1. Term Project Teams of ~3 students Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and server side) Submit a 1-2 page proposal to management (Dr. Hery) Assess risks, threats, vulnerabilities Develop a security policy Do a high level system security design Present a “preliminary design review” (PDR) to management (include risk analysis, policies, system architecture) Iterate on risk assessment, policy, design Present a final “critical design review” (CDR) to management and the class Write a final report to management on above

2. Example Project System should have at least 2 elements that communicate to perform a function  e. g., client server, peer to peer Pick a useful system, not an underlying technology Start with a “mission need statement”  e. g., “Provide a remote credit card verification service” State assumptions about environment  e. g., remote site is on a wired LAN connected to the Internet; verification data is on a well protected server connected to the Internet through a firewall

3. Example Project (continued) Your project should be somewhat more complex than this Make explicit (and probably realistic) assumptions about infrastructure Major project steps:  Thorough risk analysis  Develop security policies  Perform security system engineering. Use the policy to determine the security functions needed, and then to develop an architecture that has all the security functions and hardware, software components to enforce the security policies Major project deliverables:  Proposal  Preliminary design review  Critical design review to class  Final report on the design

4. Security System Engineering Process for Term Project (Simplified) Functional Rqmnts HL Design HL Sec Policy Legal Rqmnts Assets at Risk Corp/Org Policy HL Sec Design Threat Analysis Vulner. Analysis Detailed Design Detailed Sec Architect. Detailed Sec Policy Threat Analysis

5. Project Design Reviews Systems Requirements Review (SRR)  Usually, a first review before getting too far into the project, well before the PDR. We will combine them.  SRR is a presentation (with supporting documentation) to management and “the customer” to review all the requirements that are used as the basis for the system design and development. All later requirements and design decisions should be traceable back to these requirements.  Management has the right to impose changes on the requirements Preliminary Design Review (PDR)  The PDR is a presentation (with supporting documentation) to management and “the customer” showing the preliminary design, before detailed designs are developed. The purpose is to get the feedback on the design (from outside the design team) before it is too far along and to get “mid course correction”  Management may raise issues that are not addressed properly by the design Critical Design Review (CDR)  A final review of the detailed design before starting development, coding, COTS product selection and acquisition, custom product prototyping, etc.

6. PDR for the Term Project High level requirements:  Functional Requirements (what the system should do)  Risk analysis to identify assets that need to be protected  Any legal requirements  Any corporate or organizational security policies not included above  Write the High Level Security Policies High Level Design  Similar to what was in the proposals  For the project, this is only to define what needs to be protected.

7. PDR (Continued) Develop a full threat tree on the high level system design and use it to add to the high level policies Develop a high level security design/architecture based on the requirements  What security technologies and processes will be used (firewalls, crypto, IDS, etc.)  Where are they to be used Develop a “Security Compliance Matrix”  List all security requirements, and show what parts of the security technology and processes are used to meet the requirements Do a security requirements traceback  Show how each security technology or process is based on a requiremnt Present any security “trade studies”

8. SSE for PDR Functional Rqmnts HL Design HL Sec Policy Legal Rqmnts Assets at Risk Corp/Org Policy HL Sec Design Threat Analysis Vulner. Analysis Detailed Design Detailed Sec Architect. Detailed Sec Policy Threat Analysis

9. PDR (continued) PDR will be a 45 minute presentation to management The main purpose is to make sure the project is on the right track before you go too far. No grade will be assigned for this, only the completed project Presentation will be outside of class hours and scheduled during the weeks of March 22-March 29. See me to schedule a time. Supporting documents may be provided Electronic copies of all materials should be provided Management reserves the right to suggest additional requirements if you make the problem to easy :-) Management also reserves right to suggest a simplification of the problem to save you from yourself.

10. CDR for the term project The CDR will review the PDR material The other SSE tasks will be completed:  Detailed system design  Threat and vulnerability analyses  Detailed Security Policies written out  Detailed security design giving details such as  What is hardware versus software  Algorithms  Specific products, if appropriate  Trade studies to support choices, where appropriate The CDR will be a presentation to class and a full report (preferably using Word, or as a PDF)