software security and security engineering (part 1) software engineering sources: introduction to...
TRANSCRIPT
![Page 1: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/1.jpg)
Software Security and Security Engineering (Part 1)
Software Engineering
Sources:Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003
Chapter 1Ian Somerville, Software Engineering, Chapter 12, 14
Fundamental of Information Systems Security, Kim and Solomon, Jones and Bartlett, 2012, Chapter 1 and 8
![Page 2: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/2.jpg)
Security: A Persistent Problem
Why? Financial motivation Religious/political motivation Personal grudge Boredom ..
How? Physical access Exploit lack of awareness and training Exploit weak security policies and procedures Exploit vulnerabilities in applications and security mechanisms
Victim? Financial institutions Education institutions Government agencies E-commerce web sites ANYONE
![Page 3: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/3.jpg)
Cost of Security Incidents in USA Average cost to company for security breach: $5.5 million
2011 Cost of Data Breach Study, Ponemon Institute
Dollar loss reported for Internet crime
Latest Internet Crime (IC3) Annual Report (2012)
![Page 4: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/4.jpg)
Source of Security Incidents
Global State of Information Security Survey 2013http://www.pwc.com/gx/en/consulting-services/information-security-survey/giss.jhtml
![Page 5: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/5.jpg)
Impact of Security Incidents
Global State of Information Security Survey 2013http://www.pwc.com/gx/en/consulting-services/information-security-survey/giss.jhtml
![Page 6: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/6.jpg)
We are @top of the game …
Symantec Intelligence Report January 2013
![Page 7: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/7.jpg)
…..
Symantec Intelligence Report January 2013
![Page 8: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/8.jpg)
…..
Symantec Intelligence Report February 2013
![Page 9: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/9.jpg)
…..
Symantec Intelligence Report January 2013
![Page 10: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/10.jpg)
Malicious Activity by Source, Overall Ranking 2011-2012
Symantec 2013 Internet Security Threat Report
![Page 11: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/11.jpg)
Who is Targeting Whom
Symantec 2010 Annual Security Report
![Page 12: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/12.jpg)
Problem with Security
• Most do not understand/know about it• Those who do understand, underestimates it• Those who understands and don’t underestimate, address
it insufficiently
![Page 13: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/13.jpg)
Attention Factors Increased attack frequency
More attacks and attackers, more motivations for attacks, more availability of attack tools
Increased awareness More activities and coverage in media Presidents’ Executive Order on CyberSecurity Cyber Security Act of 2012 controversy Cyber-warfare/cyber-espionage
More Laws The Personal Data Protection and Breach Accountability Act of 2011 The Personal Data Privacy and Security Act of 2011 Data Security and Breach Notification Act of 2012 CyberSecurity and American Cyber Competitiveness Act (2013) Cyber Intelligence Sharing and Protection Act (2013)
![Page 14: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/14.jpg)
What’s Trending in Security
Cyber-crime as a service Cyber-warfare Targeted attacks Attacks/defenses in
Cross platform Mobile platform Web technologies/platforms Cloud computing/Virtual environment Big data Critical Infrastructure
http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2013.pdfhttp://www.websense.com/content/websense-2013-security-predictions.html
http://www.crn.com/slide-shows/security/240145572/10-security-predictions-for-2013.htm
![Page 15: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/15.jpg)
Security Prioritized
http://www.comptia.org/Libraries/Members_Research/Report_-_CompTIA_Security_study_-_Section_1.sflb.ashx
![Page 16: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/16.jpg)
Boost in Security Expenditures
Homeland Security $756 Million in 2013 $786 Million for 2014
US Cyber Command $3.2 Billion in 2012 $3.4 Billion in 2013
Private Sector $35.1 Billion in 2011 $49.1 Billion by 2015
http://appropriations.house.gov/news/documentsingle.aspx?DocumentID=333903http://www.comptia.org/Libraries/Members_Research/Report_-_CompTIA_Security_study_-
_Section_1.sflb.ashx
![Page 17: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/17.jpg)
NSF Spending in Security
http://www.nsf.gov/about/budget/fy2014/pdf/EntireDocument_fy2014.pdf
![Page 18: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/18.jpg)
Security Employment - Current Demand for cyber security professionals grew
73% during the five years from 2007 to 2012– 3.5 times the pace of the overall IT job market– 12 times the overall job market
Bureau of Labor Statistics May 2012 Report 72,670 Information Security Analysts $89,290 Mean Annual Salary
http://blogs.wsj.com/cio/2013/03/04/demand-for-cyber-security-jobs-is-soaring/http://www.bls.gov/oes/current/oes_nat.htm#15-0000
http://data.bls.gov/oep/noeted
![Page 19: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/19.jpg)
Security Job Market
http://www.payscale.com/research/US/Skill=IT_Security_%26_Infrastructure/Salary
![Page 20: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/20.jpg)
Security Employment - Future
http://articles.washingtonpost.com/2013-01-27/world/36583575_1_cyber-protection-forces-cyber-command-cybersecurity
Defense Department’s Cyber Command to recruit 4900 in next few years (now at 900)
Bureau of Labor Statistics 2010 – 20 Projected Growth
![Page 21: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/21.jpg)
Security Fundamentals
Information assurance and security Offensive and defensive goals Threats and attacks CIA model Defense in Depth Security policy/controls
![Page 22: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/22.jpg)
Information Assurance (IA) & Security
22
IA is the perception that systems are operating as expected in a protected environment.
Security is measures and controls to achieve IA.
![Page 23: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/23.jpg)
Two Sides in Security
Offensive Side
Defensive Side
![Page 24: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/24.jpg)
Offensive Goal
Threats
& AttacksVulnerabilities Harm/Loss
USE
CAUSE
Risk
![Page 25: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/25.jpg)
Terms Threat
Potential to inflict harm to an asset or cause security violations Attack
Infliction of harm to an asset or causing security violations Vulnerability
A weakness in security procedures or system design, implementation, or operation that can be used to cause security policy violation
Risk Potential loss or harm or security violation Likelihood that a particular threat can exploit a particular
vulnerability or a set of vulnerabilities to violate security policy
![Page 26: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/26.jpg)
General Classes of Threats
Disclosure Deception Disruption Usurpation
![Page 27: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/27.jpg)
Specific Types of Attacks
Snooping/Sniffing Spoofing Modification Repudiation of Origin Delay Denial of Receipt Denial of Service
![Page 28: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/28.jpg)
Security Controls
Defensive Goal
Loss
Confidentiality
Integrity
Availability
Security Perimeter
![Page 29: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/29.jpg)
CIA Model of IA
Confidentiality Keeping data and resources hidden
Integrity (Data and Origin) Keeping data (and data sources) and resources uncorrupted
Availability Keeping data and resources usable
Accountability (a.k.a. Non-Repudiation) Holding one accountable for action
![Page 30: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/30.jpg)
Offensive & Defensive Goal Snooping/Sniffing
Spoofing
Modification
Repudiation of Origin
Denial of Receipt
Delay
Denial of Service
Confidentiality
Origin Integrity
Data Integrity
Origin Integrity, Accountability
Accountability
Availability
Availability
Confidentiality Integrity (Data and origin) Availability Accountability
![Page 31: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/31.jpg)
Cyber Good, bad and ugly
http://www.securitymanagement.com/
archive/library/RBC_security0102.pdf
![Page 32: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/32.jpg)
Ethics
http://computerethicsinstitute.org/http://www.secureworks.com/resources/articles/other_articles/ethics/
http://turing.cs.camosun.bc.ca/COMP112/notes/classnotes/TenCommandments.pdf
Ten Commandments of Computer Ethics1. Thou shalt not use a computer to harm other people.2. Thou shalt not interfere with other people's computer work.3. Thou shalt not snoop around in other people's computer files.4. Thou shalt not use a computer to steal.5. Thou shalt not use a computer to false witness.6. Thou shalt not copy or use proprietary software for which you have not paid.7. Thou shalt not use other people's computer resources without authorization or
proper compensation.8. Thou shalt not appropriate other people's intellectual output.9. Thou shalt think about the social consequences of the program you are writing or
the system you are designing.10. Thou shalt always use a computer in ways that ensure consideration and respect
for your fellow humans.
![Page 33: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/33.jpg)
Goals of Security: Defense in Depth
1) Prevent• Securing an environment to avoid penetration
2) Deter• Applying protection mechanisms to hurdle intruder efforts and thus causing
delays in achieving a malicious goal
3) Detect• Ensuring visibility of suspicious activities
4) Response • Reacting to security incidents by notification, eradication, interdiction,
prosecution• Continuing to survive to some extent
5) Recover• Assessing and repairing damage• Improving
![Page 34: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/34.jpg)
End to End Security
Hardware Software Data
In processing In transit In storage
People
![Page 35: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/35.jpg)
Security Policy
An organizational security policy applies to all systems and its users and sets out what should and should not be allowed.
Types Military
– Readers may not access documents above his/her privilege level Commercial
– A customer may not change price of the product.
A security policy helps identify system security requirements with risk management processes in place.
![Page 36: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/36.jpg)
Enforcing Policy Explicit Policy
X cannot view Y’s notes Y have to protect notes
– If anything happens, both X and Y can be held accountable
Explicit Policy X cannot view Y’s notes Implicit Policy
Y have to protect notes
– If anything happens, only X can be hold accountable
![Page 37: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/37.jpg)
Policy, Model & Mechanism
Security Policy Statement of what is allowed and how
– The system is only available to use by employees. Security Model
Representation of policy– Formal/mathematical models
Security Mechanism Methods and tools to ensure policy by implementing
model– Password based login system
![Page 38: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/38.jpg)
Trust
Trust and assumption play crucial role in policy, especially, integrity policy As trust is hard to quantify, policies are hard to evaluate
completely Attackers look for assumptions and trusted users to find
possible weak points in implementation of policy
![Page 39: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/39.jpg)
Role of Trust
Higher level assumption example• Administrator installs patch
• Trusts patch came from vendor, not tampered with in transit
• Trusts vendor tested patch thoroughly• Trusts vendor’s test environment
corresponds to local environment• Trusts patch is installed correctly
![Page 40: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/40.jpg)
Role of Trust cont.
Lower level assumption example– A security-related program S is formally verified to
work with operating system O• Proof has no errors
» Bugs in automated theorem provers• Preconditions hold in environment in which S is to be used• S transformed into executable S whose actions follow source code
» Compiler bugs, linker/loader/library problems• Hardware executes S as intended
» Hardware bugs
![Page 41: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/41.jpg)
“Secure” vs. “Trusted”
Trusted System A Characteristic
Degrees of Trustworthiness
Judged based on evidence/analysis
Secure System A Goal
Either … or
Asserted based on features
![Page 42: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/42.jpg)
Note “Perfectly” secure system does not exist. Security is difficult
Security is not inherent. Security is not universal. Security is not static. Security is not an absolute.
Security is a compromise between usability, cost and peace of mind.
![Page 43: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/43.jpg)
Security engineering
Tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer-based system or its data.
![Page 44: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/44.jpg)
The End
44
______________________Devon M. Simmonds
Computer Science Department
University of North Carolina Wilmington____________________________________________ _________________
Qu es ti ons?
![Page 45: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/45.jpg)
Risk Management Risk assessment Risk mitigation/control Risk evaluation/assurance
![Page 46: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/46.jpg)
Phased Risk Assessment Types Preliminary Life cycle Operational
![Page 47: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/47.jpg)
Preliminary Risk Assessment
Identifies risks from analyzing environment prior to development
Independent of technology Aim is to develop an initial set of security requirements Steps:
Identify Risk– Inventory of assets– Determine value of asset– Estimate percentage of asset that will be lost per incident (exposure)– Identify threats and vulnerabilities
Evaluate Risk
![Page 48: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/48.jpg)
Asset analysis in a preliminary risk assessment report for the
MHC-PMS
Asset Value Exposure
The information system High. Required to support all clinical consultations. Potentially safety-critical.
High. Financial loss as clinics may have to be canceled. Costs of restoring system. Possible patient harm if treatment cannot be prescribed.
The patient database High. Required to support all clinical consultations. Potentially safety-critical.
High. Financial loss as clinics may have to be canceled. Costs of restoring system. Possible patient harm if treatment cannot be prescribed.
An individual patient record Normally low although may be high for specific high-profile patients.
Low direct losses but possible loss of reputation.
![Page 49: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/49.jpg)
Threat Identification with Misuse cases
Identify the most probable threats to the system assets Misuse cases are instances of threats to a system Models malicious user actions to figure out strategies to
prevent the actions. Relationship with use case
Misuse case threatens use case Use case mitigates misuse case
![Page 50: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/50.jpg)
Threat Identification with Misuse cases
Sindre G, Opdahl AL (2001) Templates for misuse casedescription. In: Proceedings of the 7th international workshopon requirements engineering: foundation for software quality(REFSQ’01), Interlaken, Switzerland
![Page 51: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/51.jpg)
Risk AssessmentIdentify RiskEvaluate Risk
Risks are quantified based on importanceor impact severity
Risks are prioritized for probable impact
![Page 52: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/52.jpg)
Quantitative (Objective) Risk Analysis
Single loss expectancy (SLE) Total loss expected from a single incident Asset value X Exposure
Annual rate of occurrence (ARO) Number of times an incident is expected to
occur in a year
Annual loss expectancy (ALE) Expected loss for a year
SLE X ARO = ALE
![Page 53: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/53.jpg)
Qualitative (Subjective) Risk Analysis
Probability Likelihood a threat will exploit a
vulnerabilityImpact
Result if a risk occurs
Risk level = Subjective measure of probability AND impact
![Page 54: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/54.jpg)
Risk Mitigation Risk reduction
Uses security controls for potential prevention Risk transference
Delegating controls to another entity Risk acceptance
Taking conscious decision to accept the consequences should undesirable event occur
Risk avoidance Not taking the risk at all
![Page 55: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/55.jpg)
Risk and Mitigation
Risk Level Mitigation Feasibility
Unauthorized user may gain access to information system left unsecured with machine in an open environment
Very high (Reduction) Keep machines running the system physically secure
Low cost of implementation but care must be taken with key distribution and to ensure that keys are available in the event of an emergency.
Unauthorized user may gain access as patient database
High (Reduction) Require all users to authenticate themselves before accessing the DB.
Technically feasible but cost to implement solution. Possible user resistance.
![Page 56: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/56.jpg)
Derived Security requirements for the MHC-PMS
Only allow systems to installed in machines that are physically secure.
Require all users to authenticate themselves prior to accessing database.
![Page 57: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/57.jpg)
Risk Evaluation/Assurance Assessment of control strategies
Selection of control strategies Cost effectiveness evaluation
Planning Incident response plan Business continuity plan Disaster recovery plan
Implementation Compliance
![Page 58: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/58.jpg)
Life cycle risk assessment
Identifies risks that emerge during design and development Risks that are associated with the technologies used for
system construction. More information is available - system platform, tools,
middleware and the system architecture and data organization.
Requirements are extended to protect against new risks.
![Page 59: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/59.jpg)
Additional Security Requirements generated from
Design Choice
Design Decision Patient information shall be downloaded at the start of a clinic
session to an area on the system that is used by clinical staff. Additional security requirement
All patient information on the system client shall be encrypted. Patient information shall be uploaded to the database after a
clinic session has finished and deleted from the client computer.
![Page 60: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/60.jpg)
Additional Security Requirements generated from Technology Choice
Technology Decision The system architecture is client-server with clients accessing
the system through a standard web browser. Additional security requirement
Browser has to be secured against common web attacks
![Page 61: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/61.jpg)
Operational risk assessment
Identifies risks that emerge from actual use of the system with additional information about the environment where the system is used. Environment characteristics can lead to new system risks
Further protection requirements may be added to cope with these.
![Page 62: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/62.jpg)
Additional Security Requirements generated from Operational Use
Observation Employees frequently leave work station for administrative
reasons leaving system unprotected and accessible Additional security requirement
Computer must have password protected screen saver
![Page 63: Software Security and Security Engineering (Part 1) Software Engineering Sources: Introduction to Computer Security, Matt Bishop, Addison Wesley, 2003](https://reader036.vdocuments.net/reader036/viewer/2022062717/56649e3f5503460f94b2f885/html5/thumbnails/63.jpg)
The End
63
______________________Devon M. Simmonds
Computer Science Department
University of North Carolina Wilmington____________________________________________ _________________
Qu es ti ons?