CSE870: Advanced Software Engineering (Cheng) 1 R R R CSE870: Advanced Software Engineering: Security Intro Information Security!An Introduction "R R R CSE870: Advanced Software Engineering: Security Intro Acknowledgments"• Annie Anton"• Charles Pfleeger"• E. Spafford"CSE870: Advanced Software Engineering (Cheng) 2 R R R CSE870: Advanced Software Engineering: Security Intro R R R CSE870: Advanced Software Engineering: Security Intro Outline"• Terminology"• Brief Introduction"• Security Planning"• Creating a Security!Policy"• Threats, Attacks &!Services"• Internet Privacy !Policies"CSE870: Advanced Software Engineering (Cheng) 3 R R R CSE870: Advanced Software Engineering: Security Intro Terminology"• “A computer is secure if you can depend on it and its software to behave as you expect (intent).” "• ʻTrust describes our level of confidence that a computer system will behave as expected.ʼ (intended)"[Garfinkel & Spafford, Kasten] R R R CSE870: Advanced Software Engineering: Security Intro What is secure?"• Does not disclose information"• Does not allow unauthorized !access"• Does not allow unauthorized !change"• Maintains QoS despite input !and load"• Preserves audit, authenticity, !control"• No surprises!"[Spafford]CSE870: Advanced Software Engineering (Cheng) 4 R R R CSE870: Advanced Software Engineering: Security Intro Why Worry?"• Information has value"– when combined"– when altered"– when disclosed"• Resource use has value"– unauthorized use"– denial of service"• Damage to reputation"– damage to your personal reputation"– damage to your group"– damage to your company"• Your system is not alone"– other machines on the network"– shared resources and files"– indirect liability"[Spafford] R R R CSE870: Advanced Software Engineering: Security Intro Three Common Failures"• Organization has no formal policy. Thus, personnel cannot consistently make necessary decisions."• Organization has no reasonable response plans for violations, incidents, and disasters."• Plans donʼt work when needed because they havenʼt been regularly tested, updated, and rehearsed. (E.g., failure of operational security)"[Spafford]CSE870: Advanced Software Engineering (Cheng) 5 R R R CSE870: Advanced Software Engineering: Security Intro The Challenge"• “Without assurance that our systems will stay secure, we endanger our economies, our privacy, our personal safety and privacy, and our social institutions.” [Spafford]"[Spafford] R R R CSE870: Advanced Software Engineering: Security Intro How do we get there?"• Understand the needs of the users"– Narrow focus better than broad"• Understand basic tenets of security"– Scarcity/rareness of programs and experts"• Capture requirements for design and validation"• Design with care using good tools and methods"• Validate & Verify"[Spafford]CSE870: Advanced Software Engineering (Cheng) 6 R R R CSE870: Advanced Software Engineering: Security Intro Understanding Security"• Good security means"– Limiting what happens"– Limiting who can make it happen"– Limiting how it happens"– Limiting who can change the system"• Users donʼt tolerate limits unless there is a paradigm shift"– E.g., "• Mainframes to PCs/desktops "• to laptops "• to handhelds computers "• to cellphones/blackberrys"[Spafford] R R R CSE870: Advanced Software Engineering: Security Intro Psychological Acceptability"• Easy to use"– Should be as easy to use as to not use"• False alarms should be avoided"• Frequent changes and updates !are bad"• Should not require great expertise !to get correct"…Doesnʼt match user population"[Spafford]CSE870: Advanced Software Engineering (Cheng) 7 R R R CSE870: Advanced Software Engineering: Security Intro Patches"• Fixes for flaws that require an !expert to install are not a good !fix."• Fixes that break something else !are not a good fix."• Frequent fixes may be ignored."• Goal should be design, not patch"[Spafford] R R R CSE870: Advanced Software Engineering: Security Intro Source of Problems"Source:!Securityfocus.com!About 30% are buffer overflows or unchecked data!Over 90% are coding/design flaws.![Spafford]CSE870: Advanced Software Engineering (Cheng) 8 R R R CSE870: Advanced Software Engineering: Security Intro Quality as a Market Problem"• Good software engineers !and security designers are !scarce"• Productivity of coders varies:"– Top 10% are at least 10x more !productive than average coder. "– Organizations should invest in!raising skill level."• That takes time and money, !so there is a disincentive to !improving quality"[Spafford] R R R CSE870: Advanced Software Engineering: Security Intro What can we do?"• Understand that there is no “average user”"• Understand balance between features and security"• Employ better testing"• Manage complexity and change"• Build in security from the start"• Understand policy differences."[Spafford]CSE870: Advanced Software Engineering (Cheng) 9 R R R CSE870: Advanced Software Engineering: Security Intro Security Planning"• Security needs planning"• Risk assessment"• Cost-benefit analysis"• Creating policies to reflect !your needs"• Implementation"• Audit and incident response"[Garfinkel & Spafford] R R R CSE870: Advanced Software Engineering: Security Intro Planning Your Security Needs"• Confidentiality"• Data Integrity"• Availability"• Consistency"• Control"• Audit"[Garfinkel & Spafford]CSE870: Advanced Software Engineering (Cheng) 10 R R R CSE870: Advanced Software Engineering: Security Intro Critical Concerns for Various Industries?"• Banking environment?"• National defense-related !system that processes !classified information?"• University?"• E-Commerce?"R R R CSE870: Advanced Software Engineering: Security Intro Risk Assessment"• Three questions to answer:"– What am I trying to protect?"– What do I need to protect against?"– How much time, effort and money am I willing to expend to obtain adequate protection?"• Three key steps:"– Identify assets"– Identify threats"– Calculate risks"[Garfinkel & Spafford]CSE870: Advanced
View Full Document
Unlocking...