Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD.

Published byOswin Bond Modified over 8 years ago

Similar presentations

Presentation on theme: "The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD."— Presentation transcript:

1 The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD

2 Security Analysis is a Formal Process. 1.You start by identifying the system (‘TOE’) and assets to be protected. 2.Identify the security policies that must be enforced. 3.Define the trust relationships to be supported. 4.Perform a risk analysis to identify the threats. 5.Establish the assumptions of secure operation. 6.List the security objectives you must implement. 7.Define the resulting security functions (‘TSF’) to be provided. 8.Provide the detail, implement, and test.

3 What are the Items to be Protected? If you try to protect everything, you protect nothing. Can include data, equipment, reputation, and resources. Take into account time. Any security can be broken with enough time and resources. So provide alarms and appropriate responses.

4 Security Policies The things you must do to avoid going to jail or losing your job. Be realistic. If you can’t secure what you need to secure, perhaps your management should reconsider building the system.

5 Trust Relationships You must understand trust to be able to secure a system and have the system be usable. Trust should influence your security architecture.

6 Risk Analysis Be realistic. Hackers are creative—don’t reject vulnerabilities out of hand. “Security by Obscurity” is not a solution. Don’t try to protect everything, but don’t leave obvious holes.

7 Assumptions of Secure Operation “A statement of assumptions which are to be met by the environment of the TOE in order for the TOE to be considered secure.” (from the CCTool Manual) Should be associated with individual security objectives to help you select your security requirements.

8 CCTool An expert system to help you develop protection profiles and security architectures. Originally developed by NIAP (US Government). A version updated to Java 5 (UoSTool) is available here at Sunderland. NIAP now directs people needing CCTool to us. Download and run. There are a number of possible MSc projects available based on it.

9 The Security Mapping Process CCTool Manual

10 Security Analysis Relationships CCTool Manual

11 Security Objectives Result in Security Requirements CCTool Manual

12 CCTool: What is it? Designed to assist in this process. Provides recommended solutions. You can also add your own –Threats –Policies –Assumptions –Objectives –Requirements Tailoring and testing the database for a specific applications area is a suitable MSc project.

13 Security Objectives “The results of the analysis of the security environment can then be used to state the security objectives that counter the identified threats and address identified organizational security policies and assumptions. The security objectives should be consistent with the stated operational aim or product purpose of the system, and any knowledge about its physical environment.” CCTool Manual

14 Where do you get Objectives? 1.The recommendations of your risk analysis. 2.The policy requirements, again translated into recommendations. 3.The trust relationships you need to enforce. Some of these objectives will be quite detailed. This is good, since it clarifies and channels your design.

15 Intent of the Objectives “The intent of determining security objectives is to address all of the security concerns and to declare which security aspects are either addressed directly by the system or by its environment. This categorization is based on a process incorporating engineering judgment, security policy, economic factors and risk acceptance decisions.” CCTool Manual

16 How do you use the Objectives? You analyze each in the context of your assumptions of secure operation to define your solution. That produces things you must build or buy (functional requirements) and things you (or your vendor) must do (assurance requirements). Having objectives allows you to trace your solution to the user’s requirements and justify its cost.

17 Sources of Security Functional Requirements “The CC and the associated security functional requirements are not meant to be a definitive answer to all the problems of IT security. Rather, the CC offers a set of well understood security functional requirements that can be used to create trusted products or systems reflecting the needs of the market. These security functional requirements are presented as the current state of the art in requirements specification and evaluation.” (CCTool Manual)

18 Background Issues of Security Functional Requirements “The IT security requirements are the refinement of the security objectives into a set of security requirements for the TOE and security requirements for the environment which, if met, will ensure that the TOE can meet its security objectives.” (CCTool Manual) “The CC presents security requirements under the distinct categories of functional requirements and assurance requirements.” (CCTool Manual)

19 How do You Use the Security Requirements? The functional requirements describe what your security solution must do to allow you to operate safely. These can be compared to the functionality provided by vendor software and hardware. The assurance requirements describe what development practices and testing the vendor must follow to assure the users that the functionality provided actually works.

20 Role of Security Testing “Security requirements generally include both requirements for the presence of desired behavior and requirements for the absence of undesired behavior. It is normally possible to demonstrate, by use or testing, the presence of the desired behavior. It is not always possible to perform a conclusive demonstration of absence of undesired behavior. Testing, design review, and implementation review contribute significantly to reducing the risk that such undesired behavior is present.” (CCTool Manual) Note, penetration-testing is not necessarily required.

21 Open Problems Despite the emergence of a formal approach to the definition of security requirements, computer security has gotten worse, not better over the last 30 years. (See Karger and Schell, 1974 and 2002, links from the handbook) K&S note that current secure systems are less secure than Multics, and “Multics, with its security enhancements, was only deemed suitable for processing in a relatively benign ‘closed’ environment.” What they see missing is a verifiable security kernel to block professional hacker attacks using malicious software trapdoors. This is a currently emerging threat.

Download ppt "The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD."

Similar presentations

Security Requirements

Security Requirements
Database Planning, Design, and Administration

Database Planning, Design, and Administration
Postgraduate Study & Research Methods COMM50 Planning the Dissertation.

Postgraduate Study & Research Methods COMM50 Planning the Dissertation.
Dd. This learning session will help the auditor: Design audit objectives understand why audit criteria are used in performance audits; learn how to develop.

Dd. This learning session will help the auditor: Design audit objectives understand why audit criteria are used in performance audits; learn how to develop.
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.
The Security Analysis Process University of Sunderland CIT304 Harry R. Erwin, PhD.

The Security Analysis Process University of Sunderland CIT304 Harry R. Erwin, PhD.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Computer Engineering 203 R Smith Requirements Management 6/2009 1 Requirements IEEE Standard Glossary A condition or capability needed by a user to solve.

Computer Engineering 203 R Smith Requirements Management 6/ Requirements IEEE Standard Glossary A condition or capability needed by a user to solve.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Lecture Nine Database Planning, Design, and Administration

Lecture Nine Database Planning, Design, and Administration
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
S/W Project Management

S/W Project Management
Chapter 9 Database Planning, Design, and Administration Sungchul Hong.

Chapter 9 Database Planning, Design, and Administration Sungchul Hong.
Database System Development Lifecycle © Pearson Education Limited 1995, 2005.

Database System Development Lifecycle © Pearson Education Limited 1995, 2005.
1 A Disciplined Security Specification for a High- Assurance Grid by Ning Zhu, Jussipekka Leiwo, and Stephen John Turner Parallel Computing Centre Distributed.

1 A Disciplined Security Specification for a High- Assurance Grid by Ning Zhu, Jussipekka Leiwo, and Stephen John Turner Parallel Computing Centre Distributed.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Similar presentations

Ads by Google