Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University Summers_wayne@colstate.edu http://csc.colstate.edu/summers

Assurance in Requirements Definition and Analysis Threat – potential occurrence that can have an undesirable effect on the system assets or resources (can lead to undesirable consequences) Breaches of confidentiality, disruption of integrity, or denials of service Vulnerability – weakness that makes it possible for a threat to occur Control- countermeasure that mitigates a threat or eliminates a vulnerability

Assurance in Requirements Definition and Analysis Security Mechanisms and Layered Architecture Building Security In or Adding Security Layer Reference monitor – access control concept of an abstract machine that mediates all accesses to objects by subjects Reference validation mechanism(RVM) – implementation of the reference monitor concept (must be tamperproof, always be invoked, small enough to be tested for completeness) Security kernel – combination of h’ware and s’ware that implements a reference monitor Trusted computer base (TCB)- all protection mechanisms within a computer system that are responsible for enforcing a security policy.

Assurance in Requirements Definition and Analysis Policy Definition and Requirements Specification Specification- description of characteristics of a computer system or program (must be clear, unambiguous, and complete) Extract applicable requirements from existing security standards (e.g. Common Criteria) Create a new policy from results from threat analysis and existing policies Map system to an existing model Justifying Requirements Once a policy has been defined and specified, it must be shown to be complete and consistent.

Assurance During Systems and Software Design Design Techniques that Support Assurance Module – set of related functions and pertinent data structures (objects) Minimize communications between modules (avoid the use of global variables) Assignment of privilege should be tighly controlled and privileges revoked when no longer needed

Assurance During Systems and Software Design Design Document Contents Security functions – identifies the high-level security functions that are defined for the system (i.e. identification, authentication, access control, and auditing) External Functional Specification - high-level description of external interfaces to a system, component, subcomponent, or module Internal Design – describes the internal structures and functions of the components of a system Review: guidelines, conflict resolution methods, completion procedures

Assurance in Implementation and Integration Implementation Considerations that Support Assurance Choice of language – strong typing, built-in buffer overflow protections, data hiding, modularity, domains & domain access protections, garbage collection, error handling Assurance Through Implementation Management Configuration Management Version control and tracking Change authorization Integration procedures Tools for product generation

Assurance in Implementation and Integration Justifying That the Implementation Meets the Design Security Testing Functional testing Structural testing Unit testing Systems testing Third-party testing (independent testing) Security testing Assurance During Operation and Maintenance