies –Policies –Security Functional Requirements –Developer documentation –… ? An agreed evaluation methodology An agreed evaluation methodology A product to test all of these on A product to test all of these on

6th ICCC PresentationCopyright © 2005 Sony Corporation24 What will we do then? We started a project for software component evaluation that will allow us to test the methodology and gain some experience We started a project for software component evaluation that will allow us to test the methodology and gain some experience The product is a smart card with a bit complicated structure of software The product is a smart card with a bit complicated structure of software The purpose is to certify the software components separately and then reassemble the product from those certified components The purpose is to certify the software components separately and then reassemble the product from those certified components

6th ICCC PresentationCopyright © 2005 Sony Corporation25 Who is at the forefront? Certification body: CESG of UK Certification body: CESG of UK Evaluation labs: LogicaCMG and SiVenture Evaluation labs: LogicaCMG and SiVenture Developer: Sony Corporation Developer: Sony Corporation The “guinea pig” product: Sony FeliCa smart card The “guinea pig” product: Sony FeliCa smart card

Thank you! Albert Dorofeev General Manager Sony Secure Communications Europe

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.