CSE870: Advanced Software Engineering (Cheng) 1CSE870: Advanced Software Engineering: Security IntroRRRInformation SecurityAn IntroductionCSE870: Advanced Software Engineering: Security IntroRRRAcknowledgments• Annie Anton• Charles Pfleeger• E. SpaffordCSE870: Advanced Software Engineering: Security IntroRRRCSE870: Advanced Software Engineering (Cheng) 2CSE870: Advanced Software Engineering: Security IntroRRROutline• Terminology• Brief Introduction• Security Planning• Creating a SecurityPolicy• Threats, Attacks &Services• Internet PrivacyPoliciesCSE870: Advanced Software Engineering: Security IntroRRRTerminology• “A computer is s ecure if you candepend on it and its software to behaveas you expect (intend).”• ‘Trust describes our level of confidencethat a computer system will behave asexpected.’ (intended)[Garfinkel & Spafford, Kasten]CSE870: Advanced Software Engineering: Security IntroRRRWhat is secure?• Does not disclose information• Does not allow unauthorizedaccess• Does not allow unauthorizedchange• Maintains QoS despite inputand load• Preserves audit, authenticity,control• No surprises![Spafford]CSE870: Advanced Software Engineering (Cheng) 3CSE870: Advanced Software Engineering: Security IntroRRRWhy Worry?• Information hasvalue– when combined– when altered– when disclosed• Resource use hasvalue– unauthorized use– denial of service• Damage to reputation– damage to your personalreputation– damage to your group– damage to your company• Your system is notalone– other machines on thenetwork– shared resources andfiles– indirect liability[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRThree Common Failures• Organization has no formal policy. Thus,personnel cannot consistently makenecessary decisions.• Organization has no reasonable responseplans for violations, incidents, and disasters.• Plans don’t work when needed because theyhaven’t been regularly tested, updated, andrehearsed. (E.g., failure of operationalsecurity)[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRThe Challenge• “Without assurance that our systemswill stay secure, we endanger oureconomies, our privacy, our personalsafety and privacy, and our socialinstitutions.” [Spafford][Spafford]CSE870: Advanced Software Engineering (Cheng) 4CSE870: Advanced Software Engineering: Security IntroRRRHow do we get there?• Understand the needs of the users– Narrow focus better than broad• Understand basic tenets of security– Scarcity/rareness of programs and experts• Capture requirements for design andvalidation• Design with care using good tools andmethods• Validate & Verify[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRUnderstanding Security• Good security means– Limiting what happens– Limiting who can make it happen– Limiting how it happens– Limiting who can change the system• Users don’t tolerate limits unless there is aparadigm shift– E.g.,• Mainframes to PCs/desktops• to laptops• to handhelds computers• to cellphones/blackberrys[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRPsychological Acceptability• Easy to use– Should be as easy to use as to not use• False alarms should be avoided• Frequent changes and updatesare bad• Should not require great expertiseto get correct…Doesn’t match user population[Spafford]CSE870: Advanced Software Engineering (Cheng) 5CSE870: Advanced Software Engineering: Security IntroRRRPatches• Fixes for flaws that require anexpert to install are not a goodfix.• Fixes that break something elseare not a good fix.• Frequent fixes may be ignored.• Goal should be design, not patch[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRSource of ProblemsSource:Securityfocus.comAbout 30% arebuffer overflowsor uncheckeddataOver 90% arecoding/designflaws.[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRQuality as a Market Problem• Good software engineersand security designers arescarce• Productivity of coders varies:– Top 10% are at least 10x moreproductive than average coder.– Organizations should invest inraising skill level.• That takes time and money,so there is a disincentive toimproving quality[Spafford]CSE870: Advanced Software Engineering (Cheng) 6CSE870: Advanced Software Engineering: Security IntroRRRWhat can we do?• Understand that there is no “averageuser”• Understand balance between featuresand security• Employ better testing• Manage complexity and change• Build in security from the start• Understand policy differences.[Spafford]CSE870: Advanced Software Engineering: Security IntroRRRSecurity Planning• Security needs planning• Risk assessment• Cost-benefit analysis• Creating policies to reflectyour needs• Implementation• Audit and incident response[Garfinkel & Spafford]CSE870: Advanced Software Engineering: Security IntroRRRPlanning Your Security Needs• Confidentiality• Data Integrity• Availability• Consistency• Control• Audit[Garfinkel & Spafford]CSE870: Advanced Software Engineering (Cheng) 7CSE870: Advanced Software Engineering: Security IntroRRRCritical Concerns for VariousIndustries?• Banking environment?• National defense-relatedsystem that processesclassified information?• University?• E-Commerce?CSE870: Advanced Software Engineering: Security IntroRRRRisk Assessment• Three questions to answer:–What am I trying to protect?– What do I need to protect against?–How much time, effort and money am I willing toexpend to obtain adequate protection?• Three key steps:– Identify assets– Identify threats– Calculate risks[Garfinkel & Spafford]CSE870: Advanced Software Engineering: Security IntroRRRRisk AssessmentStep 1: Identify Assets• Tangibles– Computers, disk drives, proprietary data, backupsand archives, manuals, printouts, commercialsoftware distribution media, communicationsequipment & wiring, personnel records, auditrecords• Intangibles– Safety & health of personnel, privacy of users,personnel passwords, public image & reputation,customer/client goodwill, processing availability,configuration information[Garfinkel & Spafford]CSE870: Advanced Software Engineering (Cheng) 8CSE870: Advanced Software Engineering: Security IntroRRRRisk AssessmentStep 2: Identify Threats• Illness of key people• Loss of key personnel• Loss of
View Full Document