Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Analysis in Software Design Author: Verdon, D. and McGraw, G. Presenter: Chris Hundersmarck.

Published byHugh Fleming Modified over 9 years ago

Similar presentations

Presentation on theme: "Risk Analysis in Software Design Author: Verdon, D. and McGraw, G. Presenter: Chris Hundersmarck."— Presentation transcript:

1 Risk Analysis in Software Design Author: Verdon, D. and McGraw, G. Presenter: Chris Hundersmarck

2 1.What is risk analysis and why do it? 2.Modern Risk analysis methodologies and themes, and an example 3.Risk Analysis Limitations and how to overcome them. 4.A practical Solution to the problems inherent in Risk Analysis

3 The “Black Art”  Part fortune telling, part mathematics.  A business-level decision-support tool A way of gathering the requisite data to make a good judgment call based on knowledge about:  Vulnerabilities  Threats  Impacts  Probability

4 What’s the big deal?  Roughly 50% of security problems are the result of design flaws.

5 Risk-analysis methodologies  Commercial Microsoft’s STRIDE Sun’s ACSM/SAR Insight’s CRAMM Cigital’s SQM  Standards Based National Institute of Standards and Technology’s ASSET Software Engineering Institute’s OCTAVE

6 Knowledge Requirement  Design level analysis is knowledge intensive Microsoft’s STRIDE  Threat categories Cigital’s SQM  Attack patterns and exploit graphs  Design principles  Knowledge of frameworks and software components.

7 An example of how to calculate a “value” for risk.  Express risk as a financial loss  ALE = SLE x ARO SLE: single loss expectancy ARO: annualized rate of occurrence.  Example

8 Common Themes (which run through risk-analysis processes)  Continuous Process  Best not to be performed solely by design team.  Knowledge and Experience

9 Basic steps of a prototypical analysis  Learn as much as possible about the analysis target.  Discuss security issues.  Determine the probability of compromise  Perform impact analysis  Rank risks  Develop a mitigation strategy  Report findings

10 Limitations  Difficult to apply to modern software design  Do traditional risk-analysis techniques provide an easy guide of all potential vulnerabilities and threats?  Many applications today rely on protection at the transport layer only.

11 Overcoming limitations  A Large Knowledge Base and Experience is invaluable.  Start looking at software risk analysis on multiple levels: Component-by-component Tier-by-tier Environment-by-environment

12 A Practical Solution  Building up a consistent view of the target system at a high level. Appropriate level: whiteboard view of boxes and arrows. Code-level description of software is NOT sufficient for spotting design problems. See the forest, don’t get lost in the trees.

13  We use high level design to consider: Each tier’s environment Component Vulnerabilities Business impact Probabilities Countermeasures High level design

14

15 Conclusions  Decomposition – a natural way to partition a system.  However, Composition is the tricky part.  Evolution

16 Reference  Denis Verdon and Gary McGraw, Risk Analysis in Software Design, IEEE Vol. 2 Issue 4, Jul-Aug 2004, pg. 79- 84.

17 ?’s/Comments

Download ppt "Risk Analysis in Software Design Author: Verdon, D. and McGraw, G. Presenter: Chris Hundersmarck."

Similar presentations

Security+ All-In-One Edition Chapter 17 – Risk Management

Security+ All-In-One Edition Chapter 17 – Risk Management
Elements for Integrating Early Warning into Disaster Preparedness and Management Policies A Contribution of the EWC-II Advisory Group to the High level.

Elements for Integrating Early Warning into Disaster Preparedness and Management Policies A Contribution of the EWC-II Advisory Group to the High level.
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Risk Analysis James Walden Northern Kentucky University.

Risk Analysis James Walden Northern Kentucky University.
Bridging the gap between software developers and auditors.

Bridging the gap between software developers and auditors.
Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: Big data security evaluation UNIFI-CNR Nicola Nostro, Andrea.

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.
Session 3: Security Risk Management Eduardo Rivadeneira IT Pro Microsoft Mexico.

Session 3: Security Risk Management Eduardo Rivadeneira IT Pro Microsoft Mexico.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 A Preamble into Aligning Systems Engineering and Information Security Risk Dr. Craig.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 A Preamble into Aligning Systems Engineering and Information Security Risk Dr. Craig.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
Lecture 8: Risk Management Controlling Risk

Lecture 8: Risk Management Controlling Risk
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Risk Management.

Risk Management.
Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015.

Formality, Agility, Security, and Evolution in Software Development Cody Ronning 2/16/2015.

Similar presentations

Ads by Google