Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security by Design Thomas Zalonis Seth Gainey Neil C. Lee Thomas Zalonis Seth Gainey Neil.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security by Design Thomas Zalonis Seth Gainey Neil C. Lee Thomas Zalonis Seth Gainey Neil."— Presentation transcript:

1 Security by Design Thomas Zalonis Seth Gainey Neil C. Lee tgzalonis@gmail.comseth.rylan@gmail.comnclee@edisto.cofc.edu Thomas Zalonis Seth Gainey Neil C. Lee tgzalonis@gmail.comseth.rylan@gmail.comnclee@edisto.cofc.edu

2 Introduction : 1) As more and more aspects of the world become interconnected the range of possible security issues increases. 2) Increases in security issues leads to extra software functionality required to defend against them, which means added complexity and cost. 3) Trade offs between client requested functionality and security issues are made in order to reduce costs. 4) Our goal is to show that, in the long run, an integration of security with all phases of the development process would be more beneficial than treating security as a separate issue. Introduction : 1) As more and more aspects of the world become interconnected the range of possible security issues increases. 2) Increases in security issues leads to extra software functionality required to defend against them, which means added complexity and cost. 3) Trade offs between client requested functionality and security issues are made in order to reduce costs. 4) Our goal is to show that, in the long run, an integration of security with all phases of the development process would be more beneficial than treating security as a separate issue.

3 Overview: 1) Background information: (e.g. What are security requirements? What is their current place in software development?) 2) A more specific explanation of our goal. 3) Present the justifications behind our argument by discussing the benefits of an integrated model. 4) Propose various ways that an integrated model may be achieved through the use of various tools, design strategies and improvements in education. 5) Conclusions and discussions. Overview: 1) Background information: (e.g. What are security requirements? What is their current place in software development?) 2) A more specific explanation of our goal. 3) Present the justifications behind our argument by discussing the benefits of an integrated model. 4) Propose various ways that an integrated model may be achieved through the use of various tools, design strategies and improvements in education. 5) Conclusions and discussions.

4 Background : 1) Security Requirements: “...non-functional constraints on the functional requirements of a system.” (Charles B. Haley et al.) 2) Current state of security requirements: An 'Ad hoc' process, where security issues are typically left out of the early development phases. (e.g. Requirements engineering, design and implementation) Background : 1) Security Requirements: “...non-functional constraints on the functional requirements of a system.” (Charles B. Haley et al.) 2) Current state of security requirements: An 'Ad hoc' process, where security issues are typically left out of the early development phases. (e.g. Requirements engineering, design and implementation)

5 Argument: 1) Security should play an equal role in the requirements engineering process. 2) The merger of security requirements into requirements engineering would then cause security issues to propagate throughout the later development phases. (i.e. Design and implementation) 3) Added cost and complexity issues would be reduced in the long run by accounting for security early on instead of trying to add it later when design and implementation has already finished. Argument: 1) Security should play an equal role in the requirements engineering process. 2) The merger of security requirements into requirements engineering would then cause security issues to propagate throughout the later development phases. (i.e. Design and implementation) 3) Added cost and complexity issues would be reduced in the long run by accounting for security early on instead of trying to add it later when design and implementation has already finished.

6 Justification: Increased reliance on technology It’s a jungle out there Consequences of poor security Justification: Increased reliance on technology It’s a jungle out there Consequences of poor security

7 Ethical Considerations: Privacy vs. Control The Anatomy of a Worm Case Study: Code Red Old Rules and New Technology Ethical Considerations: Privacy vs. Control The Anatomy of a Worm Case Study: Code Red Old Rules and New Technology

8 Mismanaging Risk The Myth of Absolute Security The Balance of Information Security Security and Finance — The Cost of Avoidance Security is not a feature Mismanaging Risk The Myth of Absolute Security The Balance of Information Security Security and Finance — The Cost of Avoidance Security is not a feature

9 Design Strategies and Techniques Model Driven Security (MDS) Aspect-Oriented Programming Software Architecture Model (SAM) Design Strategies and Techniques Model Driven Security (MDS) Aspect-Oriented Programming Software Architecture Model (SAM)

10 Tools Eclipse-based tools Jifclipse SSVChecker UML-based tools UML with Mandatory Access Control UMLsec extension WriteOn Tools Eclipse-based tools Jifclipse SSVChecker UML-based tools UML with Mandatory Access Control UMLsec extension WriteOn

11 Education Integrate system-level issues into all programming courses. Apply patterns at every stage of software development. Use Honeynets as a teaching and research tool. Education Integrate system-level issues into all programming courses. Apply patterns at every stage of software development. Use Honeynets as a teaching and research tool.

12 Conclusion Ignoring security concerns until the maintenance phase leads to greater risks and costly “fixes”. There are tools and resources available to facilitate secure software design. Security should be integrated into all phases of software development. Conclusion Ignoring security concerns until the maintenance phase leads to greater risks and costly “fixes”. There are tools and resources available to facilitate secure software design. Security should be integrated into all phases of software development.

Download ppt "Security by Design Thomas Zalonis Seth Gainey Neil C. Lee Thomas Zalonis Seth Gainey Neil."

Similar presentations

1 Introduction to Software Engineering Rajkumar Buyya Grid Computing and Distributed Systems Lab Dept. of Computer Science and Software Engineering University.

1 Introduction to Software Engineering Rajkumar Buyya Grid Computing and Distributed Systems Lab Dept. of Computer Science and Software Engineering University.
Autonomic Systems Justin Moles, Winter 2006 Enabling autonomic behavior in systems software with hot swapping Paper by: J. Appavoo, et al. Presentation.

Autonomic Systems Justin Moles, Winter 2006 Enabling autonomic behavior in systems software with hot swapping Paper by: J. Appavoo, et al. Presentation.
Object-Oriented Software Development CS 3331 Fall 2009.

Object-Oriented Software Development CS 3331 Fall 2009.
Unit 2. Software Lifecycle

Unit 2. Software Lifecycle
The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:4221 4090

The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:
Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
ISNE101 Dr. Ken Cosh. Recap  We’ve been talking about Software…  Application vs System Software  Programming Languages  Vs Natural Languages  Syntax,

ISNE101 Dr. Ken Cosh. Recap  We’ve been talking about Software…  Application vs System Software  Programming Languages  Vs Natural Languages  Syntax,
© Devon M.Simmonds, 2007 CSC 550 Graduate Course in Software Engineering ______________________ Devon M. Simmonds Computer Science Department University.

© Devon M.Simmonds, 2007 CSC 550 Graduate Course in Software Engineering ______________________ Devon M. Simmonds Computer Science Department University.
Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.

Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.
Chapter 6 SYSTEMS DEVELOPMENT Phases, Tools, and Techniques

Chapter 6 SYSTEMS DEVELOPMENT Phases, Tools, and Techniques
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.

Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
CS351 - Software Engineering (AY2005)1 What is software engineering? Software engineering is an engineering discipline which is concerned with all aspects.

CS351 - Software Engineering (AY2005)1 What is software engineering? Software engineering is an engineering discipline which is concerned with all aspects.
April 13, 2004CS 562 - WPI1 CS 562 Advanced SW Engineering General Dynamics, Needham Tuesdays, 3 – 7 pm Instructor: Diane Kramer.

April 13, 2004CS WPI1 CS 562 Advanced SW Engineering General Dynamics, Needham Tuesdays, 3 – 7 pm Instructor: Diane Kramer.
Integrating ITIL with the Software Development Process Dhiraj Gupta IT Manager Mark Stehlik IT Director.

Integrating ITIL with the Software Development Process Dhiraj Gupta IT Manager Mark Stehlik IT Director.
Data Structures and Programming.  John Edgar2.

Data Structures and Programming.  John Edgar2.
Computer System Lifecycle Chapter 1. Introduction Computer System users, administrators, and designers are all interested in performance evaluation. Whether.

Computer System Lifecycle Chapter 1. Introduction Computer System users, administrators, and designers are all interested in performance evaluation. Whether.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
Software Testing. Introduction Testing is often left to the end of the project which is generally not a good idea. Testing should be conducted throughout.

Software Testing. Introduction Testing is often left to the end of the project which is generally not a good idea. Testing should be conducted throughout.
1 BTEC HNC Systems Support Castle College 2007/8 Systems Analysis Lecture 9 Introduction to Design.

1 BTEC HNC Systems Support Castle College 2007/8 Systems Analysis Lecture 9 Introduction to Design.

Similar presentations

Ads by Google