evaluating existing systems
play

Evaluating Existing Systems Standards approaches arent always - PowerPoint PPT Presentation

Nov 25, 2023 •278 likes •527 views

Evaluating Existing Systems Standards approaches arent always suitable Not helpful for evaluating the security of running systems Not great for custom systems What do you do for those problems? Lecture 15 Page 1 CS 236 Online

  1. Evaluating Existing Systems • Standards approaches aren’t always suitable • Not helpful for evaluating the security of running systems • Not great for custom systems • What do you do for those problems? Lecture 15 Page 1 CS 236 Online

  2. Two Different Kinds of Problems 1. I need to evaluate the design and implementation of the system 2. I need to evaluate what’s going on in the system as it runs Lecture 15 Page 2 CS 236 Online

  3. Evaluating System Design Security • Sometimes standards aren’t the right choice • What if you’re building your own custom system? • Or being paid to evaluate someone else’s? – That’s some companies’ business • This kind of review is about design and architecture – Evaluating running systems comes later Lecture 15 Page 3 CS 236 Online

  4. How Do You Evaluate a System’s Security? • Assuming you have high degree of access to a system – Because you built it or are working with those who did • How and where do you start? • Much of this material is from “The Art of Software Security Assessment,” Dowd, McDonald, and Schuh Lecture 15 Page 4 CS 236 Online

  5. Stages of Review • You can review a program’s security at different stages in its life cycle – During design – Upon completion of the coding – When the program is in place and operational • Different issues arise in each case Lecture 15 Page 5 CS 236 Online

  6. Design Reviews • Done perhaps before there’s any code • Just a design • Clearly won’t discover coding bugs • Clearly could discover fundamental flaws • Also useful for prioritizing attention during later code review Lecture 15 Page 6 CS 236 Online

  7. Purpose of Design Review • To identify security weaknesses in a planned software system • Essentially, identifying threats to the system • Performed by a process called threat modeling • Usually (but not always) performed before system is built Lecture 15 Page 7 CS 236 Online

  8. Attack Surfaces • Attackers have to get into your software somehow • The more ways they can interact with the software, the more things you must protect • Some entry points are more dangerous than others – E.g., those that lead to escalated privilege • A combination of these factors defines a system’s attack surface • The smaller the attack surface, the better – But attack surface doesn’t indicate actual flaws, just places where they could occur Lecture 15 Page 8 CS 236 Online

  9. Threat Modeling • Done in various ways • One way uses a five step process: 1. Information collection 2. Application architecture modeling 3. Threat identification 4. Documentation of findings 5. Prioritizing the subsequent implementation review Lecture 15 Page 9 CS 236 Online

  10. 1. Information Collection • Collect all available information on design • Try to identify: – Assets – Entry points – External entities – External trust levels – Major components – Use scenarios Lecture 15 Page 10 CS 236 Online

  11. One Approach 1 • Draw an end-to-end deployment scenario • Identify roles of those involved • Identify key usage scenario • Identify technologies to be used • Identify application security mechanisms 1 From http://msdn.microsoft.com/en-us/library/ms978527.aspx Lecture 15 Page 11 CS 236 Online

  12. Sources of Information • Documentation • Interviewing developers • Standards documentation • Source code profiling – If source already exists • System profiling – If a working version is available Lecture 15 Page 12 CS 236 Online

  13. 2. Application Architecture Modeling • Using information gathered, develop understanding of the proposed architecture • To identify design concerns • And to prioritize later efforts • Useful to document findings using some type of model Lecture 15 Page 13 CS 236 Online

  14. Modeling Tools for Design Review • Markup languages (e.g., UML) – Particularly diagramming features – Used to describe OO classes and their interactions – Also components and uses • Data flow diagrams – Used to describe where data goes and what happens to it Lecture 15 Page 14 CS 236 Online

  15. 3. Threat Identification • Based on models and other information gathered • Identify major security threats to the system’s assets • Sometimes done with attack trees Lecture 15 Page 15 CS 236 Online

  16. Attack Trees • A way to codify and formalize possible attacks on a system • Makes it easier to understand relative levels of threats – In terms of possible harm – And probability of occurring Lecture 15 Page 16 CS 236 Online

  17. A Sample Attack Tree • For a web application involving a database • Only one piece of the attack tree 1. Attacker gains access to user’s personal information 1.1 Gain 1.2 Login 1.3 Hijack 1.4 direct as target user Intercept access to user session personal database data 1.1.1 1.2.1 Brute 1.2.2 Steal 1.3.1 1.4.1 ID 1.4.2 Exploit force user Steal user Sniff application password credentials user connection network hole attack cookie Lecture 15 Page 17 CS 236 Online

  18. The STRIDE Approach • Developed and used by Microsoft – Part of their SDL threat modeling process 1 • Depends on having built a good system model diagram – Showing components, data flows, interactions – Specifying where data and control cross trust boundaries • Then, for each element, consider the STRIDE threats 1 http://blogs.technet.com/b/security/archive/2012/08/23/microsoft-s-free-security- tools-threat-modeling.aspx Lecture 15 Page 18 CS 236 Online

  19. STRIDE Threats • S poofing • T ampering • R epudiation • I nformation Disclosure • D enial of Service • E scalation of Privilege Lecture 15 Page 19 CS 236 Online

  20. How To Apply STRIDE • For each element in diagram, consider each possible STRIDE threat • Some types of threats not applicable to some types of elements • Pay particular attention to things happening across trust boundaries Lecture 15 Page 20 CS 236 Online

  21. 4. Documentation of Findings • Summarize threats found – Give recommendations on addressing each • Generally best to prioritize threats – How do you determine priorities? – DREAD methodology is one way Lecture 15 Page 21 CS 236 Online

  22. DREAD Risk Ratings • Assign number from 1-10 on these categories: • D amage potential • R eproducibility • E xploitability • A ffected users • D iscoverability • Then add the numbers up for an overall rating • Gives better picture of important issues for each threat Lecture 15 Page 22 CS 236 Online

  23. 5. Prioritizing Implementation Review • Review of actual implementation once it’s available • Requires a lot of resources • You probably can’t look very closely at everything • Need to decide where to focus limited amount of attention Lecture 15 Page 23 CS 236 Online

  24. One Prioritization Approach • Make a list of the major components • Identify which component each risk (identified earlier) belongs to • Total the risk scores for categories • Use the resulting numbers to prioritize Lecture 15 Page 24 CS 236 Online

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evaluating Performance of Burst Buffer Models for Real-Application Workloads in HPC Systems

Evaluating Performance of Burst Buffer Models for Real-Application Workloads in HPC Systems

Evaluating Performance of Burst Buffer Models for Real-Application Workloads in HPC Systems Harsh Khetawat Frank Mueller Christopher Zimmer Introduction Existing storage systems becoming bottleneck Solution: burst buffers Use

426 views • 6 slides
EVALUATING R E C O M M E N D E R SYSTEMS A C C U R A C Y A N D B E Y O N D

EVALUATING R E C O M M E N D E R SYSTEMS A C C U R A C Y A N D B E Y O N D

EVALUATING R E C O M M E N D E R SYSTEMS A C C U R A C Y A N D B E Y O N D GITHUB.COM/HCORONA/AICS-2016 H U M B E R TO C O R O N A @ TO TO PA M P I N 2 4 -1 0 - 2 0 1 6 A B O U T M E 2 R E F E R E N C E S [1] Humberto Jess Corona

377 views • 35 slides
Technologies for Evaluating Risks to Existing Berth Infrastructure from Larger Vessels 2019

Technologies for Evaluating Risks to Existing Berth Infrastructure from Larger Vessels 2019

Technologies for Evaluating Risks to Existing Berth Infrastructure from Larger Vessels 2019 Facilities Engineering Seminar 1 Risks Posed by Larger Vessels 1. Navigation 2. Passing other docks 3. Maneuvering at berth 4. Berthing 5. Mooring

383 views • 23 slides
11 Practicalities 2: Evaluating MT Systems Now that weve talked about how to create machine

11 Practicalities 2: Evaluating MT Systems Now that weve talked about how to create machine

11 Practicalities 2: Evaluating MT Systems Now that weve talked about how to create machine translation systems and generate output, wed like to know how well they are doing at generating good translations. This chapter is concerned with

499 views • 10 slides
11 Practicalities 2: Evaluating MT Systems Now that weve talked about how to create machine

11 Practicalities 2: Evaluating MT Systems Now that weve talked about how to create machine

11 Practicalities 2: Evaluating MT Systems Now that weve talked about how to create machine translation systems and generate output, wed like to know how well they are doing at generating good translations. This chapter is concerned with

358 views • 11 slides
Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 15 Page 1 CS 236 Online Evaluating Program Security What if your task isnt writing secure code? Its determining if someone

423 views • 16 slides
Evaluating regions of attraction of LTI systems with saturation in IQS framework Dimitri

Evaluating regions of attraction of LTI systems with saturation in IQS framework Dimitri

Evaluating regions of attraction of LTI systems with saturation in IQS framework Dimitri Peaucelle Sophie Tarbouriech Martine Ganet-Schoeller Samir Bennani Presented first at 7th IFAC Symposium on Robust Control Design / Aalborg Seminar

337 views • 18 slides
EVALUATING THE USE OF WEB- BASED SYSTEMS TO MANAGE POLICY DOCUMENTATION IN WINTER MAINTENANCE

EVALUATING THE USE OF WEB- BASED SYSTEMS TO MANAGE POLICY DOCUMENTATION IN WINTER MAINTENANCE

EVALUATING THE USE OF WEB- BASED SYSTEMS TO MANAGE POLICY DOCUMENTATION IN WINTER MAINTENANCE Wilfrid Nixon (Salt Institute) and Fahad Shuja (Ontario Good Roads Association) Learning Outcomes At the end of this presentation, listeners will

245 views • 22 slides
CSE 258 Lecture 4 Web Mining and Recommender Systems Evaluating Classifiers Last lecture

CSE 258 Lecture 4 Web Mining and Recommender Systems Evaluating Classifiers Last lecture

CSE 258 Lecture 4 Web Mining and Recommender Systems Evaluating Classifiers Last lecture How can we predict binary or categorical variables? {0,1}, {True, False} {1, , N} Last lecture Will I purchase this product? (yes) Will I

1.15k views • 46 slides
Longevity and Expected Performance of the Existing Muon Systems at the LHC Experiments Pascal

Longevity and Expected Performance of the Existing Muon Systems at the LHC Experiments Pascal

Longevity and Expected Performance of the Existing Muon Systems at the LHC Experiments Pascal Dupieux (ALICE) Paolo Iengo (ATLAS) with the help of: Cristina Fernandez Bedoya (CMS) Gaia Lanfranchi (LHCb) Muon Systems at LHC Muon Systems have

431 views • 20 slides
ineral ccurrence evenue stimation & isualization ool A System for Evaluating Potential

ineral ccurrence evenue stimation & isualization ool A System for Evaluating Potential

ineral ccurrence evenue stimation & isualization ool A System for Evaluating Potential Revenue and Carbon Emissions from Mineral Resources for Existing and Expanded Transportation Networks in the Alaska - Northwest Canada region Colin

632 views • 34 slides
Student T.E.A.M.S. Student Teams Evaluating, Analyzing, Measuring Systems Dr. Deb Oliver,

Student T.E.A.M.S. Student Teams Evaluating, Analyzing, Measuring Systems Dr. Deb Oliver,

Student T.E.A.M.S. Student Teams Evaluating, Analyzing, Measuring Systems Dr. Deb Oliver, Executive Director, Iowa Quality Center Rob Taylor, Taylor Management Systems Student Teams Program Student T .E.A.M.S. History Student T

447 views • 16 slides
Tools and Data Sets for Developing and Evaluating Algorithms for Blended Objects Wednesday,

Tools and Data Sets for Developing and Evaluating Algorithms for Blended Objects Wednesday,

Blending Workshop Breakout Session #5 Tools and Data Sets for Developing and Evaluating Algorithms for Blended Objects Wednesday, August 15, 1:30 to 3:00pm Agenda 1. Combining existing space & ground imaging - overview - Harry Ferguson

721 views • 37 slides
Evaluating Causal Models by Comparing Interventional Distributions Dan Garant and David Jensen

Evaluating Causal Models by Comparing Interventional Distributions Dan Garant and David Jensen

Evaluating Causal Models by Comparing Interventional Distributions Dan Garant and David Jensen Knowledge Discovery Laboratory College of Information and Computer Sciences University of Massachusetts Amherst Findings Existing approaches to

430 views • 29 slides
Evaluating On-demand Pseudonym Acquisition Policies in Vehicular Communication Systems Mohammad

Evaluating On-demand Pseudonym Acquisition Policies in Vehicular Communication Systems Mohammad

Evaluating On-demand Pseudonym Acquisition Policies in Vehicular Communication Systems Mohammad Khodaei and Panos Papadimitratos Networked Systems Security Group (NSS) www.ee.kth.se/nss July 5, 2016 M. Khodaei and P. Papadimitratos (KTH)

670 views • 21 slides
Implementing and Evaluating a Model Checker for TM Systems Woongki Baek, Nathan Bronson,

Implementing and Evaluating a Model Checker for TM Systems Woongki Baek, Nathan Bronson,

Implementing and Evaluating a Model Checker for TM Systems Woongki Baek, Nathan Bronson, Christos Kozyrakis, Kunle Olukotun wkbaek@stanford.edu Stanford University Introduction Transactional Memory (TM) simplifies parallel programming

357 views • 22 slides
Lecture 16: Midterm Review (RTL and Timing) CSE 140: Components and Design Techniques for

Lecture 16: Midterm Review (RTL and Timing) CSE 140: Components and Design Techniques for

Lecture 16: Midterm Review (RTL and Timing) CSE 140: Components and Design Techniques for Digital Systems Diba Mirza Dept. of Computer Science and Engineering University of California, San Diego 1 Final breakup Multiple Choice (Misc):

414 views • 20 slides
The Technical Design Report (TDR) and the Detailed (functional) Specification of the CBM

The Technical Design Report (TDR) and the Detailed (functional) Specification of the CBM

The Technical Design Report (TDR) and the Detailed (functional) Specification of the CBM Superconducting Dipole G. Moritz CBM Dipole Conceptional Design Review May 22-24 2017 GSI Darmstadt CBM Dipole Design history work by JINR, Dubna

777 views • 25 slides
Final Review Introduction to Web Design Final exam on Thursday, December 19 at 12:00 p.m. Final

Final Review Introduction to Web Design Final exam on Thursday, December 19 at 12:00 p.m. Final

Final Review Introduction to Web Design Final exam on Thursday, December 19 at 12:00 p.m. Final Review Introduction to Web Design The format of the final exam is multiple-choice. Final Exam Questions will be both concept- and code-based. You

524 views • 19 slides
How to Send Map-Replies Anaheim IETF - LISP WG Isidor Kouvelas & Dino Farinacci March 2010

How to Send Map-Replies Anaheim IETF - LISP WG Isidor Kouvelas & Dino Farinacci March 2010

How to Send Map-Replies Anaheim IETF - LISP WG Isidor Kouvelas & Dino Farinacci March 2010 Problem Statement LISP Map-Reply Destination Address From Map-Request source address From ITR-RLOC in Map-Request payload Need an

517 views • 7 slides
MAIN MEMORY SYSTEM Mahdi Nazm Bojnordi Assistant Professor School of Computing University of

MAIN MEMORY SYSTEM Mahdi Nazm Bojnordi Assistant Professor School of Computing University of

MAIN MEMORY SYSTEM Mahdi Nazm Bojnordi Assistant Professor School of Computing University of Utah CS/ECE 6810: Computer Architecture Overview Announcement Homework 3 submission deadline: Nov. 11 th This and the following lectures

845 views • 24 slides
MAIN MEMORY SYSTEM Mahdi Nazm Bojnordi Assistant Professor School of Computing University of

MAIN MEMORY SYSTEM Mahdi Nazm Bojnordi Assistant Professor School of Computing University of

MAIN MEMORY SYSTEM Mahdi Nazm Bojnordi Assistant Professor School of Computing University of Utah CS/ECE 6810: Computer Architecture Overview Announcement Tonight: Homework 4 submission deadline This and the following lectures

630 views • 28 slides
CSE 291E / EE260C Spring 2002 Outline Embedded Memories How memory fits into the

CSE 291E / EE260C Spring 2002 Outline Embedded Memories How memory fits into the

E mbedded Memories CSE 291E / EE260C Spring 2002 Outline Embedded Memories How memory fits into the roadmap Memory Technology SRAM, DRAM, ROM, Flash DRAM Memory Architectures Page Mode, SDRAM, Rambus Tim Sherwood

771 views • 34 slides
Functional In-place Update with Layered Datatype Sharing Michal Kone cn y LFCS, University

Functional In-place Update with Layered Datatype Sharing Michal Kone cn y LFCS, University

Functional In-place Update with Layered Datatype Sharing Michal Kone cn y LFCS, University of Edinburgh part of a wider collaboration with David Aspinall, Martin Hofmann, Robert Atkey M. Kone cn y, LFCS Edinburgh Theory seminar,

479 views • 47 slides

More recommend