Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 548 Architectural Risk Analysis. CSCE 548 - Farkas2 Reading This lecture: – McGraw: Chapter 5 Next lecture: – Secure Software Construction Jan Jürjens,

Published byJeffry Tate Modified over 8 years ago

Similar presentations

Presentation on theme: "CSCE 548 Architectural Risk Analysis. CSCE 548 - Farkas2 Reading This lecture: – McGraw: Chapter 5 Next lecture: – Secure Software Construction Jan Jürjens,"— Presentation transcript:

1 CSCE 548 Architectural Risk Analysis

2 CSCE 548 - Farkas2 Reading This lecture: – McGraw: Chapter 5 Next lecture: – Secure Software Construction Jan Jürjens, Towards Development of Secure Systems using UMLsec, http://citeseer.ist.psu.edu/536233.htmlhttp://citeseer.ist.psu.edu/536233.html Lodderstedt et. al, SecureUML: A UML-Based Modeling Language for Model-Driven Security, http://citeseer.ist.psu.edu/lodderstedt02secureuml.html http://citeseer.ist.psu.edu/lodderstedt02secureuml.html

3 CSCE 548 - Farkas3 Application of Touchpoints Requirement and Use cases Architecture and Design Test Plans Code Tests and Test Results Feedback from the Field 5. Abuse cases 6. Security Requirements 2. Risk Analysis External Review 4. Risk-Based Security Tests 1. Code Review (Tools) 2. Risk Analysis 3. Penetration Testing 7. Security Operations

4 CSCE 548 - Farkas4 Requirement Analysis Identify and document the customer’s requirements for a proposed system Client: brief idea on what the system should do Requirement Analyst: – Detailed system requirements – Implied requirements – Regulatory requiremetns – Create: Software Requirements Specification (SRS) What the product should do

5 CSCE 548 - Farkas5 Software Requirement Specification Functional requirements – Features a software has – Implied requirements Non-Functional requirements – Performance, reliability, security, etc. – Effects quality of product Regulatory requirements – Law, standards, organizational regulation, contract, etc. External interface requirements – Interaction with other software and hardware Acceptance criteria – Confirm that the software is working according to the client’s specification

6 CSCE 548 - Farkas6 Review SRS Cost effective: getting the requirements right Manual review: team of experts (at least 3) for 1.5- 2 hours/session Detection rate of good review: 60-90% More cost effective to do requirement review than code testing alone

7 CSCE 548 - Farkas7 Design Flaws 50 % of security problems Need: explicitly identifying risk Quantifying impact: tie technology issues and concerns to business Continuous risk management

8 CSCE 548 - Farkas8 Security Risk Analysis Risk analysis: identifying and ranking risks Risk management: number of discrete risk analysis exercises, tracking risk, mitigating risks Need: understanding of business impact

9 CSCE 548 - Farkas9 Security Risk Analysis Learn about the target of analysis Discuss security issues Determine probability of compromise Perform impact analysis Rank risks Develop mitigation strategy Report findings

10 Learn about the target Specifications, documents, design, etc. Discuss, brainstorm Determine major components and security needs Use/study software Identify threats CSCE 548 - Farkas10

11 Discuss security issues Argue about how the product works, areas of disagreement Identify possible vulnerabilities (lists, tools) Identify exploits and protection Understand security controls (current, planned) CSCE 548 - Farkas11

12 Determine probability of compromise Attack scenarios Historical data Balance control against threat CSCE 548 - Farkas12

13 Perform impact analysis Impact on assets and business goals Impact on security posture Impact on social sector CSCE 548 - Farkas13

14 Rank risk Connect to business goals Regulatory requirements Customer’s needs Capabilities CSCE 548 - Farkas14

15 Develop mitigation strategy Countermeasures – Technical – Societal – Ecomonics Capabilities and preferences CSCE 548 - Farkas15

16 Report findings Major vs. minor risks Decision support for mitigating risk CSCE 548 - Farkas16

17 CSCE 548 - Farkas17 Traditional Risk Analysis Financial loss-based – Balance cost vs. loss Mathematically derived “risk rating” – Threat, probability, and impact Qualitative assessment – Knowledge-driven or anecdotal factors – Social Impact

18 CSCE 548 - Farkas18 Terminology Asset: object of protection Risk: probability that the asset will suffer an attack Threat: the actor (agent) who is the source of danger Vulnerability: defect or weakness in the system Countermeasures or safeguards: management, operational, and technical control to protect confidentiality, integrity, and availability Impact: impact on the organization Probability: likelihood that the event will occur (high, medium, low)

19 CSCE 548 - Farkas19 Knowledge Requirements Three basic steps: – Attack resistance analysis Attack patterns and exploit graphs – Ambiguity analysis Knowledge of design principles – Weakness analysis Knowledge of security issues Forest-level view: What does the software do? – Critical components and interaction between them – Identify risk related to flaws

20 CSCE 548 - Farkas20 Risk Calculation Financial loss: ALE = SLE x ARO – ALE – annualized loss expectancy – SLE – single loss expectancy – ARO – annualized rate of occurrence Distinguish between attacks based on frequency of occurance Qualitative risk assessment (e.g., loss of reputation, loss of trust, etc.) ROI: return-on-investment – Note: security is more like insurance… it will never hit a “big payoff”

21 CSCE 548 - Farkas21 Limitations of Traditional Approaches Hard to find correct data for statistical distribution Do not necessarily provide an easy guide Modern applications are complex: contextual variability of risk

22 CSCE 548 - Farkas22 Modern Risk Analysis Address risk as early as possible in the requirements level Impact: – Legal and/or regulatory risk – Financial or commercial considerations – Contractual considerations – Social Impact Requirements: “must-haves,” “important-to- have,” and “nice-but-unnecessary-to-have”

23 CSCE 548 - Farkas23 Basic Risk Analysis Tailored for specific vulnerabilities High-level overview Meaningful results Cross-tier analysis – different trust zones Use of deployment pattern Decomposing software on a component-by- component basis

24 CSCE 548 - Farkas24 Risk Analysis Practice Ad-hoc manner Does not scale and not repeatable or consistent Depends on knowledge and expertise of analyst Results are difficult to compare

25 CSCE 548 - Farkas25 Attack Resistance Analysis Information about known attacks, attack patterns, and vulnerabilities – known problems – Identify general flaws: using secure design literature and checklists – Map attack patterns: based on abuse cases and attack patterns – Identify risk in the architecture: using checklist – Understand and demonstrate the viability of known attacks

26 CSCE 548 - Farkas26 Ambiguity Analysis Discover new risks Parallel activities of team members  unify understanding – Private list of possible flaws – Describe together how the system worked Need a team of experienced analysts

27 CSCE 548 - Farkas27 Weakness Analysis Understanding the impact of external software dependencies – Middleware – Outside libraries – Distributed code – Services – Physical environment – Etc.

28 CSCE 548 - Farkas28 Social Vulnerability of Computer Attacks Vipul Gupta

29 CSCE 548 - Farkas29 Background What is Social Vulnerability – No single definition – Generally accepted as – inability of the society to move out of harm’s way, that is, incase of a disaster (or computer attack) how easily can the society (or the victim (s)) recover from it Why Social Vulnerability – Every computer attack has economic and social impacts – Social impacts of a computer attack are usually not quantifiable

30 CSCE 548 - Farkas30 Background Impacts on our society (examples) – – Death caused by malfunctioning of computer based equipment – Suicide due to losing everything in a computer based fraud scheme – Ruining of one’s credit – Depression, anxiety, other emotional or physical health related issues – “Internet Addiction” – may be caused by the ‘presence’ of computer – Etc. – What happens if the computer based system is not available for the intended use (DoS or virus attacks considered)

31 CSCE 548 - Farkas31 Importance of Social Vulnerability Computers are an essential part of today’s life Large scale computer attacks will inhibit the functioning of the society (yes, they may be possible in future) Are some sections of the society likely to be more damaged in the event of a computer attack ? (Ability to recover easily from those attacks)

32 CSCE 548 - Farkas32 Background Research Goal: – Map the social vulnerability of computer attacks based on geographical locations within South Carolina – Develop a model for social vulnerability assessment of computer attacks (currently no such model exists)

33 CSCE 548 - Farkas33 Background Research on Social Vulnerability in Natural Disasters – Extensive research has been done in this area – Hypothesize the similarities and differences between a computer attack and a natural disaster (why?) Most natural disasters are prone to specific geographical areas Do computer attacks exhibit the same feature (based on the social factors)

34 CSCE 548 - Farkas34 Research Activities Preliminary hypothesis – – Comparison of natural and computer disasters – Study the factors influencing computer attacks – Identified 9 factors to indicate vulnerability to attacks: updates, installed security software, malicious email scanning, firewall protection, “free” downloads, P2P sharing, unverified downloads, shared system/passwords, system maintenance

35 CSCE 548 - Farkas35 Research Activities Considered age, education (computer experience), income (wealth) as the social factors influencing the vulnerability (+/-) to study – – Are some people more prone to computer attacks than others? Can some people recover from a computer attack faster than others? Income EducationAge The 9 factors

36 CSCE 548 - Farkas36 Next Class Expressing Security Needs during design

Download ppt "CSCE 548 Architectural Risk Analysis. CSCE 548 - Farkas2 Reading This lecture: – McGraw: Chapter 5 Next lecture: – Secure Software Construction Jan Jürjens,"

Similar presentations

Security+ All-In-One Edition Chapter 17 – Risk Management

Security+ All-In-One Edition Chapter 17 – Risk Management
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
CSCE 522 Building Secure Software. CSCE 548 - Farkas2 Reading This lecture – McGraw: Ch. 3 – G. McGraw, Software Security,

CSCE 522 Building Secure Software. CSCE Farkas2 Reading This lecture – McGraw: Ch. 3 – G. McGraw, Software Security,
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
1 Software Testing and Quality Assurance Lecture 14 - Planning for Testing (Chapter 3, A Practical Guide to Testing Object- Oriented Software)

1 Software Testing and Quality Assurance Lecture 14 - Planning for Testing (Chapter 3, A Practical Guide to Testing Object- Oriented Software)
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Risk Management.

Risk Management.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Comp 8130 Presentation Security Testing Group Members: U4266680 Hui Chen U4242754 Ming Chen U4266538 Xiaobin Wang.

Comp 8130 Presentation Security Testing Group Members: U Hui Chen U Ming Chen U Xiaobin Wang.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Software Process and Product Metrics

Software Process and Product Metrics
Application Threat Modeling Workshop

Application Threat Modeling Workshop
Introduction to Network Defense

Introduction to Network Defense
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
CSCE 548 Secure Software Development Risk-Based Security Testing.

CSCE 548 Secure Software Development Risk-Based Security Testing.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.

Similar presentations

Ads by Google