security design refinem ent through mapping tactics to
play

Security Design Refinem ent through Mapping Tactics to Patterns - PowerPoint PPT Presentation

Oct 08, 2023 •221 likes •753 views

Security Design Refinem ent through Mapping Tactics to Patterns Jungw oo Ryoo, Penn State Rick Kazm an, SEI / University of Haw aii SATURN, San Diego May 5 , 2 0 1 6 Goals of this Session To provide a quick look at Software security

  1. Security Design Refinem ent through Mapping Tactics to Patterns Jungw oo Ryoo, Penn State Rick Kazm an, SEI / University of Haw aii SATURN, San Diego – May 5 , 2 0 1 6

  2. Goals of this Session To provide a quick look at – Software security basics – Secure software design – Architectural Analysis For Security (AAFS) To get some hands-on understanding of the relationships between security tactics and patterns 2

  3. Plan of Attack Tim e Activities 8: 30 – 8: 35 AM Introduction 8: 35 – 8: 45 AM Software Security Basics 8: 45 – 8: 50 AM Discussion 8: 50 – 9: 15 AM Secure Design and AAFS 9: 15 – 9: 45 AM Hands-on Mapping Exercise 9: 45 – 10: 00 AM Discussion 3

  4. Softw are Security: A Design-Centric Approach Software Security Introduction Secure Design AAFS 4

  5. Softw are Security: A Design-Centric Approach Software Security Introduction Secure Design AAFS 5

  6. W hy Softw are Security? Almost every aspect of our modern society – Depends on trustw orthy software … 6

  7. The Threats Are Real! 7

  8. Softw are Defects Manifestation of design flaws or implementation bugs Exposed under certain conditions – Naturally Our – Artificially Focus  Usually by exploits 8

  9. Softw are Engineering Practice Today Lacks the rigorous controls necessary to minimize the introduction of defects into software Because security is often: – Not a priority  Time to market – A financial burden – An afterthought 9

  10. The Goal of Softw are Security Ensure that software function properly under any circumstances – Including malicious attacks Prevention of software malfunction by removing or reducing the probability of – Design flaws – Implementation bugs 10

  11. How ever, there is no such thing as perfectly secure softw are! It is impossible to produce an absolutely bug-free software especially when the software is non-trivial (Gödel). The proof is not feasible, and is cost-prohibitive. Your goal is to make a hacker’s job as tough as possible to avoid becoming a victim. 11

  12. Defects, Bugs, and Flaw s Defects = Bugs + Flaws Defect (the most comprehensive) – Design vulnerabilities – Implementation vulnerabilities Bug – Simple implementation errors  e.g., using a function call vulnerable to an attack Flaw – Deeper than bugs and usually involves design mistakes  e.g., too many access points, inconsistent input filtering, … 12

  13. Risk We estimate risk as Risk Exposure (RE): RE(x) = P(x) * S(x) – P(x): the probability that defect x will impact the mission of the software – S(x): the size of the loss associated with defect x 13

  14. The Three Security Goals Confidentiality – Computing resources/ data (raw)/ information (processed) accessible only to the authorized users I ntegrity Computing resources/ data/ information m odifiable or – rem ovable only by the authorized users Availability Computing resources/ data/ information accessible w hen – needed by the authorized users 14

  15. Softw are Security: A Design-Centric Approach Software Security Introduction Secure Design AAFS 15

  16. Fundam entals of Secure Design To design in security you first need to understand the risks your system faces. For example, you might use the STRIDE threat model to enumerate risks. STRIDE stands for: S poofing, T ampering, R epudiation, I nformation Disclosure, D enial of Service, E levation of Privilege 16

  17. Threats versus Properties Each threat type violates a security property, e.g. – Spoofing attacks violate the Authentication property – Tampering attacks violate the Integrity property – Repudiation attacks violate the Non-Repudiation property – Information disclosure attacks violate the Confidentiality property – Denial of service attacks violate the Availability property – Elevation of privilege attacks violate the Authorization property 17

  18. Designing in Properties To design in a security property, we need an architectural strategy. We advocate patterns and tactics . 18

  19. Architectural / Design Patterns Patterns are proven (conceptual) solutions to recurring design problems. Many patterns exist ( thousands ), and they are documented across many pattern catalogs. It is difficult to draw a boundary between “design” and “architectural” patterns.

  20. Security Patterns Well-known solutions to – Recurring security problems Refined and instantiated from – Security tactics Closer to code

  21. Security Patterns And hundreds of security patterns have been cataloged. 21

  22. Security Tactics Tactics are more primitive than patterns. Patterns are constructed from tactics. 22

  23. Softw are Security: A Design-Centric Approach Software Security Introduction Secure Design AAFS 23

  24. Architectural Analysis Structured way of discovering – Design decisions in software  Present or  Absent – Quality attribute goals of stakeholders  Security,  Modifiability,  Performance,  Usability,  Etc.

  25. Significance of Architectural Analysis During early design – Recommended During maintenance – After the system is built  A basis for refactoring Consequences – Disruptions – Cost overruns – Risks  Poor security

  26. Motivations Not too many – W ell established architectural analysis methods – Example  Architectural Tradeoff Analysis Method (ATAM) Not to mention – Architectural analysis method specializing in security Dire need for Architectural Analysis for Security ( AAFS) Security: Costly and risky  dominant concern –

  27. Our Approach Make use of design constructs – Helps reason about security – Act as an analysis lens to zoom in Architectural Analysis For Security (AAFS) – Contains  Tactic-oriented Architectural Analysis (ToAA)  Pattern-oriented Architectural Analysis (PoAA)  Vulnerability-oriented Architectural Analysis (VoAA) – Uses  Interviews

  28. Tactics and Patterns Design Technique – Used to satisfy a single quality attribute requirement “Aha” moment – Why not for architectural analysis ?

  29. Vulnerabilities Software Weaknesses – Exploitation by attackers – Code level Vulnerability databases – Common Vulnerabilities and Exposures (CVE) – Common Weakness Enumeration (CWE) Relationship with architectural solutions – Missing tactic or pattern

  30. CVE vs. CW E CVE – Individual security incident reports – More than 70,000 and still counting CWE – Categories of the incident report – 940 entries

  31. Our Approach Provides a Holistic View of Security The ultimate goal – To identify  The absence or presence of a design decision  ToAA and PoAA  The m isinterpretation or violation of a design decision in the source code  VoAA

  32. Steps of Our Methodology Step 1 ToAA – Tactic-oriented Architectural Analysis (ToAA)  Fast PoAA Step 2 – Pattern-oriented Architectural Analysis (PoAA) VoAA Step 3 – Vulnerability-oriented Architectural Analysis (VoAA)

  33. Case Study OpenEMR – Electronic Medical Record (EMR) System – Open Source  Released in 2001  531,789 LOC  Big user base Factors in choosing a subject – Easy access to architect and source code

  34. ToAA Phase Interview an architect – Where – How Identify design – Rationale – Assumptions

  35. PoAA Phase Relate ToAA results to Patterns – ‘ Verify message integrity ’  ToAA Check tactic realization – Intercepting Validator  Verifies user inputs before they are used  Performs filtering to all requests or user inputs – According to validation rules  Forwards full, partial, or no input to the target – Depending on the validation results

  36. VoAA Phase Relate PoAA results to CWE categories – Ties the suspicion to a piece of code CWE entries related to – ‘ Verify message integrity ’ tactic – ‘ Intercepting validator ’ pattern CWE 8 9 : Improper neutralization of special elements used in an SQL command CWE 8 7 : Improper neutralization of alternate XSS syntax

  37. OpenEMR Analysis Sam ple Results ToAA – ‘ Verify message integrity ’  Partially supported by – Standard library functions for sanitizing user inputs PoAA – No intercepting validator VoAA – CWE 89: Ad hoc and incomplete coverage – CWE 87: No coverage

  38. Verification Vulnerability analysis by IBM AppScan OpenEMR Scan – OpenEMR Results  3.1.0  4.1.2 SQL injection 9 6 6 5 6 1 1 2 – Improving but still problematic SQL INJECTION XSS XSS 3.1.0 4.1.2 – Highly problematic

  39. Hands-on Session Part 1 SECURI TY TACTI CS DEFI NI TI ON EXERCI SE 39

  40. Preparation Form a team of 4-6 people Select – Spokesperson – Scribe 40

  41. Team 1 Group Task Review the tactics below and write down an example of each – Detect attacks  Detect intrusion  Detect service denial  Detect message delay  Verify message integrity 41

  42. Team 2 Group Task Review the tactics below and write down an example of each – Resist attacks  Identify, authenticate, and authorize actors  Limit access  Limit exposure 42

  43. Team 3 Group Task Review the tactics below and write down an example of each – Resist attacks  Encrypt data  Validate input  Separate entities  Change default settings 43

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini

Security Middleware for Distributed applications Professor : Sophie Chabridon Ma Siqi Shalini Nagar 1 CONTENTS Security Characterizing Security General Scenario Tactics for Security A Design Checklist for Security Summary 2 01

487 views • 25 slides
Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and

Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and

Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and Quantitative Analysis Selecting architectural patterns and tactics is largely qualitative decision making Need to evaluate design decisions and

716 views • 15 slides
TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment

TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment

TEXTURE MAPPING 1 OUTLINE Introduce Mapping Methods Texture Mapping Environment Mapping Bump Mapping Basic mapping strategies Forward vs backward mapping Point sampling vs area averaging Introduce

775 views • 25 slides
Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping -

Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping -

Image Warping Image Mapping Image Mapping - Examples Forward Mapping Forward Mapping - Disadvantages Example Forward Mapping Original Rotated Zoom In Backward Mapping The Problem: (u,v) are not integers! "# Nearest Neighbor

715 views • 49 slides
CS 671 Automated Reasoning Tactical Theorem Proving in NuPRL 1. Basic Tactics 2. Tacticals 3.

CS 671 Automated Reasoning Tactical Theorem Proving in NuPRL 1. Basic Tactics 2. Tacticals 3.

CS 671 Automated Reasoning Tactical Theorem Proving in NuPRL 1. Basic Tactics 2. Tacticals 3. Advanced Tactics Chaining, Induction, Case Analysis Tactics: User-defined inference rules Meta-level programs built using Basic inference rules

427 views • 8 slides
Memory System Design Chapter 16 S. Dandamudi Outline Introduction Building larger

Memory System Design Chapter 16 S. Dandamudi Outline Introduction Building larger

Memory System Design Chapter 16 S. Dandamudi Outline Introduction Building larger memories A simple memory block Mapping memory Memory design with D flip Full mapping flops Partial mapping Problems with the

466 views • 30 slides
Memory System Design Chapter 16 S. Dandamudi Outline Introduction Building larger

Memory System Design Chapter 16 S. Dandamudi Outline Introduction Building larger

Memory System Design Chapter 16 S. Dandamudi Outline Introduction Building larger memories A simple memory block Mapping memory Memory design with D flip Full mapping flops Partial mapping Problems with the

500 views • 15 slides
Reflexive Tactics From: Introduction to the COQ Proof-Assistant for Practical Software

Reflexive Tactics From: Introduction to the COQ Proof-Assistant for Practical Software

Reflexive Tactics From: Introduction to the COQ Proof-Assistant for Practical Software Verification (by Christine Paulin-Mohring) Timothy Frser Ltac by David Delahaye language for creating complex tactics without ML code COQ has a

549 views • 11 slides
New Trends & Practices Using Backwards Mapping to Design Curriculum At the end of this

New Trends & Practices Using Backwards Mapping to Design Curriculum At the end of this

New Trends & Practices Using Backwards Mapping to Design Curriculum At the end of this session, you will know: 1. The 3 stages of Backwards Design 2. Characteristics of BIG Ideas Objectives and Essential Questions 3. Use appropriate

506 views • 22 slides
Chapter 10, Object design is situated between system design and Mapping Models to Code

Chapter 10, Object design is situated between system design and Mapping Models to Code

Overview Object-Oriented Software Engineering Chapter 10, Object design is situated between system design and Mapping Models to Code implementation. Object design is not very well understood and if not well done, leads to a bad system

524 views • 7 slides
What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv INTRO / Who We Are We are Nguyet & Doug Collectively,

634 views • 39 slides
Mapping Models to Code Chapter 10, Overview Object design is situated between system design and

Mapping Models to Code Chapter 10, Overview Object design is situated between system design and

Object-Oriented Software Engineering Using UML, Patterns, and Java Mapping Models to Code Chapter 10, Overview Object design is situated between system design and implementation. Object design is not very well understood and if not well

665 views • 42 slides
Road Mapping HR Technology Projects Using a Human-Centered Design Approach SHRM-Atlanta SOAHR

Road Mapping HR Technology Projects Using a Human-Centered Design Approach SHRM-Atlanta SOAHR

Road Mapping HR Technology Projects Using a Human-Centered Design Approach SHRM-Atlanta SOAHR 2018 What will you learn? What is Human-Centered Design and how can it benefit HR? How Customer Journey Mapping helps HR prioritize their IT

304 views • 26 slides
Texture Mapping Surface mapping OpenGl and Implementation Details Texture mapping Bump

Texture Mapping Surface mapping OpenGl and Implementation Details Texture mapping Bump

Texture Mapping Surface mapping OpenGl and Implementation Details Texture mapping Bump Mapping CS351-50 Displacement mapping Actually moving geometry ie Create screw from cylinder, Terrain, etc 11.05.03 An Overview An

496 views • 11 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy & Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
Rowing Together - Communication Tactics in Ambulatory Systems and Collaboration Groups Tracking

Rowing Together - Communication Tactics in Ambulatory Systems and Collaboration Groups Tracking

Rowing Together - Communication Tactics in Ambulatory Systems and Collaboration Groups Tracking Quality, Finance, and Daily Improvement (MDI) Metrics Dina Aper, BSMLS (ASCP), CIC November 1, 2018 2 Objectives Define Communication Tactics

416 views • 19 slides
Cybersecurity Shorts: Short Cyber Training Videos for Todays Workforce Dr. Kelly S. Wright,

Cybersecurity Shorts: Short Cyber Training Videos for Todays Workforce Dr. Kelly S. Wright,

Cybersecurity Shorts: Short Cyber Training Videos for Todays Workforce Dr. Kelly S. Wright, CISSP Instructional Systems Specialist IT Workforce Development (ITWD) Office of Information & Technology Department of Veterans Affairs Why

360 views • 24 slides
Galois geometries contributing to cryptography Leo Storme Ghent University Dept. of Mathematics

Galois geometries contributing to cryptography Leo Storme Ghent University Dept. of Mathematics

Cryptography Secret sharing scheme Message Authentication code (MAC) Linear MDS code in AES Galois geometries contributing to cryptography Leo Storme Ghent University Dept. of Mathematics Krijgslaan 281 - S22 9000 Ghent Belgium Opatija,

729 views • 44 slides
Information authentication for linear-coding-based communication networks: Homomorphic

Information authentication for linear-coding-based communication networks: Homomorphic

Information authentication for linear-coding-based communication networks: Homomorphic Message Authentication Codes Why do we need informa/on authen/ca/on? Why do we need informa/on

364 views • 19 slides
Middleware for the Internet of Things Revision : 536 Chantal Taconet SAMOVAR, Tlcom

Middleware for the Internet of Things Revision : 536 Chantal Taconet SAMOVAR, Tlcom

Middleware for the Internet of Things Revision : 536 Chantal Taconet SAMOVAR, Tlcom SudParis, CNRS, Universit Paris-Saclay September 2017 Outline 1. Internet of Things (IoT) 2. Middleware for the IoT 3. Standardization, reference

1.22k views • 65 slides
t PP t st

t PP t st

trt rt PP t P s ss t tt ts t

898 views • 15 slides
Disclaimer This document does not constitute or form part of and should not be construed as a

Disclaimer This document does not constitute or form part of and should not be construed as a

Presentation Title ( Arial, Font size 28 ) The Tata Power Company Limited Analyst Call, Q3 FY18 Date, Venue, etc ..( Arial, Font size 18 ) 14 th February 2018 Message Box ( Arial, Font size 18 Bold) Disclaimer This document does not

635 views • 19 slides
Lindsey M. Stepp, Commissioner 109 Pleasant Street, Concord, NH 03301 603-230-5000 Michelle

Lindsey M. Stepp, Commissioner 109 Pleasant Street, Concord, NH 03301 603-230-5000 Michelle

Municipal Tax Rate Setting Portal MTRSP Uploading Documents Municipal & Property Division NH Department of Revenue Administration Lindsey M. Stepp, Commissioner 109 Pleasant Street, Concord, NH 03301 603-230-5000 Michelle Clark,

501 views • 22 slides
Trust The fabric of life! Holds civilizations together Develops by a natural

Trust The fabric of life! Holds civilizations together Develops by a natural

Trust The fabric of life! Holds civilizations together Develops by a natural process Advancement of technology results in faster evolution of societies Weakening the natural bonds of trust From time to time

741 views • 46 slides

More recommend