secure software development
play

Secure Software Development TDDC90 Software Security Ulf Kargn - PowerPoint PPT Presentation

Sep 22, 2022 •1.17k likes •1.91k views

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Agenda Securing the software

  1. Secure Software Development TDDC90 – Software Security Ulf Kargén Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen

  2. Agenda • Securing the software development life cycle • Example of a formal secure development method • Secure architectural, design and implementation patterns 2

  3. Introduction We do not simply write code, and then as an afterthought test and patch it to ensure that it fulfills a functional requirement: If we want a piece of code that sums integers, then we state this before we start coding and specifically write the code to sum integers. We do not randomly write code and then try and patch the code to sum integers . 3

  4. Introduction For non-functional requirements such as quality and security , the same logic applies: We do not patch a piece of code to ensure it fulfills a non-functional requirement . • Non-functional requirements are met not only by stating the requirements, but activities are required. • Security considerations must permeate all phases of the software development life cycle. 4

  5. Software Development Life Cycle Architecture Release & Requirements Implementation Verification and Design Maintenance Plan how the Test and Gather system shall Code and ensure that Release, patch, requirements work and how make test requirements release, patch, and use cases code should plans and design are … be written fulfilled 5

  6. Software Development Life Cycle Static analysis Risk analysis and Risk-based Security requirements penetration testing Risk analysis security tests Architecture Release & Requirements Implementation Verification and Design Maintenance Plan how the Test and Gather system shall Code and ensure that Release, patch, requirements work and how make test requirements release, patch, and use cases code should plans and design are … be written fulfilled 6

  7. Software Development Life Cycle Static analysis Risk analysis and Risk-based Security requirements penetration testing Risk analysis security tests Architecture Release & Requirements Implementation Verification and Design Maintenance Plan how the Test and Gather system shall Code and ensure that Release, patch, requirements work and how make test requirements release, patch, and use cases code should plans and design are … be written fulfilled 7

  8. Security Requirements • Requirements are gathered during the initial phase of the software development life cycle. • This is an opportunity to not only gather functional requirements, but also security requirements . • Several methods exists for gathering security requirements. • We will look at mis use cases , which can be seen as a method in itself, but also takes part in more elaborate methods (such as SQUARE). 8

  9. Use cases and Mis use cases • A use case illustrates required usage of a system – i.e. expected functionality. • However it is equally important to illustrate how one should not be able to use the system. • Misuse cases are used to identify threats and required countermeasures . 9

  10. Misuse case legend Image from Lillian Røstad – An extended misuse case notation: Including vulnerabilities and the insider threat 10

  11. Misuse case example • Electronic Patient Record (EPR) • Under normal circumstances patients should be registered in the system and linked to a specific ward – only personnel with access to the patients at this ward can then read the patients records. • During emergencies the organization and the law allows the use of an emergency access control function – which gives immediate access to any records needed. • For such an emergency control to be useful, it must be available at all time. This effectively creates a backdoor in the system that insiders can use to snoop around. • By identifying emergency access as a vulnerability we can also consider proper countermeasures – auditing (enables traceability and detection) and awareness training (making sure that users are aware of consequences of misuse). 11

  12. Electronic Patient Record Image from Lillian Røstad – An extended misuse case notation: Including vulnerabilities and the insider threat 12

  13. User input in web-based systems Image from Lillian Røstad – An extended misuse case notation: Including vulnerabilities and the insider threat 13

  14. An insider on the system development team Image from Lillian Røstad – An extended misuse case notation: Including vulnerabilities and the insider threat 14

  15. Requirements • Misuse cases is one method of gathering requirements. • Other more complex methods exists that range up to full- fledged risk analysis methods. • Misuse cases are good due to their simplicity, this increases the probability that they will be used. • When requirements have been gathered they are transferred to the design and architecture phase. 15

  16. Software Development Life Cycle Static analysis Risk analysis and Risk-based Security requirements penetration testing Risk analysis security tests Architecture Release & Requirements Implementation Verification and Design Maintenance Plan how the Test and Gather system shall Code and ensure that Release, patch, requirements work and how make test requirements release, patch, and use cases code should plans and design are … be written fulfilled 16

  17. Risk analysis • Risk analysis is used at the architecture & design phase and at the verification phase (to some degree also at requirements stage) • Helps to find and quantify risks and then allows us to change our architecture and design. • We will look briefly at CORAS and in more detail about Attack Trees. 17

  18. CORAS (overview) Step 1 – Experts and clients decide upon which system is to be analyzed and what parts of the system that should be focused upon. Step 2 – The system to be analyzed is formalized, assets are identified, high-level risk analysis. Images from Braber et al. – Model-based security analysis in seven steps – a guided tour to the CORAS method 18

  19. CORAS (overview) Step 3 – Prioritize assets, create scales for consequence and likelihood values, create risk evaluation matrix. Images from Braber et al. – Model-based security analysis in seven steps – a guided tour to the CORAS method 19

  20. CORAS (overview) Step 4 – Create threat Step 5 – Estimate risks diagrams through structured (consequence and likelihood) brainstorming (workshop). Images from Braber et al. – Model-based security analysis in seven steps – a guided tour to the CORAS method 20

  21. CORAS (overview) Step 6 – Risk evaluation, Step 7 – Risk treatment estimates are confirmed or adjusted. Images from Braber et al. – Model-based security analysis in seven steps – a guided tour to the CORAS method 21

  22. Attack trees Represent attacks against the system in a tree structure, with the goal as the root node and different ways of achieving that goal as leaf nodes. 22

  23. Attack Trees Open Safe Install Pick lock Learn combo Cut open improperly Find written Get combo combo from target Threaten Blackmail Eavesdrop Bribe Listen to Get target to conversation state combo 23

  24. Attack Trees Open Safe Install Pick lock Learn combo Cut open improperly Find written Get combo combo from target Threaten Blackmail Eavesdrop Bribe and Listen to Get target to conversation state combo 24

  25. Attack Trees P Open Safe I P P I Install Pick lock Learn combo Cut open improperly I P Find written Get combo combo from target I I I P Threaten Blackmail Eavesdrop Bribe and P I Listen to Get target to conversation state combo 25

  26. Attack Trees P Open Safe $10 I P P I Install Pick lock Learn combo Cut open improperly $30 $20 $10 $100 I P Find written Get combo combo from target $20 $75 I I I P Threaten Blackmail Eavesdrop Bribe $60 $100 $60 $20 and P I Listen to Get target to conversation state combo $20 $40 26

  27. Attack Trees • We can annotate the attack tree with many different kind of Boolean and continuous values: • “Legal” versus “Illegal” • “Requires special equipment” versus “No special equipment” • Probability of success, likelihood of attack, etc. • Once we have annotated the tree we can query it: • Which attacks cost less than $10? • Legal attacks that cost more than $50? • Would it be worth paying a person $80 so they are less susceptible to bribes? (In reality you need to also consider the probability of success) 27

  28. Attack Trees • First you identify possible attack goals. • Each goal forms a separate tree. • Add all attacks you can think of to the tree. • Expand the attacks as if they were goals downwards in the tree. • Let somebody else look at your tree, get comments from experts, iterate and re-iterate. • Keep your trees updated and use them to make security decisions throughout the software life cycle. 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Development*Process*for*Secure* So2ware Development Processes ( Lecture outline ) Emphasis on

Development*Process*for*Secure* So2ware Development Processes ( Lecture outline ) Emphasis on

Development*Process*for*Secure* So2ware Development Processes ( Lecture outline ) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development Lifecycle

598 views • 34 slides
What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recent Security Incidents Garmin Ransomware -- $10 million Sync servers down for many days

506 views • 21 slides
On the Secure Software Development in Early Stages within UML Profiles Ricardo J. Rodr guez

On the Secure Software Development in Early Stages within UML Profiles Ricardo J. Rodr guez

On the Secure Software Development in Early Stages within UML Profiles Ricardo J. Rodr guez rjrodriguez@unizar.es http://www.ricardojrodriguez.es 19 th September, 2011 This work has been developed in collaboration with Simona Bernardi

480 views • 45 slides
Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka ,

Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka ,

Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka , Hongyi Hu, Bryan Eastes, and Michelle L. Mazurek 12 Aug 2018 SECURE DEVELOPMENT 2 SECURE DEVELOPMENT 2 SECURE DEVELOPMENT 2 SECURE

565 views • 39 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE

Secure Web Application Development METHODOLOGIES AND AUTOMATED TOOLS MURAT KAYA SOFTWARE SECURITY SPECIALIST Agenda Software Security Overview Software Security Methodologies Security Test Methods Analysis Tools Tools

497 views • 25 slides
CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are

725 views • 23 slides
Outline Big-Picture Introduction CSci 4271W Development of Secure Software Systems

Outline Big-Picture Introduction CSci 4271W Development of Secure Software Systems

Outline Big-Picture Introduction CSci 4271W Development of Secure Software Systems Breakout-group Introductions Day 1: Introduction and logistics Stephen McCamant (he/him/his) Course Logistics University of Minnesota, Computer Science &

637 views • 6 slides
Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recap Symmetric keys Benefit: fastest, mathematically the strongest Drawback:

425 views • 23 slides
Open Source secure software updates for Linux-based IVI systems Arthur Taylor, CTO, ATS Advanced

Open Source secure software updates for Linux-based IVI systems Arthur Taylor, CTO, ATS Advanced

Open Source secure software updates for Linux-based IVI systems Arthur Taylor, CTO, ATS Advanced Telematic Systems Abstract Cyber security and vehicle recalls are two of the hottest topics in automotive software development right now.

351 views • 23 slides
Course Overview Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

Course Overview Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

Course Overview Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering Secure Software Benjamin S. Meyers 1 In-Person Procedures When you enter/leave the classroom: Grab a towel and wipe down your work station

299 views • 10 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Usability Engineering Secure Software Last Revised: October 28, 2020 SWEN-331: Engineering

Usability Engineering Secure Software Last Revised: October 28, 2020 SWEN-331: Engineering

Usability Engineering Secure Software Last Revised: October 28, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Quote: Taher El-Gamal, Inventor of SSL Security professionals always struggle with the general public because

753 views • 30 slides
Outline W X (DEP) CSci 4271W Return-oriented programming (ROP) Development of Secure

Outline W X (DEP) CSci 4271W Return-oriented programming (ROP) Development of Secure

Outline W X (DEP) CSci 4271W Return-oriented programming (ROP) Development of Secure Software Systems Day 6: Memory safety defenses and counter-attacks Announcements break Stephen McCamant University of Minnesota, Computer Science &

394 views • 4 slides
Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Networks, Cryptography, and You Most application developers Dont implement networking

333 views • 30 slides
Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Last Time... Always code defensively Validating input Principles

476 views • 19 slides
SDLC Lessons Learned By Vincent Liu Agenda Know what to look for Understand what you

SDLC Lessons Learned By Vincent Liu Agenda Know what to look for Understand what you

SDLC Lessons Learned By Vincent Liu Agenda Know what to look for Understand what you find And learn from the mistakes of others. App Sec Assurance Program Support Requirements Design Development QA Test Release &

467 views • 23 slides
So#ware Architecture Prof. Bertrand Meyer, Dr. Michela Pedroni ETH Zurich, FebruaryMay 2010

So#ware Architecture Prof. Bertrand Meyer, Dr. Michela Pedroni ETH Zurich, FebruaryMay 2010

Chair of Software Engineering So#ware Architecture Prof. Bertrand Meyer, Dr. Michela Pedroni ETH Zurich, FebruaryMay 2010 Lecture 2: The software lifecycle Software lifecycle models Describe an overall distribution of the software

296 views • 27 slides
DCC Lifecycle Curation Model 2.0 Sayeed Choudhury, Johns Hopkins University Carole Palmer &

DCC Lifecycle Curation Model 2.0 Sayeed Choudhury, Johns Hopkins University Carole Palmer &

DCC Lifecycle Curation Model 2.0 Sayeed Choudhury, Johns Hopkins University Carole Palmer & Rainbow Huang, University of Washington 2019 IDCC February 5, 2019 Rationale for Research DCC Lifecycle Model has play an important role in

322 views • 8 slides
1 If it's not merely programming Life Cycle What is it? Software life cycle Life Cycle

1 If it's not merely programming Life Cycle What is it? Software life cycle Life Cycle

Announcements CSE 403, Software Engineering Quiz section will be held in CSE 305 Lecture 2 Software Life Cycle Project Schedule Writing assignment Preliminary Design, April 15 Due Monday, 1:30 pm, April 4 Preliminary Release,

162 views • 4 slides
COMP380 SPRING 2011 Midterm I Student Name: _____________________________________ Team No.:

COMP380 SPRING 2011 Midterm I Student Name: _____________________________________ Team No.:

COMP380 SPRING 2011 Midterm I Student Name: _____________________________________ Team No.: __________________________ 1. Software engineering is "the application of a ________, __________, _________ approach to the development, operation,

290 views • 4 slides
DEFECT DETECTION IN A DEFECT DETECTION IN A DISTRIBUTED SOFTWARE DISTRIBUTED SOFTWARE

DEFECT DETECTION IN A DEFECT DETECTION IN A DISTRIBUTED SOFTWARE DISTRIBUTED SOFTWARE

DEFECT DETECTION IN A DEFECT DETECTION IN A DISTRIBUTED SOFTWARE DISTRIBUTED SOFTWARE MAINTENANCE PROJECT MAINTENANCE PROJECT Alessandro Bianchi, Danilo Caivano, Filippo Lanubile, Giuseppe Visaggio SER_Lab - Department of Informatics -

134 views • 12 slides
CS 5150 So(ware Engineering Reuse and Legacy Systems

CS 5150 So(ware Engineering Reuse and Legacy Systems

Cornell University Compu1ng and Informa1on Science CS 5150 So(ware Engineering Reuse and Legacy Systems William Y. Arms Economics So(ware is

608 views • 22 slides
OSG Technologies Updates Brian Bockelman OSG AHM 2014 This presentation Ill cover topics

OSG Technologies Updates Brian Bockelman OSG AHM 2014 This presentation Ill cover topics

OSG Technologies Updates Brian Bockelman OSG AHM 2014 This presentation Ill cover topics from several OSG functional areas, including: Technology (and software): with inputs from Tim Cartwright and Tim Theisen. Campus Grids:

295 views • 26 slides

More recommend