Presentation is loading. Please wait.

Presentation is loading. Please wait.

VM: Chapter 5 Guiding Principles for Software Security.

Published byHoward Wiggins Modified over 9 years ago

Similar presentations

Presentation on theme: "VM: Chapter 5 Guiding Principles for Software Security."— Presentation transcript:

1 VM: Chapter 5 Guiding Principles for Software Security

2 csci5233 computer security & integrity 2 The 10 Principles 1. Secure the weakest link 2. Practice defense in depth 3. Fail securely 4. Follow the principle of least privilege 5. Compartmentalize 6. KISS 7. Promote Privacy 8. Remember that hiding secrets is hard 9. Be reluctant to trust 10. Use your community resources

3 csci5233 computer security & integrity 3 Secure the weakest link A chain is only as strong as the weakest link. Which is easier to be robbed? A convenience store or a bank?

4 csci5233 computer security & integrity 4 Example: encrypted transmission encrypted transmission AB plaintext cyphertext encryption decryption Where’s the weakest point?

5 csci5233 computer security & integrity 5 Risk Analysis Identifying the weakest component of a system falls directly out of a good risk analysis. Address the most serious risk first Question: How is the seriousness of a risk determined?

6 csci5233 computer security & integrity 6 Social Engineering An attack is launched by social manipulation to break into a system. An example: A help desk worker dealing with a “frustrated” user who cannot get into his account (p.94) A good strategy? Evaluate the “elaborate” scheme given on page 95:

7 csci5233 computer security & integrity 7 2. Practice defense in depth Manage risk with diverse, redundant, defensive strategies. If one layer of defense is broken, another layer hopefully prevents a full breach. The sum protection offered is far greater than the protection offered by any single component. An example: multiple layers of firewalls + encrypted data

8 csci5233 computer security & integrity 8 3. Fail securely A system failure may cause the system to exhibit insecure behavior. When the system fails, the behavior of the system is less secure than usual. An example: Credit card authentication (p.98) Another example: Support of legacy clients that do not use encryption (backward compatibility) Java’s RMI: server authentication with clients (p.99)

9 csci5233 computer security & integrity 9 4. The principle of least privilege Only the minimum access necessary to perform an operation should be granted. + That access should be granted only for the minimum amount of time necessary. Keep windows of vulnerability as short as possible. An example: The US government security clearance system A program shall relinquish root privilege when it no longer needs it.

10 csci5233 computer security & integrity 10 The Problem with default settings Windows API (p.101) Java applets (p.102) Wireless network card: WEP encryption File access permisions

11 csci5233 computer security & integrity 11 5. Compartmentalize Break a system into small compartments, each of which can be sealed from the others. Damage control Separation of privileges OS with compartmentalization: roles Reasonable compartmentalization

12 csci5233 computer security & integrity 12 6. KISS “Keep it simple, sir.” Complexity may introduce new vulnerability and thus increases the risks. Reuse tested, good quality software components.

13 csci5233 computer security & integrity 13 Redundancy versus Simplicity P.105 A balance between redundant security features (principle 2) and simple security Choke points: small, easily controlled interface No backdoors or secret entrance

14 csci5233 computer security & integrity 14 Usability Engineering P.106 1. The user will not read documentation. –Provide security by default. 2. Talk to users to determine their security requirements. 3. Realize that users aren’t always right. 4. Users are lazy.

15 csci5233 computer security & integrity 15 7. Promote Privacy User privacy is a security concern. Usability versus privacy protection –Should credit card numbers be stored on the server? –Should credit card numbers stored on a server be encrypted? –Where should the encryption key be stored? System information: Release as little system information as possible.

16 csci5233 computer security & integrity 16 8. Hiding secrets is hard p.109 Security is often about keeping secrets. Is a secret kept in a binary format well protected? –Copy protection –Java byte codes Insider attacks are common and can cause serious damages.

17 csci5233 computer security & integrity 17 9. Be reluctant to trust Servers and clients should be designed not to trust each other. Many security products introduce more risks than they address. Skepticism is always good, especially when it comes to security vendors. Trust yourself? –Get objective, high-quality outside reviews

18 csci5233 computer security & integrity 18 10. Use your community resources Public scrutiny Is a secret encryption algorithm better than a publicly known one? Good cryptographic algorithms work because they rely on keeping the key secret, not because the algorithm itself is secret. Java developer community IETF RFC’s

19 csci5233 computer security & integrity 19 Next Pf: Ch 2

Download ppt "VM: Chapter 5 Guiding Principles for Software Security."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
An investigation into the security features of Oracle 10g R2 Enterprise Edition Supervisor: Mr J Ebden.

An investigation into the security features of Oracle 10g R2 Enterprise Edition Supervisor: Mr J Ebden.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.

Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Similar presentations

Ads by Google