1. Chapter 19: Building Systems with Assurance
Dr. Wayne Summers
Department of Computer Science
Columbus State University

2. Assurance in Requirements Definition and Analysis
Threat – potential occurrence that can have an undesirable effect on the system assets or resources (can lead to undesirable consequences)
Breaches of confidentiality, disruption of integrity, or denials of service
Vulnerability – weakness that makes it possible for a threat to occur
Control- countermeasure that mitigates a threat or eliminates a vulnerability

3. Assurance in Requirements Definition and Analysis
Security Mechanisms and Layered Architecture
Building Security In or Adding Security Layer
Reference monitor – access control concept of an abstract machine that mediates all accesses to objects by subjects
Reference validation mechanism(RVM) – implementation of the reference monitor concept (must be tamperproof, always be invoked, small enough to be tested for completeness)
Security kernel – combination of h’ware and s’ware that implements a reference monitor
Trusted computer base (TCB)- all protection mechanisms within a computer system that are responsible for enforcing a security policy.

4. Assurance in Requirements Definition and Analysis
Policy Definition and Requirements Specification
Specification- description of characteristics of a computer system or program (must be clear, unambiguous, and complete)
Extract applicable requirements from existing security standards (e.g. Common Criteria)
Create a new policy from results from threat analysis and existing policies
Map system to an existing model
Justifying Requirements
Once a policy has been defined and specified, it must be shown to be complete and consistent.

5. Assurance During Systems and Software Design
Design Techniques that Support Assurance
Module – set of related functions and pertinent data structures (objects)
Minimize communications between modules (avoid the use of global variables)
Assignment of privilege should be tighly controlled and privileges revoked when no longer needed

6. Assurance During Systems and Software Design
Design Document Contents
Security functions – identifies the high-level security functions that are defined for the system (i.e. identification, authentication, access control, and auditing)
External Functional Specification - high-level description of external interfaces to a system, component, subcomponent, or module
Internal Design – describes the internal structures and functions of the components of a system
Review: guidelines, conflict resolution methods, completion procedures

7. Assurance in Implementation and Integration
Implementation Considerations that Support Assurance
Choice of language – strong typing, built-in buffer overflow protections, data hiding, modularity, domains & domain access protections, garbage collection, error handling
Assurance Through Implementation Management
Configuration Management
Version control and tracking
Change authorization
Integration procedures
Tools for product generation

8. Assurance in Implementation and Integration
Justifying That the Implementation Meets the Design
Security Testing
Functional testing
Structural testing
Unit testing
Systems testing
Third-party testing (independent testing)
Security testing
Assurance During Operation and Maintenance