Software Security: Intro and Syllabus

Questions and Answers

What is the primary focus of software security, according to the information provided?

• Addressing security vulnerabilities after software deployment.
• Responding to security incidents only when they occur.
• Securing software development by building security into the software. (correct)
• Focusing solely on external symptoms of security breaches.

Which of the following is the MOST accurate definition of a 'threat' in the context of software security?

• An action that exploits a vulnerability.
• The successful execution of a harmful action against a system.
• Any potential occurrence that could harm an asset. (correct)
• A weakness in a system that can be exploited.

In the realm of software security, what does 'availability' primarily ensure?

• That data cannot be accessed by unauthorized parties.
• That information is consistent across different systems and databases.
• That resources can be accessed and used when needed. (correct)
• That information is accessible only to authorized individuals.

Which of the following measures is MOST directly aimed at ensuring data integrity in financial systems?

Verifying that account balances are accurate and reflect all transactions. (B)

What is the role of 'user access controls' in maintaining the integrity of a system?

Restricting system access to only those who require it. (D)

Which of the following BEST describes the function of a checksum in ensuring data integrity?

It creates a unique fingerprint of a file to verify its identity. (D)

In the context of availability measures, what is the purpose of 'load balancing'?

To distribute workload across multiple servers to prevent overload. (A)

Which of the following options is an example of ensuring 'confidentiality'?

Implementing encryption to protect sensitive data. (D)

What is the primary goal of the Bell-LaPadula model?

Preventing unauthorized disclosure of information. (B)

A military database uses the Bell-LaPadula model to manage information. Which of the following scenarios BEST exemplifies the application of this model?

Ensuring that sensitive information is only accessible to authorized personnel. (C)

According to the Bell-LaPadula model, which rule prevents a subject from reading an object at a higher security level?

Simple Confidentiality Rule. (D)

In the Bell-LaPadula model, the 'Star Confidentiality Rule' primarily addresses which of the following concerns?

Preventing subjects from writing to objects at lower security levels. (C)

A university implements the Bell-LaPadula model on its online learning platform. If student grades are classified as 'Secret,' which of the following actions would violate the 'Simple Confidentiality Rule'?

A student accessing another student's grades. (C)

A faculty member, according to the Bell-LaPadula model in a university setting, has access to student grades (Secret) and course materials (Confidential). Which action would they typically be prohibited from doing?

Accessing administrative data classified as 'Top Secret'. (C)

In the context of the Bell-LaPadula model, which of the following is TRUE regarding administrators?

Administrators can read files at all security levels but must still adhere to the Bell-LaPadula rules. (B)

What is a DISADVANTAGE of using the Bell-LaPadula model?

It can be complex to implement and overly restrictive in specific scenarios. (C)

Which of the following scenarios illustrates a violation of the 'Star Confidentiality Rule' (No Write-Down) in the Bell-LaPadula model?

A student modifying the grades of another student. (D)

Which scenario below BEST demonstrates the application of 'hardware redundancy' as an availability measure?

Having multiple copies of hardware components to ensure continued operation if one fails. (B)

Attendance will be taken every class and will be reported. If a student has an absence, how quickly must they make an official excuse?

Within 1 week. (D)

Which of the following actions would be considered plagiarism or collusion relating to course policies?

Presenting work that is not your own. (C)

When will no coursework be accepted, even with penalty?

After the 15th week. (A)

Which of the following concepts is included in the Software Security Concepts section of the agenda?

Security Models. (A)

What is the final item in the course overview?

Project Presentations (B)

Which of the following is NOT an example of what government agencies must implement in security measures?

Personnel Tracking (B)

If you need to report a security breach, to what should you create a plan?

Incident Response (B)

The integrity measure of version control assists with

prevent erroneous changes (A)

According to the presented information, what is the primary goal of the 'Integrity' component within the CIA triad?

Ensuring the accuracy and unaltered state of information (B)

An e-commerce company wants to ensure its services remain accessible to customers during peak shopping times. According to the course content, which availability measure would be MOST effective?

Load Balancing (C)

Which of the following is the correct breakdown of the 7th week assessment?

20 marks exam/10 marks section (D)

What aspects of security are emphasized by the CIA triad?

Confidentiality, Integrity, and Availability (B)

According to this lesson, what are some of the topics covered?

Threat modeling, secure coding practices, and software architecture. (B)

What is the KEY difference between software and application security?

Software security builds software to be secure, while application security secures it post-deployment. (B)

If you need assistance with this course, who is the teaching assistant?

Salma Yasser (C)

If the user for your system is given a '4' what permissions do they have?

Read (C)

Which of the following is NOT an example of availability?

Military plans being kept on the top level of security (C)

Which following action relating to file security is an example of Integrity?

Restoring corrupted data with backups (C)

If you are implementing a new online learning platform, what are the security levels you should define?

Top Secret, Secret, Confidential, Unclassified (A)

Which policy of the Bell-LaPadula Model is generally not used for most classroom settings?

Strong Star Confidentiality Rule (No Read-Write Up-Down) (D)

Who are the historical figures who invented the Bell-LaPadula Model?

David Elliot Bell and Leonard .J. LaPadula (B)

If a student attends the final project discussion with the course teaching assistant, what happens if a group member is absent?

Absence of any group member will be taken with penalty. (B)

What is the third learning objective?

Expirement with and measure software security through estimation and metrics (D)

Flashcards

What is a threat?

Any potential event, malicious or not, that could harm an asset.

What is an attack?

An action that exploits a vulnerability or carries out a threat.

What is a vulnerability?

A weakness that makes a threat possible.

What is confidentiality?

Protecting information from unauthorized access.

What is integrity?

Ensuring information is accurate and untampered.

What is Availability?

Ensuring resources are accessible and usable when needed.

What is Software Security?

Defending against software exploits by building secure software.

What is Application Security?

Defending against software exploits after deployment.

What is Bell-LaPadula?

A data security model ensuring no reading above security level.

What is a classification system?

Establishing clear guidelines for classifying documents by sensitivity.

What are Access Controls?

Restricting access to classified info to authorized people.

What is Encryption?

Protecting data from unauthorized access via coded scrambling.

What is Secure Storage?

Storing documents in physically protected locations.

What is Personnel Security?

Checking backgrounds of personnel handling classified information.

What is Incident Response?

Plan in place to respond to security breaches.

What are User Access Controls?

Restricting system access to those who require it.

What are File Permissions?

Core model that determines who can access files/directories.

What is Version Control?

Tool to prevent erroneous changes by authorized users.

What is a Checksum?

Detecting data alterations through cryptographic functions.

What are Backups?

Redundancies that must restore affected data to its correct state.

What does Availability refer to?

Ensuring info/services are accessible, usable, uninterrupted.

What is Hardware Redundancy?

Multiple copies of hardware so the system can continue.

What is Software Redundancy?

Multiple copies of software in case of failures.

What is Data Redundancy?

Multiple copies of data, ensuring recovery after loss.

What are Error Detection and Correction?

Mechanisms to detect and correct errors.

What is Automatic Failover?

Switching to a backup system if the orginal fails.

What is Load Balancing?

Distributing workload across servers to prevent overload.

What are Firewalls?

Protect systems from unauthorized access.

Study Notes

• Course introduction and syllabus discussion led by Dr. Nada Hany Sherief

Agenda

• Course introduction and syllabus discussion to cover course overview, learning objectives, prerequisites, grading policy, schedule, and policies
• Software Security Concepts to cover terminology (threats, vulnerabilities, attacks), security goals(confidentiality, integrity, availability), software security definition, and security models

Learning Objectives:

• Understand software security concepts
• Understand software security problems and threats
• Experiment with and measure software security through estimation and metrics
• Understand secure software architecture and assurance
• Apply secure software development life cycle
• Experiment with and apply software security and testing.

Course Overview

• Course includes introduction and syllabus, security concepts, problems, threats, metrics, and estimation
• There is a 7th week assessment
• Secure Software Architecture and Assurance will be reviewed
• Focus on Secure Software Development Process and Testing
• There is a 12th Week Assessment
• Case studies on implementing security testing and security
• Project Presentations

Course Grading System

• 12th week: 10 marks on exam and 10 marks on section
• 7th week: 20 marks on exam and 10 marks on section
• Final Exam: 40 marks
• Continuous Assessment: 10 marks on Quizzes and Assignments

Lecturer Contact Info

• E-mail: [email protected]
• Office hours: Sunday 10:00 – 12:00 and Wednesday 10:00 – 12:00

Course Policies

• Attendance is taken every class
• Excuses for absence must be presented within one week after
• Students check Google Classroom for lecture notes
• Submitted work must be original; violations of Plagiarism and/or collusion will result in disciplinary action
• All group members attend the final project discussion with the TA, Ms. Salma Yasser (absence = penalty)
• Late submissions= penalty
• No coursework accepted after the 15th week

Important Terminology

• A threat is a potential occurrence, malicious or otherwise, that could harm an asset
• A threat is any bad thing that can happen to assets
• An attack is an action that exploits a vulnerability or enacts a threat
• Attacks include sending malicious input to an application or flooding a network to deny service
• A threat is a potential event that can adversely affect an asset, whereas a successful attack exploits system vulnerabilities
• A vulnerability is a weakness that makes a threat possible due to poor design, configuration mistakes, or insecure coding techniques
• Weak input validation is an example of an application layer vulnerability, which can result in input attacks

Software Security vs Application Security

• Software Security defends against exploits by building secure software
• Application Security defends against exploits post-deployment

Security Goals

• CIA Triad: Confidentiality, Integrity, Availability

Confidentiality

• Only authorized individuals can access information
• Government agencies must protect classified documents
• Nuclear weapon designs qualify
• Critical military plans are examples
• There are sensitive diplomatic communications
• There is advanced technology information and classified research data

Confidentiality Measures

• Measures to prevent the unauthorized disclosure of classified documents
• Classification Systems: Guidelines for classifying documents based on sensitivity
• Access Controls: Limits access to authorized personnel
• Encryption: Protects sensitve data from unauthorized access
• Secure Storage: Store sensitive documents in secure locations
• Personnel Security: Background checks for personnel who handle classified information
• Incident Response: A plan to respond to security breaches involving classified information

Integrity

• Information should be accurate and has not been modified or tampered with
• Data integrity is crucial in financial systems to ensure the accuracy, reliability, and consistency of financial data
• Verify account balances are accurate and reflect all transactions
• Account data is consistent across different systems and databases

Integrity Measures

• User access controls restrict access to systems to only those that require access
• File permissions are core to the security model used by Linux systems and determine who can access files and directories
• There are eight possible numbers to expresses the file permissions in Linux based systems
• Option 0 is for no permissions
• Option 1 is for execute
• Option 2 is for write
• Option 3 is for execute and write
• Option 4 is for read
• Option 5 is for execute and read
• Option 6 is for write and read
• Option 7 is for execute, write, and read
• Version control prevents erroneous changes or accidental deletion by authorized users
• A checksum is like a unique fingerprint of a file and it is used to verify whether two files are identical
• Each run checksum creates a number string for each file
• Even if one byte of data is altered or corrupted, that string will change
• Backups or redundancies restore affected data to its correct state

Availability

• Users can access and use resources when they need them, accessible, usable, and uninterrupted
• E-commerce websites can be used without interruptions
• Banking systems provides the ability to access accounts and perform transactions at any time
• Healthcare systems can access medical records and information when needed

Availability Measures

• Redundancy: Hardware, software, and data redundancy
• Fault Tolerance: Includes error detection and correction and automatic failover
• Load Balancing: Distributes workload across multiple servers or components
• Firewalls protect systems from unauthorized access and prevent DoS attacks

Security Models: Bell-LaPadula

• Aims to protect confidentiality built on restricting information flow
• For instance sensitive information must be only accessible to authorized personnel in a military database
• David Elliot Bell and Leonard J. LaPadula invented the model
• Bell-LaPadula is used to maintain the confidentiality of security.
• The classification of Subjects (Users) and Objects (Files) are organized in a non-discretionary fashion, with respect to different layers of secrecy
• Bell-LaPadula has main 3 rules
• Simple Confidentiality Rule prevents reading above your clearance
• Star Confidentiality Rule prevents writing below your clearance
• Strong Star Confidentiality Rule prevents reading above and writing below your clearance

Bell-LaPadula Model Rules

• SIMPLE CONFIDENTIALITY RULE:
  • Subject can only read the files on the Same Layer of Secrecy and the Lower Layer of Secrecy but not the Upper Layer of Secrecy, due to which this rule is NO READ-UP
• STAR CONFIDENTIALITY RULE:
  • Subject can only write the files on the Same Layer of Secrecy and the Upper Layer of Secrecy but not the Lower Layer of Secrecy, due to which this rule is NO WRITE-DOWN
• STRONG STAR CONFIDENTIALITY RULE:
  • Strong Star Confidentiality Rule is highly secured and the Subject can read and write the files on the Same Layer of Secrecy only and not the Upper Layer of Secrecy or the Lower Layer of Secrecy, write up down isn't possible here

Applying the Bell-LaPadula Model in a University

• In this scenario, the university is implementing a new online learning platform which stores sensitive student data
• This data must be protected from unauthorized access and disclosure

Define Security Levels

• Top Secret: Sensitive administrative data (faculty salaries and budget information)
• Secret: Student grades, transcripts, and personal information
• Confidential: Course materials, announcements, and general information
• Unclassified: Publicly accessible information (news and events)

Assign Security Labels:

• Subjects: Students, faculty, and administrators
• Objects: Files, documents, and databases containing sensitive information

Enforce the Bell-LaPadula Rules:

• Simple Confidentiality Rule (No Read-Up)
  • Students can only access information at their own security level or below.
  • Faculty and staff can access information at their own security level or below

Implementing the Scenario: Student Access

• Students are subjects
• Grades and transcripts comprise the objects
• Security levels are classified into Secret, Confidential, and Unclassified labels
• Students can only read files at their current security level

Implementing the Scenario: Faculty Access

• Faculty are the subjects
• Student grades and administrative data are the objects
• The corresponding security levels are Secret, Confidential, and Unclassified labels
• Faculty can read files at their own security level or below their level

Implementing the Scenario: Administrator Access

• Administrators are the subjects
• All levels of data represent the objects
• Security Levels: Top Secret, Secret, Confidential,Unclassified
• Administrators can read files at all security levels

Implementing the Scenario: Enforce the Bell-LaPadula Rules

• Star Confidentiality Rule (No Write-Down):
  • Students cannot write to files at lower security levels, so a student cannot change his or her grades
  • Administrators can write to files at their own security level or higher.
  • Faculty can write to files at their own security level and higher

Scenario 2: Faculty Access

• Faculty can write to files at their own security level
• Faculty normally cannot write to files at higher security levels like
  • Department Financial Data (Restricted Write Up) can't be modified ###Implementing the Scenario: Administrator Access Administrators must adhere to the Bell-LaPadula rules to prevent unauthorized disclosure

Enforce the Bell-LaPadula Rules

The Strong Star Confidentiality Rule is generally not applicable in the classroom setting because it is too restrictive

Example Scenarios

• Student Access: Students cannot access other students' grades or sensitive administrative data
• Faculty Access: Staff has access to course rosters and grading policies
• Administrator Access: Although administrative staff has access to grades, they must prevent unauthorized

Advantages of Bell-LaPadula Model

• Helps to ensure that security measures are consistent and effective
• Clearly defines the goal of confidentiality and provides specific rules for achieving it
• Can be applied to a wide range of systems and applications, from military databases to commercial software

Disadvantages of Bell-LaPadula Model

• Can be complex to implement, especially for organizations unfamiliar with security models
• Star rule can be restrictive when data needs to flow downward in a hierarchical structure
• Rules can hinder collaboration between users at different security levels because research may require that the classified level of data must be shared with those at a lower level