CSC 1029 Week 06: Secure Software Design

Questions and Answers

What is one of the main goals of security engineering in software development?

To prioritize features over security.

To integrate security-minded thinking into the process. (correct)

To increase software complexity.

To eliminate the need for testing.

Which security design principle advocates for maintaining a straightforward approach?

Trust with Confidence

Favor Complexity

Favor Simplicity (correct)

Defensive Programming

What does the acronym STRIDE represent in threat modeling?

Simplicity, Transparency, Reliability, Integrity, Data Protection

Software, Threats, Resilience, Implementation, Defense

Security, Trust, Risk, Integrity, Development

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege (correct)

What is the primary difference between a software flaw and a software bug?

Flaws are security problems in design, while bugs are issues in code.

What is a consequence of not considering security throughout the entire software development process?

Greater vulnerability to attacks.

Which approach is suggested to avoid design flaws in secure software?

Adopting a security through the entire development process mindset.

What is one of the key tenets in the article "Simplicity Is the Ultimate Sophistication"?

Simplicity often leads to better security.

Trust with reluctance is primarily about:

Evaluating trustworthiness before granting access.

Elevation of privilege in threat modeling refers to:

Gaining unauthorized access to system resources.

What is the relationship between secure software design and user feedback?

User feedback should be considered in the early stages of design.

What does the principle of 'Trust with Reluctance' emphasize?

Giving access only to users who need it

Defense in depth mainly seeks to address what kind of security challenge?

Single points of failure in security

What is meant by 'attack surface' in the context of software design?

All parts of an application accessible by users or programs

Which of the following best describes the principle of 'least privilege'?

Users should have the minimum level of access necessary.

What does the secure design principle of 'modularity' refer to?

Creating independent modules that can function separately

What is the focus of the principle of 'fail secure'?

In the event of a failure, the system should remain secure.

Which principle emphasizes the importance of complete mediation?

All requests for access should be verified each time.

What does 'separation of domains' imply in secure design?

Isolating sensitive data from less sensitive data

Which principle aims to minimize trust surface interactions?

Minimize the number of parties involved in interactions.

What is the primary objective of encapsulation in software security?

To hide internal states and only expose necessary interfaces.

Study Notes

Course Information

• Course code: CSC 1029
• Course title: Designing Secure Software

Week 06 Agenda

• Designing & Building Secure Software
• Threat Modeling
• Software Security Requirements
• Avoiding Software Design Flaws
• Favor Simplicity
• Trust with Reluctance
• Defense in Depth
• Top Design Flaws
• Case Study
• Interview on Building Secure Software
• Interactive Lesson
• TODO & Resources for Help

Design and Building Secure Software

• Protection of Information in Computer Systems (Saltzer and Schroeder, 1975) is a highly relevant classic paper.

Threat Modeling

• There are five major threat modeling steps:
  • Defining security requirements
  • Creating an application diagram
  • Identifying threats
  • Mitigating threats
  • Validating that threats have been mitigated
• Threat modeling should be incorporated in the development lifecycle to reduce risk.
• Common threat categories (STRIDE):
  • Spoofing (S)
  • Tampering (T)
  • Repudiation (R)
  • Information disclosure (I)
  • Denial of service (D)
  • Elevation of privilege (E)

Software Security Requirements

Avoiding Software Design Flaws

• Security flaws are weaknesses in software code that attackers can exploit.
• Software vulnerabilities are implementation-level bugs
• Design flaws are security problems in the software system.
• Security needs to be considered throughout development.

Secure Design Principle: Favor Simplicity

• Articles like "Simplicity is the Ultimate Sophistication" and Bruce Schneier's plea for simplicity in computer systems emphasize simpler designs for secure software.

Secure Design Principle: Trust with Reluctance

• Trust with reluctance, a security principle, emphasizes limiting trust levels ("need-to-know").

Secure Design Principle: Defense in Depth

• Most applications are vulnerable when a single defense layer is breached.
• Defense in depth entails multiple layers of defense, each offering protection, and working to add resilience and help limit impact to a system if a breach occurs at a point in any of the defended layers within the system.

Secure Design Principle: Software Design Flaws

• Attack surface is any accessible component part within a system that can be targeted or a point on a system's defensive layers that an attacker can leverage to expose weaknesses in those defenses.
• The principle of minimizing the attack surface aims to reduce points of access that malicious users can exploit.

Case Study

• Case study of a very secure FTP.

Interview

• Interview with Gary McGraw on building secure software.

Cybersecurity Principles Interactive Lesson

• Cybersecurity principles such as:
  • Modularity
  • Simple designs
  • Layering/Defense in depth
  • Separation of Domains
  • Complete Mediation
  • Least privilege
  • Fail-safe Defaults/Fail Secure
  • Isolation
  • Encapsulation
  • Usability
  • Open Design
  • Least Astonishment
  • Trust Relationships
  • Minimizing trust surface

Pre-Work and Next Week

• Guidelines for completing the pre-work for Week 6.
• Introduction of the content for week 7.

Questions, Clarifications, and Help

• Access to student office hours, email, tutoring, and online resources.

Description

Explore the key principles of designing and building secure software, including threat modeling and software security requirements. Learn how to avoid common design flaws and implement effective defense strategies. This quiz covers essential topics from week 06 of the course, ensuring a solid understanding of secure software development.