Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Chapter 14 – Security Engineering
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
SWE Introduction to Software Engineering
Lecture 11 Reliability and Security in IT infrastructure.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Computer Security: Principles and Practice
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Course Instructor: Aisha Azeem
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
CIS 376 Bruce R. Maxim UM-Dearborn
Frequently asked questions about software engineering
Lecture 1.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 2 Slide 1 Systems engineering 1.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 1.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 11 Slide 1 Architectural Design.
Website Hardening HUIT IT Security | Sep
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
SEC835 Database and Web application security Information Security Architecture.
Chapter 1- Introduction Lecture 1 Ready, fire, aim (the fast approach to software development). Ready, aim, aim, aim, aim... (the slow approach to software.
CS 220 – Software Engineering© Binayak Bhattacharyya CS Software Engineering Instructor: Binayak Bhattacharyya
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
Security Architecture
1 Chapter 3 Critical Systems. 2 Objectives To explain what is meant by a critical system where system failure can have severe human or economic consequence.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.
Configuration Management (CM)
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.
1 Chapter 5 Project management. 2 Project management : Is Organizing, planning and scheduling software projects.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems 1.
Architectural Design lecture 10. Topics covered Architectural design decisions System organisation Control styles Reference architectures.
 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.
Building Dependable Distributed Systems Chapter 1 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Public Trust in Health Information: Foundational Principles for Dependable Systems Dixie B. Baker, Ph.D. Vice President for Technology CTO, Enterprise.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Slide 1 Service-centric Software Engineering. Slide 2 Objectives To explain the notion of a reusable service, based on web service standards, that provides.
Chapter 1- Introduction Lecture 1. Topics covered  Professional software development  What is meant by software engineering.  Software engineering.
©Ian Sommerville 2000Dependability Slide 1 Chapter 16 Dependability.
1 Software Engineering, 8th edition. Chapter 3 Courtesy: ©Ian Sommerville 2006 Sep 16, 2008 Lecture # 3 Critical Systems.
Carnegie Mellon University Software Engineering Institute Lecture 4 The Survivable Network Analysis Method: Evaluating Survivability of Critical Systems.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
INFORMATION SECURITY MANAGEMENT L ECTURE 8: R ISK M ANAGEMENT C ONTROLLING R ISK You got to be careful if you don’t know where you’re going, because you.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
CS457 Introduction to Information Security Systems
Chapter 14 – Resilience Engineering
CompSci 280 S Introduction to Software Development
Cybersecurity - What’s Next? June 2017
Design for Security Pepper.
Software Qualities II.
Chapter 1- Introduction
Chapter 13 – Security Engineering
Chapter 13 – Security Engineering
Security Engineering.
Software Qualities.
Chapter 13 – Security Engineering
Albeado - Enabling Smart Energy
Presentation transcript:

Slide 1 Security Engineering

Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To discuss security risk management and the derivation of security requirements from a risk analysis l To describe good design practice for secure systems development. l To explain the notion of system survivability and to introduce a method of survivability analysis.

Slide 3 Topics covered l Security concepts l Security risk management l Design for security l System survivability

Slide 4 l Tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer-based system or its data. l A sub-field of the broader field of computer security. Security engineering

Slide 5 System layers

Slide 6 Application/infrastructure security l Application security is a software engineering problem where the system is designed to resist attacks. l Infrastructure security is a systems management problem where the infrastructure is configured to resist attacks. l The focus of this lecture is application security.

Slide 7 Security concepts

Slide 8 Examples of security concepts

Slide 9 Security threats l Threats to the confidentiality of a system or its data l Threats to the integrity of a system or its data l Threats to the availability of a system or its data

Slide 10 Security controls l Controls that are intended to ensure that attacks are unsuccessful. This is analagous to fault avoidance. l Controls that are intended to detect and repel attacks. This is analagous to fault detection and tolerance. l Controls that are intended to support recovery from problems. This is analagous to fault recovery.

Slide 11 Security risk management l Risk management is concerned with assessing the possible losses that might ensue from attacks on the system and balancing these losses against the costs of security procedures that may reduce these losses. l Risk management should be driven by an organisational security policy. l Risk management involves Preliminary risk assessment Life cycle risk assessment

Slide 12 Preliminary risk assessment

Slide 13 Asset analysis

Slide 14 Threat and control analysis

Slide 15 Security requirements l Patient information must be downloaded at the start of a clinic session to a secure area on the system client that is used by clinical staff. l Patient information must not be maintained on system clients after a clinic session has finished. l A log on a separate computer from the database server must be maintained of all changes made to the system database.

Slide 16 Life cycle risk assessment l Risk assessment while the system is being developed and after it has been deployed l More information is available - system platform, middleware and the system architecture and data organisation. l Vulnerabilities that arise from design choices may therefore be identified.

Slide 17 Examples of design decisions l System users authenticated using a name/password combination. l The system architecture is client-server with clients accessing the system through a standard web browser. l Information is presented as an editable web form.

Slide 18 Technology vulnerabilities

Slide 19 Design for security l Architectural design - how do architectural design decisions affect the security of a system? l Good practice - what is accepted good practice when designing secure systems? l Design for deployment - what support should be designed into a system to avoid the introduction of vulnerabilities when a system is deployed for use?

Slide 20 Architectural design l Protection How should the system be organised so that critical assets can be protected against external attack? l Distribution How should system assets be distributed so that the effects of a successful attack are minimised? l Potentially conflicting If assets are distributed, then they are more expensive to protect.

Slide 21 Protection l Platform-level protection l Application-level protection l Record-level protection

Slide 22 Layered protection

Slide 23 A distributed equity system

Slide 24 Design guidelines l Design guidelines encapsulate good practice in secure systems design l Design guidelines serve two purposes: They raise awareness of security issues in a software engineering team. They can be used as the basis of a review checklist that is applied during the system validation process.

Slide 25 Design guidelines 1 l Base security decisions on an explicit security policy l Avoid a single point of failure l Fail securely l Balance security and usability l Be aware of the possibilities of social engineering

Slide 26 Design guidelines 2 l Use redundancy and diversity to reduce risk l Validate all inputs l Compartmentalise your assets l Design for deployment l Design for recoverability

Slide 27 Design for deployment l Deployment involves configuring software to operate in its working environment, installing the system and configuring it for the operational platform. l Vulnerabilities may be introduced at this stage as a result of configuration mistakes. l Designing deployment support into the system can reduce the probability that vulnerabilities will be introduced.

Slide 28 System survivability l Survivability is an emergent system property that reflects the systems ability to deliver essential services whilst it is under attack or after part of the system has been damaged l Survivability analysis and design should be part of the security engineering process

Slide 29 Service availability l Which system services are the most critical for a business? l How might these services be compromised? l What is the minimal quality of service that must be maintained? l How can these services be protected? l If a service becomes unavailable, how quickly can it be recovered?

Slide 30 Survivability strategies l Resistance Avoiding problems by building capabilities into the system to resist attacks l Recognition Detecting problems by building capabilities into the system to detect attacks and failures and assess the resultant damage l Recovery Tolerating problems by building capabilities into the system to deliver services whilst under attack

Slide 31 System survivability method

Slide 32 Key activities l System understanding Review goals, requirements and architecture l Critical service identification Identify services that must be maintained l Attack simulation Devise attack scenarios and identify components affected l Survivability analysis Identify survivability strategies to be applied

Slide 33 Trading system survivability l User accounts and equity prices replicated across servers so some provision for survivability made l Key capability to be maintained is the ability to place orders for stock l Orders must be accurate and reflect the actual sales/purchases made by a trader

Slide 34 Survivability analysis

Slide 35 Key points l Security engineering is concerned with how to develop systems that can resist malicious attacks l Security threats can be threats to confidentiality, integrity or availability of a system or its data l Security risk management is concerned with assessing possible losses from attacks and deriving security requirements to minimise losses l Design for security involves architectural design, following good design practice and minimising the introduction of system vulnerabilities

Slide 36 Key points l Key issues when designing a secure architecture include organising the structure to protect assets and distributing assets to minimise losses l General security guidelines sensitise designers to security issues and serve as review checklists l Configuration visualisation, setting localisation, and minimisation of default privileges help reduce deployment errors l System survivability reflects the ability of a system to deliver services whilst under attack or after part of the system has been damaged.