Dec 9, 2004TrustRelationshipsProblem Sources (Neumann)Types of AssuranceWaterfall Life Cycle ModelOther Models of Software DevelopmentModelsArchitectural considerations for assuranceArchitectural considerations Example: Four layer architectureTrusted Computing Base (Security an integral part)Trusted Computing BaseTechniques for Design AssuranceDesign meets requirements?Requirement mapping and informal correspondenceDesign meets requirements?Implementation considerations for assuranceImplementation meets Design?Code development and testingOperation and maintenance assuranceSlide 21What is Formal Evaluation?Formal Evaluation: Why?TCSEC: The OriginalTCSEC Class AssurancesTCSEC Class Assurances (continued)TCSEC: Evaluation processTCSEC: ProblemsLater StandardsSlide 30Common Criteria: OriginCommon Criteria: Functional RequirementsCommon Criteria: Assurance RequirementsCommon Criteria: Evaluation Assurance LevelsCommon Criteria: Evaluation ProcessCommon Criteria: StatusWhat is Malicious Code?Types of Malicious CodeTrojan HorsePropagationVirusVirus TypesVirus Types/PropertiesWormsWe can’t detect it: Now what? DetectionDetectionDefenseSlide 49Slide 50Slide 51Risk ManagementRiskRisk Assessment/AnalysisRisk Assessment stepsRisk Assessment steps (2)Example 1Example 2Example 2 (2)Some Arguments against Risk AnalysisSlide 61Laws and SecurityCopyrightsCopyright infringementPatentSlide 66Trade SecretComparisonComputer crimeComputer Crime related lawsEthicsLaw vs EthicsEthical reasoningEthics ExampleCodes of ethicsCourtesy of Professors Chris Clifton & Matt BishopINFSCI 2935: Introduction of Computer Security1Dec 9, 2004Dec 9, 2004Assurance & EvaluationAssurance & EvaluationMalicious code, Risk ManagementMalicious code, Risk ManagementLegal IssuesLegal IssuesLecture 10Lecture 10INFSCI 2935: Introduction to Computer Security 2TrustTrustTrustworthyTrustworthy entity has sufficient credible entity has sufficient credible evidence leading one to believe that the system evidence leading one to believe that the system will meet a set of requirementswill meet a set of requirementsTrustTrust is a measure of trustworthiness relying on is a measure of trustworthiness relying on the evidencethe evidenceAssuranceAssurance is confidence that an entity meets its is confidence that an entity meets its security requirements based on evidence security requirements based on evidence provided by the application of assurance provided by the application of assurance techniquestechniquesFormal methods, design analysis, testing etc.INFSCI 2935: Introduction to Computer Security 3RelationshipsRelationshipsPolic yMechanismsAssuranceStatement of requirements that explicitly definesthe security expectations of the mechanism(s)Provides justification that the mechanism meets policythrough assurance evidence and approvals based onevidenceExecutable entities that are designed and implementedto meet the requirements of the policyEvaluation standardsTrusted Computer System Evaluation Criteria Information Technology Security Evaluation Criteria Common CriteriaINFSCI 2935: Introduction to Computer Security 4Problem Sources (Neumann)Problem Sources (Neumann)1.1.Requirements definitions, omissions, and mistakesRequirements definitions, omissions, and mistakes2.2.System design flawsSystem design flaws3.3.Hardware implementation flaws, such as wiring and chip Hardware implementation flaws, such as wiring and chip flawsflaws4.4.Software implementation errors, program bugs, and Software implementation errors, program bugs, and compiler bugscompiler bugs5.5.System use and operation errors and inadvertent mistakesSystem use and operation errors and inadvertent mistakes6.6.Willful system misuseWillful system misuse7.7.Hardware, communication, or other equipment malfunctionHardware, communication, or other equipment malfunction8.8.Environmental problems, natural causes, and acts of GodEnvironmental problems, natural causes, and acts of God9.9.Evolution, maintenance, faulty upgrades, and Evolution, maintenance, faulty upgrades, and decommissionsdecommissionsINFSCI 2935: Introduction to Computer Security 5Types of AssuranceTypes of AssurancePolicy assurancePolicy assurance is evidence establishing security is evidence establishing security requirements in policy is complete, consistent, requirements in policy is complete, consistent, technically soundtechnically soundDesign assuranceDesign assurance is evidence establishing design is evidence establishing design sufficient to meet requirements of security policysufficient to meet requirements of security policyImplementation assuranceImplementation assurance is evidence establishing is evidence establishing implementation consistent with security requirements of implementation consistent with security requirements of security policysecurity policyOperationalOperational assuranceassurance is evidence establishing system is evidence establishing system sustains the security policy requirements during sustains the security policy requirements during installation, configuration, and day-to-day operationinstallation, configuration, and day-to-day operationINFSCI 2935: Introduction to Computer Security 6Waterfall Life Cycle ModelWaterfall Life Cycle ModelRequirementsdefinition andanalysisSystem andsoftwaredesignImplementationand unittestingIntegrationand systemtestingOperationandmaintenanceINFSCI 2935: Introduction to Computer Security 7Other Models of Other Models of Software DevelopmentSoftware DevelopmentExploratory programmingExploratory programmingDevelop working system quicklyNo requirements or design specification, so low assurancePrototyping (Similar to Exploratory)Prototyping (Similar to Exploratory)Objective is to establish system requirementsFuture iterations (after first) allow assurance techniquesFormal transformationFormal transformationCreate formal specificationVery conducive to assurance methodsINFSCI 2935: Introduction to Computer Security 8ModelsModelsSystem assembly from reusable componentsSystem assembly from reusable componentsDepends on whether components are trustedMust assure connections, composition as wellVery complex, difficult to assureThis is common approach to building secure and trusted systemsExtreme programmingExtreme programmingRapid prototyping and “best practices”Project driven by business decisionsRequirements open until project completeComponents tested,
View Full Document