The Security Analysis Process University of Sunderland CIT304 Harry R. Erwin, PhD.

Slides:

Advertisements

Similar presentations

Security Requirements

Advertisements

ISO 9001:2000 Documentation Requirements

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

Lecture # 2 : Process Models

Dd. This learning session will help the auditor: Design audit objectives understand why audit criteria are used in performance audits; learn how to develop.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.

Common Criteria Richard Newman. What is the Common Criteria Cooperative effort among Canada, France, Germany, the Netherlands, UK, USA (NSA, NIST) Defines.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

How to Prepare for the Fall Exam COM380/CIT304 Harry Erwin, PhD University of Sunderland.

SWE Introduction to Software Engineering

Four Dark Corners of Requirements Engineering

PPA 503 – The Public Policy Making Process

Lecture Nine Database Planning, Design, and Administration

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.

Validation Chapter 4 1. Validation Exemplifies Process Understanding 2.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

SEC835 Database and Web application security Information Security Architecture.

S/W Project Management

Database System Development Lifecycle © Pearson Education Limited 1995, 2005.

G53SEC Computer Security Introduction to G53SEC 1.

1 A Disciplined Security Specification for a High- Assurance Grid by Ning Zhu, Jussipekka Leiwo, and Stephen John Turner Parallel Computing Centre Distributed.

The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD.

Business Analysis and Essential Competencies

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 6 Slide 1 Requirements Engineering Processes l Processes used to discover, analyse and.

Feasibility Study.

CEN rd Lecture CEN 4021 Software Engineering II Instructor: Masoud Sadjadi Phases of Software.

A GENERIC PROCESS FOR REQUIREMENTS ENGINEERING Chapter 2 1 These slides are prepared by Enas Naffar to be used in Software requirements course - Philadelphia.

Lecture 15 Page 1 CS 236 Online Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Software Engineering Management Lecture 1 The Software Process.

What is a Business Analyst? A Business Analyst is someone who works as a liaison among stakeholders in order to elicit, analyze, communicate and validate.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Illustrations and Answers for TDT4252 exam, June

CSCE 522 Secure Software Development Best Practices.

Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 What is Solution Assessment & Validation?

Randy Beavers CS 585 – Computer Security February 19, 2009.

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

Specific Safety Requirements on Safety Assessment and Safety Cases for Predisposal Management of Radioactive Waste – GSR Part 5.

1 Using Common Criteria Protection Profiles. 2 o A statement of user need –What the user wants to accomplish –A primary audience: mission/business owner.

CSCE 201 Secure Software Development Best Practices.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Assumptions of Secure Operation University of Sunderland CIT304 Harry R. Erwin, PhD.

University of Sunderland Professionalism and Personal Skills Unit 6 Professionalism and Personal Skills Lecture Ethics.

Requirements engineering The process of establishing the services that the customer requires from a system and the constraints under which it operates.

 Context for the Training  Training Related to Implementation of Safety Decision Making Methodology  Fidelity of the Family Functioning Assessment.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Basic Security Concepts University of Sunderland CSEM02 Harry R Erwin, PhD.

Basic Security Concepts University of Sunderland CIT304 Harry R Erwin, PhD.

Security Objectives University of Sunderland CSEM02 Harry R. Erwin, PhD.

Assumptions of Secure Operation University of Sunderland CSEM02 Harry R. Erwin, PhD.

The NIST Special Publications for Security Management By: Waylon Coulter.

true potential An Introduction to the Middle Manager Programme’s CMI Qualifications.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.

Software Engineering Process - II 7.1 Unit 7: Quality Management Software Engineering Process - II.

1 Requirements Analysis Lecture # Recap of Requirements Elicitation - 1 Requirements elicitation deals with discovering requirements for a software.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Content Basics and fundamentals GSR Part 2

Security Development Lifecycle (SDL) Overview

The Common Criteria for Information Technology Security Evaluation

Problem Statement and Research Question

Chapter 5 – Requirements Engineering

VP, Institutional Services

CMGT 431 Competitive Success/snaptutorial.com

CMGT 431 Education for Service-- snaptutorial.com.

CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.

CMGT 431 Teaching Effectively-- snaptutorial.com.

Leadership and Management for Safety

Presentation transcript:

The Security Analysis Process University of Sunderland CIT304 Harry R. Erwin, PhD

Security Analysis is a Formal Process. 1.Start by identifying the system (‘TOE’) and items to be protected. 2.Identify the security policies that must be enforced. 3.Define the trust relationships to be supported. 4.Perform a risk analysis to identify the threats. 5.Establish the assumptions of secure operation. 6.List the security objectives you must implement. 7.Define the resulting security functions (‘TSF’) to be provided. 8.Provide the detail, implement, and test.

What are the Items to be Protected? If you try to protect everything, you protect nothing. Can include data, equipment, reputation, and resources. Take into account time. Any security can be broken with enough time and resources. Provide alarms and appropriate responses.

Security Policies Discussed in an earlier lecture. Be realistic. If you can’t secure what you need to secure, perhaps you should reconsider building the system.

Trust Relationships Discussed in an earlier lecture. You must understand trust to be able to secure a system and have the system be usable. Trust should influence your security architecture.

Risk Analysis Discussed in an earlier lecture. Be realistic. Hackers are creative—don’t reject vulnerabilities out of hand. “Security by Obscurity” is not a solution. Don’t try to protect everything, but don’t leave obvious holes.

Assumptions of Secure Operation Discussed in an earlier lecture. “A statement of assumptions which are to be met by the environment of the TOE in order for the TOE to be considered secure.” (from the CCTool Manual) Should be associated with individual security objectives to help you select your security requirements.

The Security Mapping Process CCTool Manual

Security Analysis Relationships CCTool Manual

Security Objectives Result in Security Requirements CCTool Manual

CCTool/UoSTool Designed to assist in this process. Provides recommended solutions. You can also add your own –Threats –Policies –Assumptions –Objectives –Requirements

What are Security Objectives? Security objectives are the things you do to: –Enforce security policies –Mitigate risks Security objectives may be met by: –Things the system does to protect itself, and –Things you can assume the environment does for the system.

Finding CCTool An expert system to aid in security analysis. No longer supported by NIAP/NIST/NSA. Needs upgrading but still useful. Available from the module website. Available at Sunderland as the UoSTool

Security Objectives “The results of the analysis of the security environment can then be used to state the security objectives that counter the identified threats and address identified organizational security policies and assumptions. The security objectives should be consistent with the stated operational aim or product purpose of the system, and any knowledge about its physical environment.” CCTool Manual

Intent of the Objectives “The intent of determining security objectives is to address all of the security concerns and to declare which security aspects are either addressed directly by the system or by its environment. This categorization is based on a process incorporating engineering judgment, security policy, economic factors and risk acceptance decisions.” CCTool Manual

Sources of Security Functional Requirements “The CC and the associated security functional requirements are not meant to be a definitive answer to all the problems of IT security. Rather, the CC offers a set of well understood security functional requirements that can be used to create trusted products or systems reflecting the needs of the market. These security functional requirements are presented as the current state of the art in requirements specification and evaluation.” (CCTool Manual)

Background Issues of Security Functional Requirements “The IT security requirements are the refinement of the security objectives into a set of security requirements for the TOE and security requirements for the environment which, if met, will ensure that the TOE can meet its security objectives.” (CCTool Manual) “The CC presents security requirements under the distinct categories of functional requirements and assurance requirements.” (CCTool Manual)

How do You Use the Security Requirements? The functional requirements describe what your security solution must do to allow you to operate safely. These can be compared to the functionality provided by vendor software and hardware. The assurance requirements describe what development practices and testing the vendor must follow to assure the users that the functionality provided actually works.

Role of Security Testing “Security requirements generally include both requirements for the presence of desired behavior and requirements for the absence of undesired behavior. It is normally possible to demonstrate, by use or testing, the presence of the desired behavior. It is not always possible to perform a conclusive demonstration of absence of undesired behavior. Testing, design review, and implementation review contribute significantly to reducing the risk that such undesired behavior is present.” (CCTool Manual) Note, pen-testing is not necessarily required.

Open Problems Despite the emergence of a formal approach to the definition of security requirements, computer security has gotten worse, not better over the last 30 years. (Karger and Schell, 1974 and 2002) K&S note that current secure systems are less secure than Multics, and “Multics, with its security enhancements, was only deemed suitable for processing in a relatively benign ‘closed’ environment.” What they see missing is a verifiable security kernel to block professional hacker attacks using malicious software trapdoors. This is a currently emerging threat.