Presentation is loading. Please wait.

Presentation is loading. Please wait.

EOSC Generic Application Security Framework

Published byLouisa Gibbs Modified over 8 years ago

Similar presentations

Presentation on theme: "EOSC Generic Application Security Framework"— Presentation transcript:

1 EOSC Generic Application Security Framework
Daniel Fischer European Space Agency

2 Mission Operations Infrastructure Information Security Management System
The Mission Operations Infrastructure (MOI) comprises assets and services supporting the ESA multi-mission model in all phases: development, launch and operations The Information Security Management System (ISMS) is the implementation of the security directives resulting in requirements (SSRS) and procedures (SECOPS)

3 MOI ISMS Risk Assessment – Rationale for secure SW engineering
The MOI ISMS risk assessment has identified software engineering and applications as a critical area that requires urgent improvement The new MOI SSRS and SECOPS include requirements and procedures for secure software engineering The SECOPS could be grouped at high level in: Service-oriented SECOPS ISMS Management oriented SECOPS Systems Development oriented SECOPS: Procedure for defining security requirements for software developments and major maintenance activities, but… ESA engineering standards for software development do not address security!

4 Ensuring Secure Software Engineering
HSO-G started the development of the GASF - Generic Application Security Framework GASF Main Objectives Ensure compliance with ISMS secure software engineering requirements Introduce a Secure Software Development Lifecycle (SSDLC) to make newly developed software more resilient Limit the security-related overhead for technical officers and developers All software developments make use of ESA/ECSS software development standards with different grades of tailoring It seemed natural to consider this asset as a baseline for implementing an approach for developing the SSDLC ESOC has started the development of the Generic Applications Security Framework (GASF) as an answer to the risk identified during the risk assessment exercise Thus the main objective is to be able to mitigate the ISMS risk related to software engineering and enhance the overall security of the ground systems infrastructure. The core of the GASF is the introduction of a Secure Software Development Lifecycle (SSDLC) which is based on the traditional development lifecycle but adding, where necessary, additional steps that are required for producing secure software. These steps are applicable for technical officers and/or developers The above mentioned extension of the traditional software development steps of course implies additional overhead in terms of effort/cost on the software development process. The intention of the GASF is to keep this overhead as small as possible by supporting the developers and technical officers with tools and providing a big level of automation The activity will also help to amend the software engineering standards in use at ESA today. Currently they do not address security. The GASF helps to prepare a standardisation activity in this respect.

5 GASF Secure Software Development Lifecycle
Based on ECSS-E-ST-40 C/Q80 C, amended with processes from well known sources (e.g. ISO 27001, Common Criteria, NIST SP , ESA Security Directives) Requirements Engineering Specification of hierarchical security functional and assurance requirements Assigning security requirements to target documentation (e.g. SRS) Design Use of security control design patterns Detailed security design Implementation & Testing Security Code Review Vulnerability Scanning Security Testing Use of off-the-shelf tools for the above Operations & Evolution Deploy security controls Security Risk Assessment at every step of the SSDLC

6 GASF Requirements Engineering: Requirements Database
GASF provides a hierarchical security requirements database Categorisation of requirements regarding target document e.g. SoW, contract, SRS, SUM, etc. Organised according to ISO and Using well known requirement sources e.g. ISO 27001, NIST, CWE For each low level technical requirement, the recommended best practise to implement is referenced

7 GASF Requirements Engineering: Specific SW Requirements Selection
Not all software has the same security needs GASF implements requirements tailoring using templates Templates are filters that are applied to the requirements base The CIA template selects requirements according to the confidentiality, integrity, and availability level identified by the risk assessment The Environment Template identifies requirements applicable to well identified target deployment environments: e.g. Operational LAN, Pre Operational LANs, DMZ, etc The Project Template identifies requirements applicable to typology of projects: e.g. Earth Observation missions, Provision of services to external users, etc Templates are re-usable Only the first-of-a-kind system will have to go through a detailed selection process Follow-up systems in the same environment can re-use the templates

8 GASF Implementation: Security Best Practises
GASF requirement base links security best practises when possible Best practises source is Common Weakness Enumeration (CWE) CWE is built and maintained by MIT from multiple well known sources e.g OWASP Each CWE entry explains how to mitigate the weakness  concrete help for developers Example: Buffer Overflow Requirement: All buffer operations shall check input sizes CWE-120: Buffer Copy without Checking Size of Input This helps developers implementing security requirements fast and in a standard way No need for proprietary approach Lends to later software verification

9 GASF Testing & Validation: Assuring correct implementation
GASF strongly supports security requirements validation & acceptance Validation is specified in the assurance security requirements GASF specifies validation procedures and guidelines Static Source Code Analysis Penetration Tests Vulnerability Scanning GASF supports certification Using assurance requirements the software owner can use GASF to aid certification e.g. NIST 140-2/3 or Common Criteria

10 GASF Deliverables/ Output
Consolidated set of high-level security requirements To be used by DSM / TO in preparation of SOW and STC The process is assisted by an intuitive tool that automates the selection of applicable requirements based on templates GASF formal specification Formal specification of all processes required for execution of an SSDLC based on ECSS-E-ST-40 C /Q-80 C standards For each process, identification of additional activities and mapping to ECSS-E-ST-40 C standard Additional activities coming from well identified sources e.g. ISO 27001, Common Criteria, NIST SP , ESA Security Directives GASF governance Maintenance and evolution of GASF documentation Maintenance and periodic review of security requirements

11 GASF Project Status (June 2013)
GASF High Level Requirements for SOW and STC – Available Q4 2013 GASF Tool SDD GASF specification + DSM/TO procedures (1st issue) Complete top-down set of security requirements (1st issue) Q1 2014 GASF Tool + complete documentation set GASF specification (final) Final version of the complete set of security requirements GASF Security Governance Strategy (DSM/TO and development team procedures in applying GASF) Result of pilot project: software security analysis of existing system based on code review and GASF tool recommendations

12 BSSC Secure SW Engineering WG: Involvement in GASF Reviews
The main GASF review will take place later this year Contribution and participation of WG members is highly welcome Main review items: GASF Requirements Database (Structure & Contents) Review starts 02/09 GASF Process Documentation (based on ECSS) Review starts 14/10 GASF Tool and tool documentation

13 References and Sources
ISO Information security management systems — Requirements ISO Code of practice for Information security management ISO – Common Criteria for Information Technology Security Evaluation NIST Recommended Security Controls for Federal Information Systems and Organizations Common Weakness Enumeration (CWE) - ESA Security Directives

14 THANK YOU FOR YOUR ATTENTION

Download ppt "EOSC Generic Application Security Framework"

Similar presentations

Software Quality Assurance Plan

Software Quality Assurance Plan
Automated Software Testing: Test Execution and Review Amritha Muralidharan (axm16u)

Automated Software Testing: Test Execution and Review Amritha Muralidharan (axm16u)
More CMM Part Two : Details.

More CMM Part Two : Details.
DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.

DoD Information Assurance Certification and Accreditation Process (DIACAP) August 2011.
ITIL: Service Transition

ITIL: Service Transition
Achieving (and Maintaining) Compliance With Secure Software Development Compliance Requirements (ISC)² SecureSDLC May 17, 2012.

Achieving (and Maintaining) Compliance With Secure Software Development Compliance Requirements (ISC)² SecureSDLC May 17, 2012.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Stepan Potiyenko ISS Sr.SW Developer.

Stepan Potiyenko ISS Sr.SW Developer.
1 Integrating Information Security Into the Procurement Process for Large Systems MITRE © 2003 The MITRE Corporation. All rights reserved.

1 Integrating Information Security Into the Procurement Process for Large Systems MITRE © 2003 The MITRE Corporation. All rights reserved.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.

The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.

Systems Engineering Approach to MPS Risk Management Kelly Mahoney Presented at the Workshop for Machine Protection in Linear Accelerators.
Fraud Prevention and Risk Management

Fraud Prevention and Risk Management
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
This chapter is extracted from Sommerville’s slides. Text book chapter 29 1 1.

This chapter is extracted from Sommerville’s slides. Text book chapter
SECURE SOFTWARE ENGINEERING FOR SPACE MISSIONS

SECURE SOFTWARE ENGINEERING FOR SPACE MISSIONS
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Introduction to Software Quality Assurance (SQA)

Introduction to Software Quality Assurance (SQA)

Similar presentations

Ads by Google