1IS 2620: Developing Secure SystemsJan 16, 2007Secure Software Development Models/MethodsLecture 1Secure Software Development Models/MethodsLecture 1Contactz James Joshiz 706A, IS Buildingz Phone: 412-624-9982 z E-mail: [email protected] Web:http://www.sis.pitt.edu/~jjoshi/courses/IS2620/Spring07/z Office Hours: z Thursdays: 1.00 – 3.00 p.m. or By appointmentsz GSA: [Saubhagya Joshi]2Course Objectivez The objective of the coursez To learn the principles and practice of secure information system designz Life cycle models/ security engineering principlesz To learn about how to implement secure and high assurance information systemsz Secure programming (e.g., C, C++, Java)z To learn about the tools and techniques to conduct testing and analysis of systemsCourse Coveragez Secure software development processz Security Engineering/Lifecycle models z Software Development Modelsz Capability Maturity Models and Extensionsz Trustworthy computing Security Engineering Lifecyclez Secure Design/Implementation Principlesz Systems / softwarez Formal methods UMLSec, Model Checking (code, protocols)3Course Coveragez Secure programmingz Coding practices and guidelinesz Code analysis; z Language specific issues (C, C++, Java, .Net, ??)z Buffer overflows Race conditionsz Input validation SQL injectionz Cross-site scriptingMobile Codez Safe Languagesz High assurance architecturesz System/Software assurance (Web Services/ Service-oriented architectures)z Privacy/Digital Rights Management Issuesz Testingz Evaluationsz Toolsz Course materials – safari online materials, research papers, etc. (see web site)Pre-requisitez IS 2150/TEL 2810 Introduction to Computer Securityz Following courses are preferred but not required: z IS 2170/TEL 2820 Cryptography; TEL 2821 Network Security z IS 2511 or 2540 z Talk to the instructor if you are not sure of the background4Gradingz Tentative z Homework/presentation: 40%z Exams 20%z Project 40%z Extra credits may be obtained through other means. E.g. LERSAIS SeminarCourse Policyz Your work MUST be your ownz Zero tolerance for cheating/plagiarismz You get an F for the course if you cheat in anything however small – NO DISCUSSIONz Discussing the problem is encouragedz Homeworkz Penalty for late assignments (15% each day)z Ensure clarity in your answers – no credit will be given for vague answersz Homework is primarily the GSA’s responsibilityz Check webpage for everything!z You are responsible for checking the webpage for updates5Some Terms: Processz Processz A sequence of steps performed for a given purpose [IEEE]z Secure Processz Set of activities performed to develop, maintain, and deliver a secure software solutionz Activities could be concurrent or iterativeProcess Modelsz Process modelz provides a reference set of best practices that can be used for both z process improvement and z process assessment. z defines the characteristics of processes. z Usually have an architecture or a structure. z Most process models also have a capability or maturity dimension, that can be used for z assessment and z evaluation purposes.6Process Modelsz Process Modelsz have been produced to create z common measures of organizational processes throughout the software development lifecycle (SDLC). z identify many technical and management practicesz primarily address good software engineering practices to manage and build software z Do not, however, guarantee software developed is bug freeAssessmentsz Assessments, evaluations, appraisalsz Imply comparison of a process being practiced to a reference process model or standard. z used to understand process capability in order to improve processes. z help determine if the processes being practiced are z adequately specified, designed, integrated, and implemented sufficiently to support the needs7Software Development Life Cycle (SDLC)z A survey of existing processes, process models, and standards seems to identify the following four SDLC focus areas for secure software development.z Security Engineering Activities z Security Assurance z Security Organizational and Project Management Activities z Security Risk Identification and Management ActivitiesSDLCz Security Engineering Activities include z those activities needed to engineer a secure solution. z Examples include z security requirements elicitation and definition, secure design based on design principles for security, use of static analysis tools, reviews and inspections, secure testing, etc.. z Security Assurance Activities include z verification, validation, expert review, artifact review, and evaluations.8SDLCz Security Organizational and Project Management Activities include z Organizational managementz organizational policies, senior management sponsorship and oversight, establishing organizational roles, and other organizational activities that support security. z Project management z project planning and tracking, resource allocation and usage to ensure that the security engineering, security assurance, and risk identification activities are planned, managed, and tracked.z Security Risk Identification and Management Activities z identifying and managing security risks is one of the most important activities in a secure SDLCSystem DLC9Capability Maturity Models (CMM)z CMMz Provides reference model of mature practicesz Helps identify the potential areas of improvementz Provides goal-level definition for and key attributes for specific processesz No operational guidancez Defines process characteristicsCMMz Three CMMsz Capability Maturity Model Integration® (CMMI®), z The integrated Capability Maturity Model (iCMM), and the z Systems Security Engineering Capability Maturity Model (SSE-CMM)z Specifically to develop security10Why CMM?Source: http://www.secat.com/download/locked_pdf/SSEovrw_lkd.pdfCMMIz CMM Integration (CMMI) provides z the latest best practices for product and service development, maintenance, and acquisition, including mechanisms to help organizations improve their processes and provides criteria for evaluating process capability and process maturity. z As of Dec 2005, the SEI reports z 1106 organizations and 4771 projects have reported results from CMMI-based appraisals z its predecessor, the software CMM (SW-CMM)z Since 80s – Dec, 2005z 3049 Organizations + 16,540 projects11CMMIIntegrated CMMz iCMM is widely used in the Federal Aviation Administration (FAA-iCMM)z Provides a single model for enterprise-wide improvementz integrates the