CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

Slides:

Advertisements

Similar presentations

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

Advertisements

Chapter 9: Privacy, Crime, and Security

Lecture 1: Overview modified from slides of Lawrie Brown.

1 Agendas Chapter 5 (Recap) Chapters 6 – Diverse IT Infrastructures Case – The iPremier Company: Denial of Service Attack.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Security+ Guide to Network Security Fundamentals

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

FIT3105 Security and Identity Management Lecture 1.

Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Controls for Information Security

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Engineering Security Requirement

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

BUSINESS B1 Information Security.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.

CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.

Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:

Operating system Security By Murtaza K. Madraswala.

Types of Electronic Infection

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

Henric Johnson1 Network Security Henric Johnson Blekinge Institute of Technology, Sweden

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Topic 5: Basic Security.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Managing Operations Chapter 8 Information Systems Management In Practice 6E McNurlin & Sprague.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Data Security. Unauthorized Access Natural disaster Accidentals Destruction ( Hard ware failure )

Presented by: Dr. Munam Ali Shah

Network Security Introduction

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

Network Security and Cryptography

Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Information Management System Ali Saeed Khan 29 th April, 2016.

Security Issues in Information Technology

CS457 Introduction to Information Security Systems

Securing Network Servers

Design for Security Pepper.

Lecture 5. Security Threats

Network security threats

Operating system Security

Answer the questions to reveal the blocks and guess the picture.

Prepared By : Binay Tiwari

Faculty of Science IT Department By Raz Dara MA.

Presentation transcript:

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle

CS 325 April 14, 2015 Page 251 Security Requirements As software becomes more complex and data becomes more sensitive, software systems must meet an increasing number of security requirements. Identification Requirements The system must identify the users or systems with which it is about to interact via passwords, encryption key protocols, etc. Authentication Requirements The system must confirm the identity of the user or system that is trying to interact with it via biometrics, reverse encryption, etc. Authorization Requirements The system must determine the extent to which the user or system is authorized to access its information and functionality via access control lists, privilege hierarchies, etc.

CS 325 April 14, 2015 Page 252 Security Requirements Immunity Requirements The system must protect itself from malicious attacks, such as viruses, worms, and Trojan horses. Integrity Requirements The system must prevent intentional corruption via unauthorized creation, modification, or deletion of data or files. Intrusion Detection Requirements The system must be able to detect and record any unauthorized attempts to access its files or data. Nonrepudiation Requirements The system must be capable of preventing anyone who accessed its files or data from denying it later.

CS 325 April 14, 2015 Page 253 Security Requirements Privacy Requirements The system must protect the privacy rights of its users and of anyone affected by its data and files. Survivability Requirements The system must be able to withstand the intentional loss or destruction of its constituent files and data. Resilience Requirements The system must be able to recover adequately from any successful attack.

CS 325 April 14, 2015 Page 254 Software Security in the Life Cycle Security mechanisms can be put into place at several locations within the software life cycle. Requirements and Use Cases Design Test Plans Code Test Results Field Feedback Abuse Cases – Similar to use cases, they describe the system’s behavior when it’s under attack Security Reqs. – Specific security needs, like passwords and encryption Risk Analysis – Clarify req. docs. & identify possible attacks External Review – Have parties outside the design team review the design for security issues Risk-Based Security Tests – Use attack patterns & threar models to test system security Static Analysis Tools – Scan the source code for common vulnerabilities Penetration Testing – Search for architectural flaws in the fielded environment that wouldn’t appear in the development lab Security Breaks – Have the customer report post- delivery security problems so preventive measures can be put in place in future releases