Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software component evaluation A developer’s perspective Sony Corporation’s presentation for the 6 th International Common Criteria Conference.

Published byBridget Riley Modified over 9 years ago

Similar presentations

Presentation on theme: "Software component evaluation A developer’s perspective Sony Corporation’s presentation for the 6 th International Common Criteria Conference."— Presentation transcript:

1 Software component evaluation A developer’s perspective Sony Corporation’s presentation for the 6 th International Common Criteria Conference

2 6th ICCC PresentationCopyright © 2005 Sony Corporation2 Contents The discussion of the modularity of systems versus the modularity of software The discussion of the modularity of systems versus the modularity of software The discussion of disparity between the hardware and software evaluations The discussion of disparity between the hardware and software evaluations The discussion of the complexity of software and components The discussion of the complexity of software and components A preview of what is coming A preview of what is coming

3 6th ICCC PresentationCopyright © 2005 Sony Corporation3 System security Current approach is to evaluate “finished products” Current approach is to evaluate “finished products” Those products are later used as components to build secure systems Those products are later used as components to build secure systems Security of the system depends more on the overall security policies and system design than on the product security Security of the system depends more on the overall security policies and system design than on the product security Products specify how they should be used to remain secure even inside a system Products specify how they should be used to remain secure even inside a system Most of the time, systems are not externally evaluated Most of the time, systems are not externally evaluated

4 6th ICCC PresentationCopyright © 2005 Sony Corporation4 Product security Products are seen as almost completely independent units Products are seen as almost completely independent units Products are rigorously evaluated for their security Products are rigorously evaluated for their security Product is seen as a big lump of matter, thus contradicting the design principles of the product Product is seen as a big lump of matter, thus contradicting the design principles of the product The consequence is that the effort is wasted on reinventing the wheel The consequence is that the effort is wasted on reinventing the wheel Product security should be looked at from the point of view of a system and components that go into this system Product security should be looked at from the point of view of a system and components that go into this system

5 6th ICCC PresentationCopyright © 2005 Sony Corporation5 Component security Products consist of components Products consist of components At the system level, we can evaluate individual components, known as “products”, independently At the system level, we can evaluate individual components, known as “products”, independently At the product level, we may not evaluate individual components? At the product level, we may not evaluate individual components? There is an obvious disparity between the approaches to the security at different levels There is an obvious disparity between the approaches to the security at different levels This disparity is greatest when we look at the software evaluations This disparity is greatest when we look at the software evaluations

6 6th ICCC PresentationCopyright © 2005 Sony Corporation6 The spectrum of security System security Component security Product security

7 6th ICCC PresentationCopyright © 2005 Sony Corporation7 Overall security The components of a product must be evaluated the way we evaluate the products The components of a product must be evaluated the way we evaluate the products The context of a product provides the environment for the component just as the system provides the context for the product The context of a product provides the environment for the component just as the system provides the context for the product The approach must be systematically consistent from evaluating software and hardware components all the way to building the systems The approach must be systematically consistent from evaluating software and hardware components all the way to building the systems

8 6th ICCC PresentationCopyright © 2005 Sony Corporation8 Current state Lots of experience in evaluating hardware and hardware-based products Lots of experience in evaluating hardware and hardware-based products Even complex composite products are evaluated without much trouble Even complex composite products are evaluated without much trouble Evaluation of software components is far behind Evaluation of software components is far behind Lagging of software component evaluations drags down the natural process of product composition from certified components Lagging of software component evaluations drags down the natural process of product composition from certified components

9 6th ICCC PresentationCopyright © 2005 Sony Corporation9 What is so peculiar about software? Much higher complexity Much higher complexity Much easier to develop using logically separated components Much easier to develop using logically separated components Quick development of the functionality but long time to get the details right Quick development of the functionality but long time to get the details right Infinite stability Infinite stability

10 6th ICCC PresentationCopyright © 2005 Sony Corporation10 Complexity Software is much easier to develop compared to hardware Software is much easier to develop compared to hardware Therefore we make very complex things in software Therefore we make very complex things in software The way we deal with the increasing complexity is to split the software into components The way we deal with the increasing complexity is to split the software into components Components, in turn, get increasingly complex Components, in turn, get increasingly complex

11 6th ICCC PresentationCopyright © 2005 Sony Corporation11 Development cycle There are different models for managing the complexity of development There are different models for managing the complexity of development In the end, there are always two phases: In the end, there are always two phases: –Development of the functionality –Getting the functionality exactly right The second stage may take longer The second stage may take longer A fully understood, tested and verified software can be easily reused A fully understood, tested and verified software can be easily reused

12 6th ICCC PresentationCopyright © 2005 Sony Corporation12 Software stability As opposed to the hardware, the software is not subject to wear and tear As opposed to the hardware, the software is not subject to wear and tear Software does not need the maintenance or protection required for the hardware Software does not need the maintenance or protection required for the hardware Software will keep performing the required function indefinitely Software will keep performing the required function indefinitely

13 6th ICCC PresentationCopyright © 2005 Sony Corporation13 Software vs. hardware: implementation Hardware is built from real-world matter while software is built of ideal mathematical objects with behaviour defined precisely with abstract rules Hardware is built from real-world matter while software is built of ideal mathematical objects with behaviour defined precisely with abstract rules Hardware can fail, software cannot Hardware can fail, software cannot Hardware can have dependencies that would be absurd for the software Hardware can have dependencies that would be absurd for the software The dependencies in the software are much easier to identify and analyze. The dependencies in the software are much easier to identify and analyze.

14 6th ICCC PresentationCopyright © 2005 Sony Corporation14 What is the point? Software, once written, stays functional forever Software, once written, stays functional forever Software can be evaluated once and for all Software can be evaluated once and for all The total sum of software in a product is usually split into building blocks – components The total sum of software in a product is usually split into building blocks – components A product may be created by using infinitely stable, evaluated components A product may be created by using infinitely stable, evaluated components

15 6th ICCC PresentationCopyright © 2005 Sony Corporation15 More interestingly Hardware does not know how it will be used, software knows exactly what it needs to do and how it will use the hardware. Hardware does not know how it will be used, software knows exactly what it needs to do and how it will use the hardware. Hardware is operated according to the plan that is the software. Hardware is operated according to the plan that is the software.

16 6th ICCC PresentationCopyright © 2005 Sony Corporation16 Software summary Software is the master plan of function Software is the master plan of function High level of complexity High level of complexity Precisely defined behaviour Precisely defined behaviour Infinite stability Infinite stability No possibility of failure No possibility of failure Dependencies are easy to define Dependencies are easy to define

17 6th ICCC PresentationCopyright © 2005 Sony Corporation17 What all this leads to? The software should be the basis of the evaluation The software should be the basis of the evaluation We are used to evaluating the hardware first and then seeing how it is used by the software We are used to evaluating the hardware first and then seeing how it is used by the software We should do the other way around We should do the other way around

18 6th ICCC PresentationCopyright © 2005 Sony Corporation18 Compare with the evaluation flow In a CC evaluation, we start from ST to see what has to be done and we proceed downwards to see how it is supported In a CC evaluation, we start from ST to see what has to be done and we proceed downwards to see how it is supported The current state is like starting from the code to see what it can do and proceeding upwards to check that ST does not break the security of the code The current state is like starting from the code to see what it can do and proceeding upwards to check that ST does not break the security of the code Let’s start from the logical beginning – the software that rules the functionality! Let’s start from the logical beginning – the software that rules the functionality!

19 6th ICCC PresentationCopyright © 2005 Sony Corporation19 Certified components The purpose is to make components self-contained The purpose is to make components self-contained The functionality of a component is not affected by the functionality of other components The functionality of a component is not affected by the functionality of other components A component can be fully tested and relied on to keep the set functionality A component can be fully tested and relied on to keep the set functionality Certified components become the basis for building secure systems Certified components become the basis for building secure systems

20 6th ICCC PresentationCopyright © 2005 Sony Corporation20 What is in it for us? Assembly from certified components: lower cost Assembly from certified components: lower cost Independent component support: lower effort Independent component support: lower effort Clear “separation of duty”: higher security Clear “separation of duty”: higher security

21 6th ICCC PresentationCopyright © 2005 Sony Corporation21 What is the problem then? Software requires some hardware to be able to run for testing. Software requires some hardware to be able to run for testing. Hardware introduces dependencies. Hardware introduces dependencies. Software is much more complex and big, it takes a lot of time to analyze, especially when it has many dependencies. Software is much more complex and big, it takes a lot of time to analyze, especially when it has many dependencies.

22 6th ICCC PresentationCopyright © 2005 Sony Corporation22 And what is the solution? The solution is to use the component evaluation. The solution is to use the component evaluation. The solution is two-fold: The solution is two-fold: –Make sure the components are self-contained for the most part and contain a clearly defined and stable functionality –Make sure the component describes clearly what it will expect from the environment and how that environment will be used.

23 6th ICCC PresentationCopyright © 2005 Sony Corporation23 What do we need? An agreed way to provide the description of the software and hardware dependencies An agreed way to provide the description of the software and hardware dependencies –Policies –Security Functional Requirements –Developer documentation –… ? An agreed evaluation methodology An agreed evaluation methodology A product to test all of these on A product to test all of these on

24 6th ICCC PresentationCopyright © 2005 Sony Corporation24 What will we do then? We started a project for software component evaluation that will allow us to test the methodology and gain some experience We started a project for software component evaluation that will allow us to test the methodology and gain some experience The product is a smart card with a bit complicated structure of software The product is a smart card with a bit complicated structure of software The purpose is to certify the software components separately and then reassemble the product from those certified components The purpose is to certify the software components separately and then reassemble the product from those certified components

25 6th ICCC PresentationCopyright © 2005 Sony Corporation25 Who is at the forefront? Certification body: CESG of UK Certification body: CESG of UK Evaluation labs: LogicaCMG and SiVenture Evaluation labs: LogicaCMG and SiVenture Developer: Sony Corporation Developer: Sony Corporation The “guinea pig” product: Sony FeliCa smart card The “guinea pig” product: Sony FeliCa smart card

26 Thank you! Albert Dorofeev General Manager Sony Secure Communications Europe albert.dorofeev@eu.sony.com

Download ppt "Software component evaluation A developer’s perspective Sony Corporation’s presentation for the 6 th International Common Criteria Conference."

Similar presentations

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.

MicroKernel Pattern Presented by Sahibzada Sami ud din Kashif Khurshid.
SOFTWARE DEVELOPMENT METHODOLOGIES 2013.04.30. Methodologies Waterfall Prototype model Incremental Iterative V-Model Spiral Scrum Cleanroom RAD DSDM RUP.

SOFTWARE DEVELOPMENT METHODOLOGIES Methodologies Waterfall Prototype model Incremental Iterative V-Model Spiral Scrum Cleanroom RAD DSDM RUP.
MIS 2000 Class 20 System Development Process Updated 2014.

MIS 2000 Class 20 System Development Process Updated 2014.
Chapter 2 – Software Processes

Chapter 2 – Software Processes
CS 411W - Notes Product Development Documentation.

CS 411W - Notes Product Development Documentation.
Policies vs Threats by Albert Dorofeev, Sony Corporation 10 th International Common Criteria Conference, 2009.

Policies vs Threats by Albert Dorofeev, Sony Corporation 10 th International Common Criteria Conference, 2009.
Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.

Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.
Chapter 10 – Digital System Projects Using HDL Copyright © 2011, 2007, 2004, 2001, 1998 by Pearson Education, Inc. Upper Saddle River, New Jersey 07458.

Chapter 10 – Digital System Projects Using HDL Copyright © 2011, 2007, 2004, 2001, 1998 by Pearson Education, Inc. Upper Saddle River, New Jersey
Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.

Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.
© Janice Regan, CMPT 102, Sept. 2006 0 CMPT 102 Introduction to Scientific Computer Programming The software development method algorithms.

© Janice Regan, CMPT 102, Sept CMPT 102 Introduction to Scientific Computer Programming The software development method algorithms.
Chapter 2 Data Models Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

Chapter 2 Data Models Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
CBSD – Component Based Software Development - Introduction -

CBSD – Component Based Software Development - Introduction -
Algorithms and Problem Solving-1 Algorithms and Problem Solving.

Algorithms and Problem Solving-1 Algorithms and Problem Solving.
The Architecture Design Process

The Architecture Design Process
Algorithms and Problem Solving. Learn about problem solving skills Explore the algorithmic approach for problem solving Learn about algorithm development.

Algorithms and Problem Solving. Learn about problem solving skills Explore the algorithmic approach for problem solving Learn about algorithm development.
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
9 1 Chapter 9 Database Design Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

9 1 Chapter 9 Database Design Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
Design, Implementation and Maintenance

Design, Implementation and Maintenance
Introduction to Computer Technology

Introduction to Computer Technology

Similar presentations

Ads by Google