Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory.

Slides:



Advertisements
Similar presentations
Qualifications Update: Fashion and Textile Technology Dunblane Hydro 27 November 2013 Qualifications Update: Fashion and Textile Technology Dunblane Hydro.
Advertisements

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
MIS 385/MBA 664 Systems Implementation with DBMS/ Database Management Dave Salisbury ( )
The Role of Software Engineering Brief overview of relationship of SE to managing DSD risks 1.
L4-1-S1 UML Overview © M.E. Fayad SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
- 1 - Component Based Development R&D SDM Theo Schouten.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
The database development process
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 8 Slide 1 Software Prototyping l Rapid software development to validate requirements l.
Effective Methods for Software and Systems Integration
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
SEC835 Database and Web application security Information Security Architecture.
CHAPTER 5 Infrastructure Components PART I. 2 ESGD5125 SEM II 2009/2010 Dr. Samy Abu Naser 2 Learning Objectives: To discuss: The need for SQA procedures.
Information Assurance: Requirements Development and Satisfaction Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, John Lowrance, Bob Riemenschneider,
UML - Development Process 1 Software Development Process Using UML (2)
S/W Project Management Software Process Models. Objectives To understand  Software process and process models, including the main characteristics of.
New Advanced Higher Subject Implementation Events Chemistry : Unit Assessment at Advanced Higher.
Chapter 2 The process Process, Methods, and Tools
1 Systems Analysis and Design in a Changing World, Fourth Edition.
CLEANROOM SOFTWARE ENGINEERING.
Security Assessments FITSP-A Module 5
-Nikhil Bhatia 28 th October What is RUP? Central Elements of RUP Project Lifecycle Phases Six Engineering Disciplines Three Supporting Disciplines.
T. Dawson, TASC 9/11/13 Use of a Technical Reference in NASA IV&V.
©Ian Sommerville 2000, Mejia-Alvarez 2009 Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing and testing.
RUP Design RUP Artifacts and Deliverables
ESA/ESTEC, TEC-QQS August 8, 2005 SAS_05_ESA SW PA R&D_Winzer,Prades Slide 1 Software Product Assurance (PA) R&D Road mapping Activities ESA/ESTEC TEC-QQS.
Identify steps for understanding and solving the
What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.
Systems Design Approaches The Waterfall vs. Iterative Methodologies.
United States Department of Agriculture Food Safety and Inspection Service 1 National Advisory Committee on Meat and Poultry Inspection August 8-9, 2007.
Software Engineering Principles Principles form the basis of methods, techniques, methodologies and tools Principles form the basis of methods, techniques,
Eighth Hour Lecture 7:30 – 8:20 pm, Thursday, September 13 Workflows of the Process (from Chapter 8 of Royce’ book)
Architectural Design lecture 10. Topics covered Architectural design decisions System organisation Control styles Reference architectures.
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
Chapter 10 Analysis and Design Discipline. 2 Purpose The purpose is to translate the requirements into a specification that describes how to implement.
Intrusion Tolerant Software Architectures Bruno Dutertre, Valentin Crettaz, Victoria Stavridou System Design Laboratory, SRI International
Fifth Lecture Hour 9:30 – 10:20 am, September 9, 2001 Framework for a Software Management Process – Life Cycle Phases (Part II, Chapter 5 of Royce’ book)
L6-S1 UML Overview 2003 SJSU -- CmpE Advanced Object-Oriented Analysis & Design Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I College.
An Adaptive Intrusion-Tolerant Architecture Alfonso Valdes, Tomas Uribe, Magnus Almgren, Steven Cheung, Yves Deswarte, Bruno Dutertre, Josh Levy, Hassen.
1 What is OO Design? OO Design is a process of invention, where developers create the abstractions necessary to meet the system’s requirements OO Design.
Chapter 4 프로세스 모델 Process Models
New Advanced Higher Subject Implementation Events Biology: Unit Assessment at Advanced Higher.
Intrusion Tolerant Software Architectures Bruno Dutertre and Hassen Saïdi System Design Laboratory, SRI International OASIS PI Meeting.
IV&V Facility 26SEP071 Validation Workshop Dr. Butch Caffall Director, NASA IV&V Facility 26SEP07.
Software Safety Case Why, what and how… Jon Arvid Børretzen.
Chapter 6 – Architectural Design Lecture 1 1Chapter 6 Architectural design.
Software Prototyping Rapid software development to validate requirements.
PRJ566 Project Planning & Management Software Architecture.
Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory.
1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Software Quality Assurance SOFTWARE DEFECT. Defect Repair Defect Repair is a process of repairing the defective part or replacing it, as needed. For example,
Smart Home Technologies
Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.
Version 02U-1 Computer Security: Art and Science1 Correctness by Construction: Developing a Commercial Secure System by Anthony Hall Roderick Chapman.
1 Advanced Software Architecture Muhammad Bilal Bashir PhD Scholar (Computer Science) Mohammad Ali Jinnah University.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Software Engineering Process - II 7.1 Unit 7: Quality Management Software Engineering Process - II.
1 The XMSF Profile Overlay to the FEDEP Dr. Katherine L. Morse, SAIC Mr. Robert Lutz, JHU APL
Intrusion Tolerant Architectures
The Development Process of Web Applications
Presentation transcript:

Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory SRI International OASIS PI Meeting, Santa Rosa, CA August 20, 2002

System Design Laboratory 20 August Outline Objectives Approach Security codesign overview Information assurance case (IAC) –Motivation –Building an IAC –IAC structure –An IAC for Dependable Intrusion Tolerance (DIT) Plans

System Design Laboratory 20 August Project Overview Objective: Advance both the science and the practice of the development of secure systems Motivation –Security is difficult to get right (and getting more difficult) –System developers need better tools for Capturing the security requirements Building systems that meet their requirements Making a convincing case that the requirements are met Main goal: Provide a practical process with a strong scientific basis for the development of secure systems –Must be useful to practitioners –Must provide stronger guarantees of information assurance

System Design Laboratory 20 August Approach Security codesign –Influenced by Hardware/software codesign Architecture refinement for dependable systems Development of safety-critical systems –Key idea: complement conventional systems engineering processes with a separate, but coordinated, security engineering effort Derive top-level security requirements from mission goals Elaborate security requirements as the functional design is elaborated Evaluate functional design decisions from a security perspective, providing both proactive and reactive advice Justify design and implementation choices by demonstrating that security requirements are satisfied

System Design Laboratory 20 August Security Codesign Why the decoupling of security engineering from functional elaboration? –Security engineering requires different skills and mindset –Emphasis on how to avoid undesired behavior rather than on how to achieve desired behavior –Similar to motivation for independent testing –Has the advantage that not all system designers need to be security experts (and vice versa)

System Design Laboratory 20 August Security Codesign

System Design Laboratory 20 August Codesign Object Base (COB) A complete record of the codesign process The basis for automated support of security codesign –Analyzers: assist in making design decisions, e.g. Identifying design candidates Detecting inconsistencies Evaluating alternatives –Generators: assist in generating products, e.g. Requirements and design documents Software source code Test cases Documentation IA case

System Design Laboratory 20 August The COB Vision of the COB and associated tools Codesign Object Base Requirements document generation Specification document generation Configuration generation Test suite generation IA case generation Security requirements document Functional requirements document System configuration Information assurance case Test suite and results Specification document...

System Design Laboratory 20 August Information Assurance Case (IAC) Intrusion tolerance focuses on building systems from less trustworthy components that have weaker requirements than the overall system It is therefore important to establish that the overall security requirements are met by showing that the lower-level components are assembled so as to guarantee security as well as correct functionality An IAC –Assembles relevant information into a case that the system meets its security requirements –Addresses various levels of abstraction –Facilitates independent evaluation and scrutiny –Is an evolving document that is updated throughout the system lifecycle

System Design Laboratory 20 August Building an IAC Claims –Requirements documentation Sources of evidence and assumptions –Process Use of secure programming techniques and tools Use of secure languages and operating systems Use of assessment tools and methodologies Use of skilled, security-aware engineers Security codesign –Product Design documentation Formal evaluation of architecture, policies, algorithms, etc. Run-time monitoring Verifying robustness against known attack scenarios Red-team penetration testing Codesign object base Arguments –Structured, sound, and broad to cover various levels of abstraction –Deterministic > Probabilistic > Qualitative –IAC templates for SEAS (Structured Evidence and Argumentation System)

System Design Laboratory 20 August IAC Structure

System Design Laboratory 20 August Structure of an IAC Argument

System Design Laboratory 20 August An IAC Argument in SEAS Stronger Weaker

System Design Laboratory 20 August An IAC for DIT

System Design Laboratory 20 August IAC Structure for DIT Mission Goals and basic approach Abstract architecture Proxy Application servers Communication components Concrete interoperation Network hardware IDS Application OS OS configuration Application software Software configuration policy Run-time compiler Implementation code OS

System Design Laboratory 20 August Plans Use DIT Web server as case study (replacing Genoa) –Simpler architecture –Better defined requirements –Better documented design and evolution Develop an IAC for DIT using the codesign approach –Build a “COB” capturing evolution of DIT requirements, design, and implementation –Develop a SEAS-based argument template –Fill in template from COB elements, producing the IAC

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.