Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Published byAmos Cross Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher."— Presentation transcript:

1 Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

2 Lecture 13 Page 2 CS 236 Online Outline Introduction Principles for secure software Choosing technologies Major problem areas Evaluating program security

3 Lecture 13 Page 3 CS 236 Online Introduction How do you write secure software? Basically, define security goals And use techniques that are likely to achieve them Ideally, part of the whole process of software development –Not just some tricks programmers use

4 Lecture 13 Page 4 CS 236 Online Designing for Security Often developers design for functionality –“We’ll add security later” Security retrofits have a terrible reputation –Insecure designs offer too many attack opportunities Designing security from the beginning works better

5 Lecture 13 Page 5 CS 236 Online For Example, Windows 95 and its descendants Not designed with security in mind Security professionals assume any networked Windows 95 machine can be hacked –Despite later security retrofits

6 Lecture 13 Page 6 CS 236 Online Defining Security Goals Think about which security properties are relevant to your software –Does it need limited access? –Privacy issues? –Is availability important? And the way it interacts with your environment –Even if it doesn’t care about security, what about the system it runs on?

7 Lecture 13 Page 7 CS 236 Online Security and Other Goals Security is never the only goal of a piece of software Usually not the primary goal Generally, secure software that doesn’t meet its other goals is a failure Consider the degree of security required as an issue of risk

8 Lecture 13 Page 8 CS 236 Online Managing Software Security Risk How much risk can this software tolerate? What compromises can you make to minimize that risk? –Often other goals conflict with security –E.g., should my program be more usable or require strong authentication? Considering tradeoffs in terms of risks can clarify what you need to do

9 Lecture 13 Page 9 CS 236 Online Risk Management and Software Development Should consider security risk as part of your software development model E.g., in spiral model, add security risk analysis phase to the area of spiral where you evaluate alternatives Considering security and risks early can avoid pitfalls later Returning to risk when refining is necessary

10 Lecture 13 Page 10 CS 236 Online Incorporating Security Into Spiral Model of SW Development Include security in the risks you consider At all passes through the spiral

11 Lecture 13 Page 11 CS 236 Online But How Do I Determine Risk? When you’re just thinking about a big new program, how can you know about its risks? Well, do the best you can –Apply your knowledge and experience –Really think about the issues and problems –Use a few principles and tools we’ll discuss That puts you ahead of 95% of all developers You can’t possibly get it all right, but any attention to risk is better than none

12 Lecture 13 Page 12 CS 236 Online Design and Security Experts Someone on a software development team should understand security –The more they understand it, the better –Ideally, someone on team should have explicit security responsibility Experts should be involved in all phases –Starting from design

Download ppt "Lecture 13 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher."

Similar presentations

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 4 Slide 1 Software Processes.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 4 Slide 1 Software Processes.
Lecture 12 Page 1 CS 111 Online Devices and Device Drivers CS 111 On-Line MS Program Operating Systems Peter Reiher.

Lecture 12 Page 1 CS 111 Online Devices and Device Drivers CS 111 On-Line MS Program Operating Systems Peter Reiher.
Evaluating a Software Architecture By Desalegn Bekele.

Evaluating a Software Architecture By Desalegn Bekele.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
CSCD 555 Research Methods for Computer Science

CSCD 555 Research Methods for Computer Science
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 10 Page 1 CS 236 Online Prolog to Lecture 10 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 10 Page 1 CS 236 Online Prolog to Lecture 10 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Eng. Mohammed Timraz Electronics & Communication Engineer University of Palestine Faculty of Engineering and Urban planning Software Engineering Department.

Eng. Mohammed Timraz Electronics & Communication Engineer University of Palestine Faculty of Engineering and Urban planning Software Engineering Department.
Lecture 13 Page 1 CS 136, Fall 2014 Secure Programming Computer Security Peter Reiher December 2, 2014.

Lecture 13 Page 1 CS 136, Fall 2014 Secure Programming Computer Security Peter Reiher December 2, 2014.
Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.

Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Lecture 1 Page 1 CS 188, Winter 2011 Introduction CS 188 Secure Design for Embedded Systems Peter Reiher January 3, 2011.

Lecture 1 Page 1 CS 188, Winter 2011 Introduction CS 188 Secure Design for Embedded Systems Peter Reiher January 3, 2011.
Software Project Management Lecture 11. Outline Brain Storming session  Some simple discussion on questions and their answers  Case studies related.

Software Project Management Lecture 11. Outline Brain Storming session  Some simple discussion on questions and their answers  Case studies related.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Social Media Roundup Bad social media: 7 Ways to lose your audience.

Social Media Roundup Bad social media: 7 Ways to lose your audience.
INTRO TO USABILITY Lecture 12. What is Usability?  Usability addresses the relationship between tools and their users. In order for a tool to be effective,

INTRO TO USABILITY Lecture 12. What is Usability?  Usability addresses the relationship between tools and their users. In order for a tool to be effective,

Similar presentations

Ads by Google