IS 2620 Developing Secure Systems Secure Software Development Models Methods Week 2 Lecture 1 Jan 13 2009 Objective Understand Familiarize with various process models for secure software development and assurance Capability Maturity Models CMMI iCMM SSE CMM TSP Secure software development life cycle models Process Models Secure Process Set of activities performed to develop maintain and deliver a secure software solution Activities could be concurrent or iterative Process model provides a reference set of best practices that can be used for both process improvement and process assessment defines the characteristics of processes Usually have an architecture or a structure But no guarantees product is bug free Process Models Process Identify technical and management practices good software engineering practices to manage and build software Establishes Models common measures of organizational processes throughout the software development lifecycle SDLC But no guarantees product is bug free Process Models Typically also have a capability or maturity dimension used for assessment and evaluation purposes Assessments evaluations appraisals includes comparison of a process being practiced to a reference process model or standard understanding process capability in order to improve processes determining if the processes being practiced are adequately specified designed and implemented Software Development Life Cycle SDLC A survey of existing processes process models and standards seems to identify the following four SDLC focus areas for secure software development Security Engineering Activities Security Assurance Security Organizational and Project Management Activities Security Risk Identification and Management Activities SDLC Security Engineering Activities activities needed to engineer a secure solution security requirements elicitation and definition secure design based on design principles for security use of static analysis tools reviews and inspections secure testing etc Security Assurance Activities verification validation expert review artifact review and evaluations SDLC Security Organizational and Project Management Activities Organizational management Project management organizational policies senior management sponsorship and oversight establishing organizational roles project planning and tracking resource allocation and usage Security Risk Identification and Management Activities Cost based Risk analysis Risk mitigation System DLC Capability Maturity Models CMM CMM Provides reference model of mature practices Helps identify the potential areas of improvement Provides goal level definition for and key attributes for specific processes No operational guidance Focuses on Defines process characteristics CMM Three CMMs Capability Maturity Model Integration CMMI The integrated Capability Maturity Model iCMM and the Systems Security Engineering Capability Maturity Model SSE CMM Specifically to develop secure systems Why CMM Source http www secat com download locked pdf SSEovrw lkd pdf CMMI CMM Integration CMMI provides the latest best practices related to Includes Mechanisms to improve processes and Criteria for evaluating process capability and process maturity As of Dec 2005 the SEI reports development maintenance and acquisition 1106 organizations and 4771 projects have reported results from CMMI based appraisals its predecessor the software CMM SW CMM Since 80s Dec 2005 3049 Organizations 16 540 projects CMMI Integrated CMM iCMM is widely used in the Federal Aviation Administration FAA iCMM Provides a single model for enterprise wide improvement integrates the following standards and models ISO 9001 2000 EIA IS 731 Malcolm Baldrige National Quality Award and President s Quality Award criteria CMMI SE SW IPPD and CMMI A ISO IEC TR 15504 ISO IEC 12207 and ISO IEC CD 15288 Integrated CMM Trusted CMM Trusted Early 1990 Trusted Software Methodology TSM TSM defines trust levels CMM Low emphasizes resistance to unintentional vulnerabilities High adding processes to counter malicious developers TSM was later harmonized with CMM Not much in use Systems Security Engineering CMM The To improve and assess the security engineering capability of an organization provides a comprehensive framework for SSE CMM evaluating security engineering practices against the generally accepted security engineering principles provides a way to measure and improve performance in the application of security engineering principles SSE CMM Purpose To fill the lack of a comprehensive framework for evaluating security engineering practices against the principles The for SSE CMM SSE CMM also describes the essential characteristics of an organization s security engineering processes The SSE CMM is now ISO IEC 21827 standard version 3 is available Security Engineering Process Security Risk Process Security is part of Engineering Assurance SSE CMM Dimensions Practices generic that indicate Process Management Institutionalization Capability All the base practices SSE CMM 129 base practices Organized into 22 process areas 61 of these organized in 11 process areas cover all major areas of security engineering Remaining relates to project and organization domains Base practice Applies across the life cycle of the enterprise Does not overlap with other base practices Represents a best practice of the security community Does not simply reflect a state of the art technique Is applicable using multiple methods in multiple business context Does not specify a particular method or tool Process Area Assembles related activities in one area for ease of use Relates to valuable security engineering services Applies across the life cycle of the enterprise Can be implemented in multiple organization and product contexts Can be improved as a distinct process Can be improved by a group with similar interests in the process Includes all base practices that are required to meet the goals of the process area Process Areas Process Areas related to Security Engineering process areas Process Areas related to project and Organizational practices Generic Process Areas Activities that apply to all processes They are used during Measurement and institutionalization Capability levels Organize common features Ordered according to maturity Capability Levels 0 Not Performed Base Practices Performed 1 Performed Informally 2 Planned Tracked 3 Well Defined Committing to perform Defining a standard process Planning performance Tailoring standard