Presentation is loading. Please wait.

Presentation is loading. Please wait.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.

Published byWinifred McGee Modified over 8 years ago

Similar presentations

Presentation on theme: "©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1."— Presentation transcript:

1 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1

2 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To discuss security risk management and the derivation of security requirements from a risk analysis l To describe good design practice for secure systems development. l To explain the notion of system survivability and to introduce a method of survivability analysis.

3 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 3 l Tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer-based system or its data. l A sub-field of the broader field of computer security. Security engineering

4 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 4 System layers

5 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 5 Application/infrastructure security l Application security is a software engineering problem where the system is designed to resist attacks. l Infrastructure security is a systems management problem where the infrastructure is configured to resist attacks. l The focus of this chapter is application security.

6 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 6 Security concepts

7 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 7 Examples of security concepts

8 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 8 Security threats l Threats to the confidentiality of a system or its data l Threats to the integrity of a system or its data l Threats to the availability of a system or its data

9 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 9 Security controls l Controls that are intended to ensure that attacks are unsuccessful. This is analagous to fault avoidance. l Controls that are intended to detect and repel attacks. This is analagous to fault detection and tolerance. l Controls that are intended to support recovery from problems. This is analagous to fault recovery.

10 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 10 Security risk management l Risk management is concerned with assessing the possible losses that might ensue from attacks on the system and balancing these losses against the costs of security procedures that may reduce these losses. l Risk management should be driven by an organisational security policy. l Risk management involves Preliminary risk assessment Life cycle risk assessment

11 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 11 Preliminary risk assessment

12 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 12 Asset analysis

13 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 13 Threat and control analysis

14 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 14 Security requirements l Patient information must be downloaded at the start of a clinic session to a secure area on the system client that is used by clinical staff. l Patient information must not be maintained on system clients after a clinic session has finished. l A log on a separate computer from the database server must be maintained of all changes made to the system database.

15 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 15 Life cycle risk assessment l Risk assessment while the system is being developed and after it has been deployed l More information is available - system platform, middleware and the system architecture and data organisation. l Vulnerabilities that arise from design choices may therefore be identified.

16 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 16 Examples of design decisions l System users authenticated using a name/password combination. l The system architecture is client-server with clients accessing the system through a standard web browser. l Information is presented as an editable web form.

17 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 17 Technology vulnerabilities

18 ©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 18 Key points l Security engineering is concerned with how to develop systems that can resist malicious attacks l Security threats can be threats to confidentiality, integrity or availability of a system or its data l Security risk management is concerned with assessing possible losses from attacks and deriving security requirements to minimise losses

Download ppt "©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Chapter 27 Software Change.

Chapter 27 Software Change.
Configuration management

Configuration management
Software change management

Software change management
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 5 Slide 1 Project management.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 5 Slide 1 Project management.
Chapter 14 – Security Engineering

Chapter 14 – Security Engineering
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Distributed Systems Architectures Slide 1 1 Chapter 9 Distributed Systems Architectures.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Distributed Systems Architectures Slide 1 1 Chapter 9 Distributed Systems Architectures.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 Project management.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 Project management.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 5 Slide 1 Review 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 5 Slide 1 Review 2.
Software Evolution Managing the processes of software system change

Software Evolution Managing the processes of software system change
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 5 Slide 1 Project management.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 5 Slide 1 Project management.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 4 Slide 1 COMP201 Project Management.

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 4 Slide 1 COMP201 Project Management.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.

Similar presentations

Ads by Google