Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure software and COTS group Steve Gribble, Somesh Jha, Angelos Keromytis, Carl Landwehr, Peter Lee, Martin Rinard Workshop on Resilient Financial Information.

Published byAmos Berry Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure software and COTS group Steve Gribble, Somesh Jha, Angelos Keromytis, Carl Landwehr, Peter Lee, Martin Rinard Workshop on Resilient Financial Information."— Presentation transcript:

1 Secure software and COTS group Steve Gribble, Somesh Jha, Angelos Keromytis, Carl Landwehr, Peter Lee, Martin Rinard Workshop on Resilient Financial Information Systems March 2005

2 Findings Smaller companies use COTS, but some larger companies do extensive in-house development IT/business opportunities are often unique advantages in fast custom response Strong trend towards highly componentized software systems reinforced by trend towards web services Major issue is complexity not just of large system of components but also of multiple interacting systems, many of which not under control

3 Findings, cont’d Financial systems are “over-engineered” wrt controls required security level is not well understood, so systems are built conservatively Human errors are main source of failure By operators, developers, users not security break-ins  but impact of errors can be magnified by security weakness reconciliation checks, redundancy, distributed component-based architecture greatly enhance resilience

4 Findings, cont’d Confidentiality is less understood concept of “toxic combinations of privilege” manual review of privilege combinations a form of business-rule discovery Some similarities to military, pharmaceutical, etc. environments HCI is a big deal and growing but lots of expertise and resources applied and apparently working

5 Findings, cont’d “Business control requirements” The rules by which automated system must operate “Application security requirements” traditional authentication/authorization requirements, for components and systems of components

6 Research themes Centrality of business rules Challenge of “bringing it all together” Smooth slope / starting out small

7 Possible research areas, 1 Specification languages for describing / modeling business rules work at the semantic level of business control rules checking that a distributed collection of components respects the global rules  static verification  dynamic monitoring component abstraction; and analysis of composed abstractions

8 Possible research areas, 2 Access control consequence analysis do the privileges satisfy given business controls?  analogy to model checking optimization of access controls?  tradeoff with run-time checking change analysis  how to additions/changes affect the system?

9 Possible research areas, 3 Interactive debugging / root-cause analysis unify low-level (code failure) and high- level (business-rule violation) views of failures  for debugging, root-cause analysis human-assisted and/or automated reaction traceability of low-level behavior and test results to high-level requirements

10 What about COTS? Um,…

Download ppt "Secure software and COTS group Steve Gribble, Somesh Jha, Angelos Keromytis, Carl Landwehr, Peter Lee, Martin Rinard Workshop on Resilient Financial Information."

Similar presentations

Chapter 2: Software Process

Chapter 2: Software Process
Component-Based Software Engineering Main issues: assemble systems out of (reusable) components compatibility of components.

Component-Based Software Engineering Main issues: assemble systems out of (reusable) components compatibility of components.
Software Regression Testing Speaker: Jerry Gao Ph.D. San Jose State University URL:

Software Regression Testing Speaker: Jerry Gao Ph.D. San Jose State University URL:
Topic 1: Emerging paradigms for improvements of software reliability Outbrief summary.

Topic 1: Emerging paradigms for improvements of software reliability Outbrief summary.
29 September 2014. Interactions  There is no “right answer”  Typically people and product are fixed  … can adapt process  (which is where we will.

29 September Interactions  There is no “right answer”  Typically people and product are fixed  … can adapt process  (which is where we will.
Software Process Models

Software Process Models
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
7-1 INTRODUCTION: SoA Introduced SoA in Chapter 6 Service-oriented architecture (SoA) - perspective that focuses on the development, use, and reuse of.

7-1 INTRODUCTION: SoA Introduced SoA in Chapter 6 Service-oriented architecture (SoA) - perspective that focuses on the development, use, and reuse of.
1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-

1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-
Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.

Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.
Web Services Andrea Miller Ryan Armstrong Alex. Web services are an emerging technology that offer a solution for providing a common collaborative architecture.

Web Services Andrea Miller Ryan Armstrong Alex. Web services are an emerging technology that offer a solution for providing a common collaborative architecture.
Introduction to z/OS Basics © 2006 IBM Corporation Chapter 8: Designing and developing applications for z/OS.

Introduction to z/OS Basics © 2006 IBM Corporation Chapter 8: Designing and developing applications for z/OS.
A Type System for Expressive Security Policies David Walker Cornell University.

A Type System for Expressive Security Policies David Walker Cornell University.
® IBM Software Group © 2007 IBM Corporation Achieving Harmony IBM's Platform and Methodology for Systems Engineering and Embedded Software Development.

® IBM Software Group © 2007 IBM Corporation Achieving Harmony IBM's Platform and Methodology for Systems Engineering and Embedded Software Development.
SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.

SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Switched Networks Routing and Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Switched Networks Routing and Switching.
Dr. Kalpakis CMSC 461, Database Management Systems Introduction.

Dr. Kalpakis CMSC 461, Database Management Systems Introduction.
Course Instructor: Aisha Azeem

Course Instructor: Aisha Azeem
Software Testing & Strategies

Software Testing & Strategies

Similar presentations

Ads by Google