Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Assurance

Published byJanice Woods Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to Assurance"— Presentation transcript:

1 Introduction to Assurance
Computer Security Seminar Introduction to Assurance Sogang University Bum-ho. Baek

2 Agenda What is Assurance and Trust?
Building Secure and Trusted Systems Comparison with Building Security Early or Adding Security Later Conclusion

3 What is Assurance and Trust?
Trust & Assurance Role of Assurance Need for Assurance Types of Assurance

4 Trust & Assurance Trustworthy entity : Trust : (Security) Assurance :
has sufficient credible evidence leading one to believe that the system will meet a set of requirements Trust : is a measure of trustworthiness relying on the evidence (Security) Assurance : is confidence that an entity meets its (security) requirements based on evidence provided by applying assurance techniques

5 Role of Assurance For Making Trusted System Policy Requirements
Are created to meet requirements Requirements Is statements of goals that must be met Vary from high-level, generic issues to low-level, concrete issues

6 Need for Assurance Problem sources
Neumann described nine types of problem sources of computer System This list not only address security, but also safety, reliability, privacy Requirements definitions, omissions, and mistakes System design flaws Hardware implementation flaws, such as wiring and chip flaws Software implementation errors, program bugs, and compiler bugs System use and operation errors and inadvertent mistakes Willful system misuse Hardware, communication, or other equipment malfunction Environmental problems, natural causes, and acts of God Evolution, maintenance, faulty upgrades, and decommissions

7 Need for Assurance (cont’d)
Examples Challenger explosion Sensors removed from booster rockets to meet accelerated launch schedule Deaths from faulty radiation therapy system Hardware safety interlock removed Flaws in software design Bell V22 Osprey crashes Failure to correct for malfunctioning components; two faulty ones could outvote a third Intel 486 chip Bug in trigonometric functions

8 Types of Assurance Policy assurance : Design assurance :
is evidence establishing security requirements in policy is complete, consistent, technically sound Design assurance : is evidence establishing design sufficient to meet requirements of security policy

9 Types of Assurance (cont’d)
Implementation assurance : is evidence establishing implementation consistent with security requirements of security policy Operational assurance : is evidence establishing system sustains the security policy requirements during installation, configuration, and day-to-day operation also called administrative assurance

10 Building Secure and Trusted Systems
Life Cycle Meta Model Conception Manufacture Deployment Fielded Product Life Waterfall Life Cycle Model Other Models

11 Life Cycle Building secure and trusted systems
Depend on standard software engineering Select a appropriate model and process According to size and complexity of project and others

12 Meta Model Conception Manufacture Deployment Fielded Product Life

13 Conception Start with and idea Making decision Proof of concept
pursue Idea or not Proof of concept Is to demonstrate that the idea has merit Question for security What does “secure” mean for this concept? Is it possible for this concept to meet this meaning of security? Is the organization willing to support the additional resources required to make this concept meet this meaning of security?

14 Manufacture Develop detailed plans for each group involved
May depend on use internal product requires no sales Implement the plans to create entity Includes decisions whether to proceed for example due to market needs

15 Deployment Delivery Installation and configuration
Assure that correct masters are delivered to production and protected Distribute to customers, sales organizations Installation and configuration Ensure product works appropriately for specific environment into which it is installed For Security Service people must know appropriate security procedures

16 Fielded Product Life Routine maintenance, patching
Responsibility of engineering in small organizations Responsibility may be in different group than one that manufactures product Customer service, support organizations Retirement or decommission of product

17 Waterfall Life Cycle Model
Process Requirements definition and analysis System and software design Implementation and unit testing Integration and system testing Operation and maintenance

18 Waterfall Life Cycle Model (cont’d)
Real Process

19 Other Models Exploratory programming Prototyping Formal transformation
System assembly from reusable components Extreme programming

20 Comparison with Building Security Early or Adding Security Later
Basic Concept of Security Computer System Examples of RVM Problem of Adding Security Comparison Example

21 Building Security Security should be integrated into the system from the beginning Like Performance Think of security as you do performance Imagine trying to create high performance product from poor performance product Need to redesign fundamental structure, design, style

22 Basic Concept of Security Computer System
Reference monitor Is access control concept of an abstract machine that mediates all accesses to objects by subjects. Reference Validation Mechanism (RVM) Is an implementation of the reference monitor concept. Is tamperproof, complete, simple. Analysis and Testing Provides evidence of assurance.

23 Examples of RVM Security kernel Trusted Computing Base (TCB)
combines hardware and software to implement reference monitor Trusted Computing Base (TCB) Consists of all protection mechanisms within a system responsible for enforcing security policy Includes hardware and software Generalizes notion of security kernel

24 Problem of Adding Security
Key problem analysis and testing is hard and limited Designing in mechanisms allow assurance at all levels Too many features adds complexity, complicates analysis Adding in mechanisms makes assurance hard Gap in abstraction from requirements to design may prevent complete requirements testing May be spread throughout system (analysis hard) Assurance may be limited to test results

25 Comparison Example AT&T‘s Two Products for security
Add mandatory access controls(MAC) to UNIX system SV/MLS Add MAC to UNIX System V Release 3.2 Focus on market-driven requirement quick time to market in response to requirement of customer minimal impact to system Used existing kernel modular structure no implementation of least privilege SVR4.1ES Re-architect UNIX system to support MAC Focus on providing a medium-to-high level of trust Restructured kernel to make it highly modular and incorporated least privilege

26 Comparison Example (Cont’d)
File Attributes (inodes) UNIX inodes have no space for labels SV/MLS Added separate table for MAC labels, DAC permissions Problem 2 accesses needed to check permissions possible inconsistency when permissions changed Corrupted table causes corrupted permissions SVR4.1ES Redefined new inode structure Included MAC labels Only 1 access needed to check permissions

27 Conclusion Assurance is critical for determining trustworthiness of systems Assurance needed at all stages of system life cycle However, assurance techniques cannot guarantee system security Building security in is more effective than adding it later

Download ppt "Introduction to Assurance"

Similar presentations

Operating System Security

Operating System Security
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 المحاضرة الثانية.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 المحاضرة الثانية.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #17-1 Chapter 17: Introduction to Assurance Overview Why assurance? Trust and.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #17-1 Chapter 17: Introduction to Assurance Overview Why assurance? Trust and.
The software process A software process is a set of activities and associated results which lead to the production of a software product. This may involve.

The software process A software process is a set of activities and associated results which lead to the production of a software product. This may involve.
Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
Chapter 2 – Software Processes

Chapter 2 – Software Processes
ITIL: Service Transition

ITIL: Service Transition
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.
6/17/2015 5:35 PM Lecture 11: Assurance James Hook CS 591: Introduction to Computer Security.

6/17/2015 5:35 PM Lecture 11: Assurance James Hook CS 591: Introduction to Computer Security.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
May 25, 2004ECS 235Slide #1 Amplifying Allows temporary increase of privileges Needed for modular programming –Module pushes, pops data onto stack module.

May 25, 2004ECS 235Slide #1 Amplifying Allows temporary increase of privileges Needed for modular programming –Module pushes, pops data onto stack module.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.

©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
Michael Solomon Tugboat Software Managing the Software Development Process.

Michael Solomon Tugboat Software Managing the Software Development Process.
Evolutionary Development and Rapid Prototyping By: Shelone Reid Amanda Smith.

Evolutionary Development and Rapid Prototyping By: Shelone Reid Amanda Smith.
CSI315 Web Applications and Technology Overview of Systems Development (342)

CSI315 Web Applications and Technology Overview of Systems Development (342)

Similar presentations

Ads by Google