Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security.

Published byLora Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security."— Presentation transcript:

1 Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security Business and Technology Unit Microsoft Corporation

2 Microsoft’s Security Focus

3 Origin Of Microsoft Security Efforts Through Windows 2000 release Secure Windows Initiative (SWI) Expert resource for consulting and code reviews Through Windows XP release SWI as company wide resource Security training Common tools Team-wide “security days” Introduction of Trustworthy Computing Windows (and other) security pushes Focused reviews of designs, code, penetration resistance

4 Threat modeling Code inspection Penetration testing Unused features off by default Reduce attack surface area Least Privilege Prescriptive guidance Security tools Training and education Community engagement Transparency Clear policy Framework for Better Security Security Development Lifecycle addresses Secure by Design, Secure by Default

5 Engineering Excellence The Security Development Lifecycle (SDL) A PROCESS by which Microsoft develops software, that defines security requirements and milestones MANDATORY for products that are exposed to meaningful security risk EVOLVING and new factors, such as privacy, are being added COMPATIBLE with COTS product development processes EFFECTIVE at addressing security issues; designed to produce DEMONSTRATABLE RESULTS (not all methodologies do this) It has shown itself to be highly effective at reducing vulnerabilities in commercial software In sum, the SDL puts Microsoft on path toward more secure software

6 Traditional Baseline Process

7 Integrating SDL into the development process

8 Requirements Phase Opportunity to consider security at the outset Secure Windows Initiative (SWI) team assigns SWI Buddy Development team identifies security requirements SWI Buddy reviews product plan, makes recommendations, ensures resources allocated by management SWI Buddy assesses security milestones and exit criteria (NOTE: This SWI Buddy will stay with the project through the Final Security Review)

9 Design Design stage Define and document security architecture Identify security critical components (“trusted base”) Identify design techniques (e.g., layering, managed code, least privilege, attack surface minimization) Document attack surface and limit through default settings Create threat models (e.g., identify assets, interfaces, threats, risk) and mitigate threats through countermeasures Identify specialized test tools Define supplemental ship criteria due to unique product issues (e.g., cross-site scripting tests) Confer with SWI Buddy on questions Exit criteria: Design review complete and signed off by development team and SWI Buddy

10 Development Apply coding and testing standards (e.g., safe string handling) Apply fuzz testing tools (structured invalid inputs to network protocol and file parsers) Apply static code analysis tools (to find, e.g., buffer overruns, integer overruns, uninitialized variables) Conduct code reviews

11 Verification Software functionality complete and enters Beta Because code complete, testing both new and legacy code Security Push Security push is not a substitute for security work during development Security push does provide an opportunity to focus on security Code reviews (especially legacy/unchanged code) Penetration and other security testing Review design, architecture, threat models in light of new threats

12 Final Security Review (FSR) “From a security viewpoint, is this software ready to deliver to customers?” Two to six months prior to software completion, depending on the scope of the software. Software must be in a stable state with only minimal non-security changes expected prior to release FSR results: If the FSR finds a pattern of remaining vulnerabilities, the proper response is not just to fix the vulnerabilities found, but to revisit the earlier phases and take pointed actions to address root causes (e.g., improve training, enhance tools)

13 Final Security Review (FSR) What is in the FSR? Completion of a questionnaire by the product team Interview by a security team member assigned to the FSR Review of bugs that were initially identified as security bugs, but on further analysis were determined not to have impact on security, to ensure that the analysis was done correctly Analysis of any newly reported vulnerabilities affecting similar software to check for resiliency Additional penetration testing, possibly by outside contractors to supplement security team

14 Response Phase Microsoft Security Response Center Sustained Engineering Teams Patch Management Post Mortems and feedback to the SDL

15 Education For The SDL New employees do not arrive with ability to develop secure software Microsoft trains staff as a part of New Employee Orientation Microsoft trains staff as part of a security push Microsoft trains developers, testers, program managers, user education staff and architects annually Microsoft funds academic curriculum development through Microsoft Research Microsoft publishes material on writing secure code, threat modeling, and SDL (pending) and offers courses (see http://www.microsoft.com/learning) http://www.microsoft.com/learning

16 Education Resources

17 Source: Microsoft Security Bulletin Search SDL Results: Windows 2003

18 Affecting Office 2003 All Office Bulletins since ship 8/03 12 4 Office Bulletins since Office 2003 shipped (Aug 2003) Bulletins after August 2003: (* affected Office 2003) September: MS03-035, MS03- 036, MS03-037, MS03-038September: MS03-035, MS03- 036, MS03-037, MS03-038September: MS03-035, MS03- 036, MS03-037, MS03-038September: MS03-035, MS03- 036, MS03-037, MS03-038 November: MS03-050November: MS03-050November: MS03-050November: MS03-0502004 October: MS04-033October: MS04-033October: MS04-033October: MS04-033 September: MS04-028* (GDI+ issue) …September: MS04-028* (GDI+ issue) …September: MS04-028September: MS04-028 September: MS04-027* (WordPerfect converter)September: MS04-027* (WordPerfect converter)September: MS04-027September: MS04-027 March: MS04-009March: MS04-009March: MS04-009March: MS04-0092005 February: MS05-005February: MS05-005MS05-005 February: MS05-012*February: MS05-012*MS05-012 (OLE issue) … April: MS05-023*April: MS05-023*MS05-023 (Word buffer overflow) SDL Results: Office 2003

19 SDL Results: SQL Server SQL Server 2000 2002-2005 (YTD)

20 SDL Results: IIS 4.0, 5.0, 5.1, 6.0 IIS 4.0, 5.0, 5.1, 6.0 2002-2005 (YTD)

21 SDL Results: Exchange Exchange 5.0, 5.5, 2000, 2003 2002-2005 (YTD)

22 DiscussionDiscussion

23 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security."

Similar presentations

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Security Development Lifecycle Randy Guthrie Microsoft Developer Evangelist

Security Development Lifecycle Randy Guthrie Microsoft Developer Evangelist
2002-2003 2004 2005-2007 Now Bill Gates writes “Trustworthy Computing” memo early 2002 “Windows security push” for Windows Server 2003 Security push.

Now Bill Gates writes “Trustworthy Computing” memo early 2002 “Windows security push” for Windows Server 2003 Security push.
12 November 2009 Bryan Sullivan Senior Security Program Manager, Microsoft SDL.

12 November 2009 Bryan Sullivan Senior Security Program Manager, Microsoft SDL.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Sixth Hour Lecture 10:30 – 11:20 am, September 9 Framework for a Software Management Process – Artifacts of the Process (Part II, Chapter 6 of Royce’ book)

Sixth Hour Lecture 10:30 – 11:20 am, September 9 Framework for a Software Management Process – Artifacts of the Process (Part II, Chapter 6 of Royce’ book)
Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.

Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.
Getting Ahead: Integrating Development and Response for Improved Security Steven B. Lipner Director of Security Engineering Strategy Security Business.

Getting Ahead: Integrating Development and Response for Improved Security Steven B. Lipner Director of Security Engineering Strategy Security Business.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
MICROSOFT PLATFORM  Microsoft is a platform company is committed to providing a rich ecosystem for building and managing connected systems.  Microsoft.

MICROSOFT PLATFORM  Microsoft is a platform company is committed to providing a rich ecosystem for building and managing connected systems.  Microsoft.
1 Security Engineering for Software Dimitry Averin CS996 – Information Security Management March 30, 2005.

1 Security Engineering for Software Dimitry Averin CS996 – Information Security Management March 30, 2005.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Iterative development and The Unified process

Iterative development and The Unified process
Software Configuration Management

Software Configuration Management
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Similar presentations

Ads by Google