Architecting secure software systems

Slides:



Advertisements
Similar presentations
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Advertisements

ARCH-05 Application Prophecy UML 101 Peter Varhol Principal Product Manager.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
1 ISEC0511 Programming for Information System Security Lecture Notes #3 Security in Software Systems.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Chapter 22 Object-Oriented Systems Analysis and Design and UML Systems Analysis and Design Kendall and Kendall Fifth Edition.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Lecture 1: Overview modified from slides of Lawrie Brown.
Security Controls – What Works
Object-Oriented Analysis and Design
Use-case Modeling.
The Unified Software Development Process - Workflows Ivar Jacobson, Grady Booch, James Rumbaugh Addison Wesley, 1999.
Fundamentals of Information Systems, Second Edition
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Application Threat Modeling Workshop
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 2 02/01/2010 Security and Privacy in Cloud Computing.
SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework
Chapter 11: Project Risk Management
1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product.
SOFTWARE ENGINEERING BIT-8 APRIL, 16,2008 Introduction to UML.
Discussing “Risk Analysis in Software Design” 1 FEB Joe Combs.
© 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1 A Discipline of Software Design.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
An Introduction to Software Architecture
Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)
Risk Management Project Management Digital Media Department Unit Credit Value : 4 Essential Learning time : 120 hours.
Programming in Java Unit 3. Learning outcome:  LO2:Be able to design Java solutions  LO3:Be able to implement Java solutions Assessment criteria: 
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Chapter 10 Analysis and Design Discipline. 2 Purpose The purpose is to translate the requirements into a specification that describes how to implement.
CSCE 522 Secure Software Development Best Practices.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
Hands-On Threat Modeling with Trike v1. Generating Threats.
Fundamentals of Information Systems, Second Edition 1 Systems Development.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Software Architecture Evaluation Methodologies Presented By: Anthony Register.
Practical Threat Modeling for Software Architects & System Developers
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE Risk/Threat.
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
® IBM Software Group © 2009 IBM Corporation Essentials of Modeling with the IBM Rational Software Architect, V7.5 Module 15: Traceability and Static Analysis.
UML Course Instructor: Rizwana Noor. Overview  Modeling  What is UML?  Why UML?  UML Diagrams  Use Case  Components  Relationships  Notations.
Chapter 1: Security Governance Through Principles and Policies
Module 7: Designing Security for Accounts and Services.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Threat Modeling: Employing the 5 Ws Security Series, December 13, 2013 Jeff Minelli Penn State ITS
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
CS457 Introduction to Information Security Systems
Threat Modeling for Cloud Computing
Course Outcomes of Object Oriented Modeling Design (17630,C604)
Evaluating Existing Systems
Evaluating Existing Systems
Off-line Risk Assessment of Cloud Service Provider
Chapter 22 Object-Oriented Systems Analysis and Design and UML
Chapter 1 Key Security Terms.
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Presentation transcript:

Architecting secure software systems Boshra Ardallani Paria Rakhshani Elahe Golezardi Purya Aliabadi

Outline Building Secured Systems Security Requirements Analysis Threat Modeling Security Design Security Coding Safe Programming Security Review Generating the Executable Security Testing Secured Deployment Security Remediation Security Documentation Security Response Planning Safety-Critical Systems

Building secured system A war against hackers or adversaries The attacker is not visible Build systems that are secured and can defend any attack Computers are connected through a network how to architect security in software

security development lifecycle use to embed security at the grass-root level starts with defining system objectives

Security requirements analysis lifecycle

security objectives application’s security objectives categories: Identity Financial Proprietary and sensitive data Property and life Privacy and regulatory Availability guarantees Regulatory

functional versus nonfunctional requirements A system or software requirement that specifies a function that a system/software system or system/software component must be capable of performing Nonfunctional requirement: A software requirement that describes not what the software will do but how the software will do it.

use case Use case is used in software engineering to capture functional requirements Use cases capture “who” (actor) does “what” (interaction) with the system, for what “purpose” (goal), without dealing with the system implementation details. Use case is now included within Unified Modeling Language (UML) Use case can be linked with three types of relationships: Include Extends Generalization

misuse case Misuse case is used in software engineering to capture nonfunctional requirements. A misuse case is a special kind of use case, describing behavior that the system/entity owner does not want to occur. A “misuse case” is the inverse of a use case, a misactor is the inverse of an actor.

co representing use and misuse cases To represent a system behavior, it should include both functional and nonfunctional requirements together. To represent use cases and misuse cases together, they need to be differentiated.

defining security requirements This is achieved in five steps: First concentrate on the functional requirements through normal actors and the main use cases requested by these actors. look at security-related misuse cases. investigate the potential relations between use cases and misuse cases. Look at security-related nonfunctional requirements as functional requirements. Continue with the preceding four steps with more and more refinements and detailed requirements documentation.

threat modeling use threat modeling to determine security threats. Threat modeling is a process that helps you to identify, analyze, document, and possibly rate the system’s vulnerabilities. Threat modeling centers around the following essential components: Assets. This is the object that we need to protect. Vulnerabilities. These are weaknesses in the system. Threats. Possible occurrence of an undesirable event. Exploits (or attacks). When a threat becomes reality, it is called attack. Countermeasures. These are measures to eliminate vulnerabilities or reduce the attack surface.

threat modeling (cont.) Some techniques that are proposed to model the threat are: STRIDE Attack tree DREAD Attack surface

STRIDE STRIDE is a methodology for identifying possible threats. It is used by Microsoft for threat modeling of their systems. The STRIDE acronym is formed from the first letter of each of the following categories: Spoofing identity Tampering with data Repudiation Information disclosure DoS Elevation of privilege.

attack tree Attack tree is a tool to evaluate the system security based on various threats. The root of a tree represents a security event that can potentially damage an asset. Each path through an attack tree represents a unique attack. decompose a node of an attack tree through either an AND-decomposition or an OR-decomposition.

DREAD DREAD is another tool to determine possible threats and their impact. is also used directly to mitigate the risks. is an average of all five categories:

attack surface that part of the program can be a target of attack that is accessible to an attacker. the attempt is always to analyze the attack surface and reduce it. focuses on reducing the area of the code accessible to unauthorized users.

putting it all together Step 1. identify system objectives. Step 2. Analyze functional requirements of the system using use-case and UML tools. Step 3. List the system’s security requirements and security objectives. Step 4. List the assets the system is handling and risk associated with them. Step 5. Use the misuse case to analyze security risks and interactions between different tasks and their relationship. Step 6. Use the attack tree to breakdown misuse cases to understand what are the AND and the OR components in the threat path. Step 7. Use the DREAD tool to rate these threats. Step 8. Analyze the attack surface and consider reducing the attack surface. Step 9. Progressively refine the requirements by decomposition of the requirements.

patterns and antipatterns Design pattern: A design pattern is a formal way of documenting successful solutions to problems. Design antipattern: design patterns help to address commonly occurring problems that appear initially to be beneficial, they sometimes result in bad consequences that outweigh the apparent advantages. This is called antipatterns.

attack patterns An attack pattern characterizes an individual attack type that an adversary may use for some malicious intension. Each attack pattern contains the following sections: Pattern name and classification The overall goal of the attack specified by the pattern A list of preconditions for its use The steps for carrying out the attack A list of post conditions that are true if the attack is successful A list of suggestions that can be used to counter this attack

security design patterns Single access point Checkpoint Roles Session Full view with errors Limited view Secure access layer Least privilege Journaling Exit gracefully

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.