Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory.

Published byBrittney Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory."— Presentation transcript:

1 Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory SRI International OASIS PI Meeting, Santa Rosa, CA August 20, 2002

2 System Design Laboratory 20 August 2002 2 Outline Objectives Approach Security codesign overview Information assurance case (IAC) –Motivation –Building an IAC –IAC structure –An IAC for Dependable Intrusion Tolerance (DIT) Plans

3 System Design Laboratory 20 August 2002 3 Project Overview Objective: Advance both the science and the practice of the development of secure systems Motivation –Security is difficult to get right (and getting more difficult) –System developers need better tools for Capturing the security requirements Building systems that meet their requirements Making a convincing case that the requirements are met Main goal: Provide a practical process with a strong scientific basis for the development of secure systems –Must be useful to practitioners –Must provide stronger guarantees of information assurance

4 System Design Laboratory 20 August 2002 4 Approach Security codesign –Influenced by Hardware/software codesign Architecture refinement for dependable systems Development of safety-critical systems –Key idea: complement conventional systems engineering processes with a separate, but coordinated, security engineering effort Derive top-level security requirements from mission goals Elaborate security requirements as the functional design is elaborated Evaluate functional design decisions from a security perspective, providing both proactive and reactive advice Justify design and implementation choices by demonstrating that security requirements are satisfied

5 System Design Laboratory 20 August 2002 5 Security Codesign Why the decoupling of security engineering from functional elaboration? –Security engineering requires different skills and mindset –Emphasis on how to avoid undesired behavior rather than on how to achieve desired behavior –Similar to motivation for independent testing –Has the advantage that not all system designers need to be security experts (and vice versa)

6 System Design Laboratory 20 August 2002 6 Security Codesign

7 System Design Laboratory 20 August 2002 7 Codesign Object Base (COB) A complete record of the codesign process The basis for automated support of security codesign –Analyzers: assist in making design decisions, e.g. Identifying design candidates Detecting inconsistencies Evaluating alternatives –Generators: assist in generating products, e.g. Requirements and design documents Software source code Test cases Documentation IA case

8 System Design Laboratory 20 August 2002 8 The COB Vision of the COB and associated tools Codesign Object Base Requirements document generation Specification document generation Configuration generation Test suite generation IA case generation Security requirements document Functional requirements document System configuration Information assurance case Test suite and results Specification document...

9 System Design Laboratory 20 August 2002 9 Information Assurance Case (IAC) Intrusion tolerance focuses on building systems from less trustworthy components that have weaker requirements than the overall system It is therefore important to establish that the overall security requirements are met by showing that the lower-level components are assembled so as to guarantee security as well as correct functionality An IAC –Assembles relevant information into a case that the system meets its security requirements –Addresses various levels of abstraction –Facilitates independent evaluation and scrutiny –Is an evolving document that is updated throughout the system lifecycle

10 System Design Laboratory 20 August 2002 10 Building an IAC Claims –Requirements documentation Sources of evidence and assumptions –Process Use of secure programming techniques and tools Use of secure languages and operating systems Use of assessment tools and methodologies Use of skilled, security-aware engineers Security codesign –Product Design documentation Formal evaluation of architecture, policies, algorithms, etc. Run-time monitoring Verifying robustness against known attack scenarios Red-team penetration testing Codesign object base Arguments –Structured, sound, and broad to cover various levels of abstraction –Deterministic > Probabilistic > Qualitative –IAC templates for SEAS (Structured Evidence and Argumentation System)

11 System Design Laboratory 20 August 2002 11 IAC Structure

12 System Design Laboratory 20 August 2002 12 Structure of an IAC Argument

13 System Design Laboratory 20 August 2002 13 An IAC Argument in SEAS Stronger Weaker

14 System Design Laboratory 20 August 2002 14 An IAC for DIT

15 System Design Laboratory 20 August 2002 15 IAC Structure for DIT Mission Goals and basic approach Abstract architecture Proxy Application servers Communication components Concrete interoperation Network hardware IDS Application OS OS configuration Application software Software configuration policy Run-time compiler Implementation code OS

16 System Design Laboratory 20 August 2002 16 Plans Use DIT Web server as case study (replacing Genoa) –Simpler architecture –Better defined requirements –Better documented design and evolution Develop an IAC for DIT using the codesign approach –Build a “COB” capturing evolution of DIT requirements, design, and implementation –Develop a SEAS-based argument template –Fill in template from COB elements, producing the IAC

Download ppt "Security Codesign Steve Dawson and Victoria Stavridou Bruno Dutertre, Josh Levy, Bob Riemenschneider, Hassen Saidi, Tomas Uribe System Design Laboratory."

Similar presentations

Qualifications Update: Fashion and Textile Technology Dunblane Hydro 27 November 2013 Qualifications Update: Fashion and Textile Technology Dunblane Hydro.

Qualifications Update: Fashion and Textile Technology Dunblane Hydro 27 November 2013 Qualifications Update: Fashion and Textile Technology Dunblane Hydro.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.

1 Intrusion Tolerance for NEST Bruno Dutertre, Steven Cheung SRI International NEST 2 Kickoff Meeting November 4, 2002.
MIS 385/MBA 664 Systems Implementation with DBMS/ Database Management Dave Salisbury ( )

MIS 385/MBA 664 Systems Implementation with DBMS/ Database Management Dave Salisbury ( )
The Role of Software Engineering Brief overview of relationship of SE to managing DSD risks 1.

The Role of Software Engineering Brief overview of relationship of SE to managing DSD risks 1.
L4-1-S1 UML Overview © M.E. Fayad 2000 -- 2005 SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.

L4-1-S1 UML Overview © M.E. Fayad SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
- 1 - Component Based Development R&D SDM 1 2009 Theo Schouten.

- 1 - Component Based Development R&D SDM Theo Schouten.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.

Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
The database development process

The database development process
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.

Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 8 Slide 1 Software Prototyping l Rapid software development to validate requirements l.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 8 Slide 1 Software Prototyping l Rapid software development to validate requirements l.
Effective Methods for Software and Systems Integration

Effective Methods for Software and Systems Integration
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

Similar presentations

Ads by Google