1 / 63

Software Security and Security Engineering (Part 1)

Software Security and Security Engineering (Part 1). Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003 Chapter 1 Ian Somerville, Software Engineering, Chapter 12, 14

simeon
Download Presentation

Software Security and Security Engineering (Part 1)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003 Chapter 1 Ian Somerville, Software Engineering, Chapter 12, 14 Fundamental of Information Systems Security, Kim and Solomon, Jones and Bartlett, 2012, Chapter 1 and 8

  2. Security: A Persistent Problem • Why? • Financial motivation • Religious/political motivation • Personal grudge • Boredom .. • How? • Physical access • Exploit lack of awareness and training • Exploit weak security policies and procedures • Exploit vulnerabilities in applications and security mechanisms • Victim? • Financial institutions • Education institutions • Government agencies • E-commerce web sites • ANYONE

  3. Cost of Security Incidents in USA • Average cost to company for security breach: $5.5 million • 2011 Cost of Data Breach Study, Ponemon Institute • Dollar loss reported for Internet crime • Latest Internet Crime (IC3) Annual Report (2012)

  4. Source of Security Incidents Global State of Information Security Survey 2013 http://www.pwc.com/gx/en/consulting-services/information-security-survey/giss.jhtml

  5. Impact of Security Incidents Global State of Information Security Survey 2013 http://www.pwc.com/gx/en/consulting-services/information-security-survey/giss.jhtml

  6. We are @top of the game … Symantec Intelligence Report January 2013

  7. ….. Symantec Intelligence Report January 2013

  8. ….. Symantec Intelligence Report February 2013

  9. ….. Symantec Intelligence Report January 2013

  10. Malicious Activity by Source, Overall Ranking 2011-2012 Symantec 2013 Internet Security Threat Report

  11. Who is Targeting Whom Symantec 2010 Annual Security Report

  12. Problem with Security • Most do not understand/know about it • Those who do understand, underestimates it • Those who understands and don’t underestimate, address it insufficiently

  13. Attention Factors • Increased attack frequency • More attacks and attackers, more motivations for attacks, more availability of attack tools • Increased awareness • More activities and coverage in media • Presidents’ Executive Order on CyberSecurity • Cyber Security Act of 2012 controversy • Cyber-warfare/cyber-espionage • More Laws • The Personal Data Protection and Breach Accountability Act of 2011 • The Personal Data Privacy and Security Act of 2011 • Data Security and Breach Notification Act of 2012 • CyberSecurity and American Cyber Competitiveness Act (2013) • Cyber Intelligence Sharing and Protection Act (2013)

  14. What’s Trending in Security • Cyber-crime as a service • Cyber-warfare • Targeted attacks • Attacks/defenses in • Cross platform • Mobile platform • Web technologies/platforms • Cloud computing/Virtual environment • Big data • Critical Infrastructure http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2013.pdf http://www.websense.com/content/websense-2013-security-predictions.html http://www.crn.com/slide-shows/security/240145572/10-security-predictions-for-2013.htm

  15. Security Prioritized http://www.comptia.org/Libraries/Members_Research/Report_-_CompTIA_Security_study_-_Section_1.sflb.ashx

  16. Boost in Security Expenditures • Homeland Security • $756 Million in 2013 • $786 Million for 2014 • US Cyber Command • $3.2 Billion in 2012 • $3.4 Billion in 2013 • Private Sector • $35.1 Billion in 2011 • $49.1 Billion by 2015 http://appropriations.house.gov/news/documentsingle.aspx?DocumentID=333903 http://www.comptia.org/Libraries/Members_Research/Report_-_CompTIA_Security_study_-_Section_1.sflb.ashx

  17. NSF Spending in Security http://www.nsf.gov/about/budget/fy2014/pdf/EntireDocument_fy2014.pdf

  18. Security Employment - Current • Demand for cyber security professionals grew • 73% during the five years from 2007 to 2012 • 3.5 times the pace of the overall IT job market • 12 times the overall job market • Bureau of Labor Statistics May 2012 Report • 72,670 Information Security Analysts • $89,290 Mean Annual Salary http://blogs.wsj.com/cio/2013/03/04/demand-for-cyber-security-jobs-is-soaring/ http://www.bls.gov/oes/current/oes_nat.htm#15-0000 http://data.bls.gov/oep/noeted

  19. Security Job Market http://www.payscale.com/research/US/Skill=IT_Security_%26_Infrastructure/Salary

  20. Security Employment - Future • Defense Department’s Cyber Command to recruit 4900 in next few years (now at 900) • Bureau of Labor Statistics 2010 – 20 Projected Growth http://articles.washingtonpost.com/2013-01-27/world/36583575_1_cyber-protection-forces-cyber-command-cybersecurity

  21. Security Fundamentals • Information assurance and security • Offensive and defensive goals • Threats and attacks • CIA model • Defense in Depth • Security policy/controls

  22. Information Assurance (IA) & Security • IA is the perception that systems are operating as expected in a protected environment. • Security is measures and controls to achieve IA.

  23. Two Sides in Security • Offensive Side • Defensive Side

  24. Risk Offensive Goal CAUSE USE Threats & Attacks Vulnerabilities Harm/Loss

  25. Terms • Threat • Potential to inflict harm to an asset or cause security violations • Attack • Infliction of harm to an asset or causing security violations • Vulnerability • A weakness in security procedures or system design, implementation, or operation that can be used to cause security policy violation • Risk • Potential loss or harm or security violation • Likelihood that a particular threat can exploit a particular vulnerability or a set of vulnerabilities to violate security policy

  26. General Classes of Threats • Disclosure • Deception • Disruption • Usurpation

  27. Specific Types of Attacks • Snooping/Sniffing • Spoofing • Modification • Repudiation of Origin • Delay • Denial of Receipt • Denial of Service

  28. Defensive Goal Security Perimeter Confidentiality Integrity Loss Security Controls Availability

  29. CIA Model of IA • Confidentiality • Keeping data and resources hidden • Integrity (Data and Origin) • Keeping data (and data sources) and resources uncorrupted • Availability • Keeping data and resources usable • Accountability (a.k.a. Non-Repudiation) • Holding one accountable for action

  30. Offensive & Defensive Goal • Confidentiality • Origin Integrity • Data Integrity • Origin Integrity, Accountability • Accountability • Availability • Availability • Confidentiality • Integrity (Data and origin) • Availability • Accountability • Snooping/Sniffing • Spoofing • Modification • Repudiation of Origin • Denial of Receipt • Delay • Denial of Service

  31. Cyber Good, bad and ugly http://www.securitymanagement.com/archive/library/RBC_security0102.pdf

  32. Ethics Ten Commandments of Computer Ethics • Thou shalt not use a computer to harm other people. • Thou shalt not interfere with other people's computer work. • Thou shalt not snoop around in other people's computer files. • Thou shalt not use a computer to steal. • Thou shalt not use a computer to false witness. • Thou shalt not copy or use proprietary software for which you have not paid. • Thou shalt not use other people's computer resources without authorization or proper compensation. • Thou shalt not appropriate other people's intellectual output. • Thou shalt think about the social consequences of the program you are writing or the system you are designing. • Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans. http://computerethicsinstitute.org/ http://www.secureworks.com/resources/articles/other_articles/ethics/ http://turing.cs.camosun.bc.ca/COMP112/notes/classnotes/TenCommandments.pdf

  33. Goals of Security: Defense in Depth • Prevent • Securing an environment to avoid penetration • Deter • Applying protection mechanisms to hurdle intruder efforts and thus causing delays in achieving a malicious goal • Detect • Ensuring visibility of suspicious activities • Response • Reacting to security incidents by notification, eradication, interdiction, prosecution • Continuing to survive to some extent • Recover • Assessing and repairing damage • Improving

  34. End to End Security • Hardware • Software • Data • In processing • In transit • In storage • People

  35. Security Policy • An organizational security policy applies to all systems and its users and sets out what should and should not be allowed. • Types • Military • Readers may not access documents above his/her privilege level • Commercial • A customer may not change price of the product. • A security policy helps identify system security requirements with risk management processes in place.

  36. Enforcing Policy • Explicit Policy • X cannot view Y’s notes • Y have to protect notes • If anything happens, both X and Y can be held accountable • Explicit Policy • X cannot view Y’s notes • Implicit Policy • Y have to protect notes • If anything happens, only X can be hold accountable

  37. Policy, Model & Mechanism • Security Policy • Statement of what is allowed and how • The system is only available to use by employees. • Security Model • Representation of policy • Formal/mathematical models • Security Mechanism • Methods and tools to ensure policy by implementing model • Password based login system

  38. Trust • Trust and assumption play crucial role in policy, especially, integrity policy • As trust is hard to quantify, policies are hard to evaluate completely • Attackers look for assumptions and trusted users to find possible weak points in implementation of policy

  39. Role of Trust • Higher level assumption example • Administrator installs patch • Trusts patch came from vendor, not tampered with in transit • Trusts vendor tested patch thoroughly • Trusts vendor’s test environment corresponds to local environment • Trusts patch is installed correctly

  40. Role of Trust cont. • Lower level assumption example • A security-related program S is formally verified to work with operating system O • Proof has no errors • Bugs in automated theorem provers • Preconditions hold in environment in which S is to be used • S transformed into executable S whose actions follow source code • Compiler bugs, linker/loader/library problems • Hardware executes S as intended • Hardware bugs

  41. Trusted System A Characteristic Degrees of Trustworthiness Judged based on evidence/analysis “Secure” vs. “Trusted” • Secure System • A Goal • Either … or • Asserted based on features

  42. Note • “Perfectly” secure system does not exist. • Security is difficult • Security is not inherent. • Security is not universal. • Security is not static. • Security is not an absolute. • Security is a compromise between usability, cost and peace of mind.

  43. Security engineering • Tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer-based system or its data.

  44. Qu es ti ons? The End ______________________ Devon M. Simmonds Computer Science Department University of North Carolina Wilmington ____________________________________________ _________________

  45. Risk Management • Risk assessment • Risk mitigation/control • Risk evaluation/assurance

  46. Phased Risk Assessment Types • Preliminary • Life cycle • Operational

  47. Preliminary Risk Assessment • Identifies risks from analyzing environment prior to development • Independent of technology • Aim is to develop an initial set of security requirements • Steps: • Identify Risk • Inventory of assets • Determine value of asset • Estimate percentage of asset that will be lost per incident (exposure) • Identify threats and vulnerabilities • Evaluate Risk

  48. Asset analysis in a preliminary risk assessment report for the MHC-PMS

  49. Threat Identification with Misuse cases • Identify the most probable threats to the system assets • Misuse cases are instances of threats to a system • Models malicious user actions to figure out strategies to prevent the actions. • Relationship with use case • Misuse case threatens use case • Use case mitigates misuse case

  50. Threat Identification with Misuse cases Sindre G, Opdahl AL (2001) Templates for misuse case description. In: Proceedings of the 7th international workshop on requirements engineering: foundation for software quality (REFSQ’01), Interlaken, Switzerland

More Related