GU CIS 315 - Security Engineering (38 pages)

Previewing pages 1, 2, 3, 18, 19, 36, 37, 38 of 38 page document View the full content.
View Full Document

Security Engineering



Previewing pages 1, 2, 3, 18, 19, 36, 37, 38 of actual document.

View the full content.
View Full Document
View Full Document

Security Engineering

100 views


Pages:
38
School:
Gannon University
Course:
Cis 315 - Software Engineering
Unformatted text preview:

Security Engineering Ian Sommerville 2006 Software Engineering 8th edition Chapter 30 Slide 1 Objectives To introduce issues that must be considered in the specification and design of secure software To discuss security risk management and the derivation of security requirements from a risk analysis To describe good design practice for secure systems development To explain the notion of system survivability and to introduce a method of survivability analysis Ian Sommerville 2006 Software Engineering 8th edition Chapter 30 Slide 2 Topics covered Security concepts Security risk management Design for security System survivability Ian Sommerville 2006 Software Engineering 8th edition Chapter 30 Slide 3 Security engineering Tools techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer based system or its data A sub field of the broader field of computer security Ian Sommerville 2006 Software Engineering 8th edition Chapter 30 Slide 4 System layers Application Reusable components and libraries Middleware Database management Generic shared applications Browsers e mail etc Operating ystem S Ian Sommerville 2006 Software Engineering 8th edition Chapter 30 Slide 5 Application infrastructure security Application security is a software engineering problem where the system is designed to resist attacks Infrastructure security is a systems management problem where the infrastructure is configured to resist attacks The focus of this chapter is application security Ian Sommerville 2006 Software Engineering 8th edition Chapter 30 Slide 6 Security concepts Term Asset Exposure Vu lnerability Attack Thr eats Control Ian Sommerville 2006 Definition A system resource that has a value and has to be protected The possible loss or harm that could result from a successful attack This can be loss or damage to data or can be a loss of time and effort if recovery is n ecessary after a se curity breach A weakness in a comput er based system that may be exploited to cause loss or harm An exploitation of a s ystem s vulnerability Generally this is from outside the system and is a deliberate attempt to cause some damage Circumstances that have potential to cause loss or harm You can think of these as a system vulnerability that is subjected to an attack A protective measure that reduc es a s ystem s vulnerability Encryption would be an example of a control that reduc ed a vulnerability of a weak access control system Software Engineering 8th edition Chapter 30 Slide 7 Examples of security concepts Term Asset Exposure Vu lnerability Attack Threat Control Ian Sommerville 2006 Definition The records of each patient that is receiving or has received treatment Potential financial loss from future patients who do not seek treatment because they do not trust the clinic to maintain their data Financial loss from legal action by the sports star Loss of reputation A weak password system which makes it easy for u sers to set guessable passwords User ids that are the same as names An impersonation of an autho rised user An unauthorised user will gain access to th e system by guessing the credentials login name and password of a n authorised user A password checking system that disallows passwords that are set by users which are proper names or word s that are normally included in a dictionary Software Engineering 8th edition Chapter 30 Slide 8 Security threats Threats to the confidentiality of a system or its data Threats to the integrity of a system or its data Threats to the availability of a system or its data Ian Sommerville 2006 Software Engineering 8th edition Chapter 30 Slide 9 Security controls Controls that are intended to ensure that attacks are unsuccessful This is analagous to fault avoidance Controls that are intended to detect and repel attacks This is analagous to fault detection and tolerance Controls that are intended to support recovery from problems This is analagous to fault recovery Ian Sommerville 2006 Software Engineering 8th edition Chapter 30 Slide 10 Security risk management Risk management is concerned with assessing the possible losses that might ensue from attacks on the system and balancing these losses against the costs of security procedures that may reduce these losses Risk management should be driven by an organisational security policy Risk management involves Preliminary risk assessment Life cycle risk assessment Ian Sommerville 2006 Software Engineering 8th edition Chapter 30 Slide 11 Preliminary risk assessment Asset identifi cation Exposure assessment Asset value assessment Threat identifi cation Control identifi cation Ian Sommerville 2006 Probability assessment Feasibility assessment Software Engineering 8th edition Chapter 30 Security req defi nition Slide 12 Asset analysis Asset Value Exposure The information system High Required to suppor t all clinical consultations Potentially safety critical High Financial loss as c linics may have to be cancelled Costs of r estoring system Possible patient harm if treatment cannot be prescribed The patient database High Required to suppor t all clinical consultations Potentially safety critical High Financial loss as c linics may have to be cancelled Costs of r estoring system Possible patient harm if treatment cannot be prescribed An individual patient record Normally low although may be high for specific highprofile patients Low direct reputation Ian Sommerville 2006 losses Software Engineering 8th edition Chapter 30 but possible Slide 13 loss of Threat and control analysis Threat Unauthorised user gains access as system manager and makes system unavailable Unauthorised user gains access as system user and accesses confidential information Probability Low Control Only allow system management from specific locations which are physically secure High Require all users to authenticate themselves using biometric mechanism Log all changes to patient information to track system usage Ian Sommerville 2006 Feasibil ity Low cost of i mplementation but care must be taken with key distribution and to e nsure that keys are available in the event of an emergency Technically feasible but high cost solution Possible user resistance Simp le and transparent to imp lement and also support s recovery Software Engineering 8th edition Chapter 30 Slide 14 Security requirements Patient information must be downloaded at the start of a clinic session to a secure area on


View Full Document

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view Security Engineering and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Security Engineering and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?