Nov 15, 2005OverviewTrustRelationshipsProblem Sources (Neumann)ExamplesRole of RequirementsTypes of AssuranceSlide 9Assurance stepsLife CycleConceptionManufactureDeploymentFielded Product LifeWaterfall Life Cycle ModelRelationship of StagesOther Models of Software DevelopmentModelsSlide 20Key PointsThreats and VulnerabilitiesArchitectural considerationsArchitectural considerations Example: Four layer architectureSlide 25Build or Add?Trusted Computing BaseSecurity Policy RequirementsDesign assuranceTechniques for Design AssuranceDesign DocumentsDesign meets requirements?Requirement mapping and informal correspondenceDesign meets requirements?Slide 35Implementation considerations for assuranceAssurance through Implementation managementImplementation meets Design?Code development and testingOperation and maintenance assuranceIS2150/TEL2910: Introduction of Computer Security 1Nov 15, 2005Nov 15, 2005AssuranceAssurance2IS2150/TEL2910: Introduction of Computer SecurityOverviewOverviewTrustTrustProblems from lack of assuranceProblems from lack of assuranceTypes of assuranceTypes of assuranceLife cycle and assuranceLife cycle and assuranceWaterfall life cycle modelWaterfall life cycle modelOther life cycle modelsOther life cycle models3IS2150/TEL2910: Introduction of Computer SecurityTrustTrustTrustworthyTrustworthy entity has sufficient credible entity has sufficient credible evidence leading one to believe that the system evidence leading one to believe that the system will meet a set of requirementswill meet a set of requirementsTrustTrust is a measure of trustworthiness relying on is a measure of trustworthiness relying on the evidencethe evidenceAssuranceAssurance is confidence that an entity meets its is confidence that an entity meets its security requirements based on evidence security requirements based on evidence provided by the application of assurance provided by the application of assurance techniquestechniquesFormal methods, design analysis, testing etc.4IS2150/TEL2910: Introduction of Computer SecurityRelationshipsRelationshipsPolic yMechanismsAssuranceStatement of requirements that explicitly definesthe security expectations of the mechanism(s)Provides justification that the mechanism meets policythrough assurance evidence and approvals based onevidenceExecutable entities that are designed and implementedto meet the requirements of the policyEvaluation standardsTrusted Computer System Evaluation Criteria Information Technology Security Evaluation Criteria Common Criteria5IS2150/TEL2910: Introduction of Computer SecurityProblem Sources (Neumann)Problem Sources (Neumann)1.1.Requirements definitions, omissions, and mistakesRequirements definitions, omissions, and mistakes2.2.System design flawsSystem design flaws3.3.Hardware implementation flaws, such as wiring and chip Hardware implementation flaws, such as wiring and chip flawsflaws4.4.Software implementation errors, program bugs, and Software implementation errors, program bugs, and compiler bugscompiler bugs5.5.System use and operation errors and inadvertent mistakesSystem use and operation errors and inadvertent mistakes6.6.Willful system misuseWillful system misuse7.7.Hardware, communication, or other equipment malfunctionHardware, communication, or other equipment malfunction8.8.Environmental problems, natural causes, and acts of GodEnvironmental problems, natural causes, and acts of God9.9.Evolution, maintenance, faulty upgrades, and Evolution, maintenance, faulty upgrades, and decommissionsdecommissions6IS2150/TEL2910: Introduction of Computer SecurityExamplesExamplesChallenger explosion (1986)Challenger explosion (1986)Sensors removed from booster rockets to meet accelerated launch scheduleDeaths from faulty radiation therapy systemDeaths from faulty radiation therapy systemHardware safety interlock removedFlaws in software designBell V22 Osprey crashesBell V22 Osprey crashesFailure to correct for malfunctioning components; two faulty ones could outvote a thirdIntel 486 chip bug (trigonometric function)Intel 486 chip bug (trigonometric function)Cost a lot of time and money7IS2150/TEL2910: Introduction of Computer SecurityRole of RequirementsRole of RequirementsRequirementsRequirements are statements of goals that are statements of goals that must be metmust be metVary from high-level, generic issues to low-level, concrete issuesSecurity objectivesSecurity objectives are high-level security are high-level security issues and business goalsissues and business goalsSecurity requirementsSecurity requirements are specific, are specific, concrete issuesconcrete issues8IS2150/TEL2910: Introduction of Computer SecurityTypes of AssuranceTypes of AssurancePolicy assurancePolicy assurance is evidence establishing is evidence establishing security requirements in policy is complete, security requirements in policy is complete, consistent, technically soundconsistent, technically soundTo counter threats and meet objectivesDesign assuranceDesign assurance is evidence establishing is evidence establishing design sufficient to meet requirements of security design sufficient to meet requirements of security policypolicyImplementation assuranceImplementation assurance is evidence is evidence establishing implementation consistent with establishing implementation consistent with security requirements of security policysecurity requirements of security policyNeed to use good engineering practices9IS2150/TEL2910: Introduction of Computer SecurityTypes of AssuranceTypes of AssuranceOperationalOperational assuranceassurance is evidence is evidence establishing system sustains the security establishing system sustains the security policy requirements during installation, policy requirements during installation, configuration, and day-to-day operationconfiguration, and day-to-day operationAlso called administrative assuranceExample, Do a thorough review of product or system documentation and procedures, to ensure that the system cannot accidentally be placed in a non-secure state.10IS2150/TEL2910: Introduction of Computer SecurityAssurance stepsAssurance stepsSecurity requirementsDesignImplementation1324AssurancejustificationDesign andimplementationrefinement11IS2150/TEL2910: Introduction of Computer SecurityLife CycleLife CycleConceptionConceptionManufactureManufactureDeploymentDeploymentFielded Product LifeFielded
View Full Document
Unlocking...