Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

Published byLaureen Johnson Modified over 8 years ago

Similar presentations

Presentation on theme: "CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle."— Presentation transcript:

1

2 CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle

3 CS 325 April 14, 2015 Page 251 Security Requirements As software becomes more complex and data becomes more sensitive, software systems must meet an increasing number of security requirements. Identification Requirements The system must identify the users or systems with which it is about to interact via passwords, encryption key protocols, etc. Authentication Requirements The system must confirm the identity of the user or system that is trying to interact with it via biometrics, reverse encryption, etc. Authorization Requirements The system must determine the extent to which the user or system is authorized to access its information and functionality via access control lists, privilege hierarchies, etc.

4 CS 325 April 14, 2015 Page 252 Security Requirements Immunity Requirements The system must protect itself from malicious attacks, such as viruses, worms, and Trojan horses. Integrity Requirements The system must prevent intentional corruption via unauthorized creation, modification, or deletion of data or files. Intrusion Detection Requirements The system must be able to detect and record any unauthorized attempts to access its files or data. Nonrepudiation Requirements The system must be capable of preventing anyone who accessed its files or data from denying it later.

5 CS 325 April 14, 2015 Page 253 Security Requirements Privacy Requirements The system must protect the privacy rights of its users and of anyone affected by its data and files. Survivability Requirements The system must be able to withstand the intentional loss or destruction of its constituent files and data. Resilience Requirements The system must be able to recover adequately from any successful attack.

6 CS 325 April 14, 2015 Page 254 Software Security in the Life Cycle Security mechanisms can be put into place at several locations within the software life cycle. Requirements and Use Cases Design Test Plans Code Test Results Field Feedback Abuse Cases – Similar to use cases, they describe the system’s behavior when it’s under attack Security Reqs. – Specific security needs, like passwords and encryption Risk Analysis – Clarify req. docs. & identify possible attacks External Review – Have parties outside the design team review the design for security issues Risk-Based Security Tests – Use attack patterns & threar models to test system security Static Analysis Tools – Scan the source code for common vulnerabilities Penetration Testing – Search for architectural flaws in the fielded environment that wouldn’t appear in the development lab Security Breaks – Have the customer report post- delivery security problems so preventive measures can be put in place in future releases

Download ppt "CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle."

Similar presentations

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 Agendas Chapter 5 (Recap) Chapters 6 – Diverse IT Infrastructures Case – The iPremier Company: Denial of Service Attack.

1 Agendas Chapter 5 (Recap) Chapters 6 – Diverse IT Infrastructures Case – The iPremier Company: Denial of Service Attack.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.

Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Controls for Information Security

Controls for Information Security
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Engineering Security Requirement

Engineering Security Requirement
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.

Similar presentations

Ads by Google