Software Security Principles
10 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of a threat model in software security?

  • To optimize the performance of the software.
  • To define the attacker’s capabilities and resources. (correct)
  • To assess the usability of an application.
  • To ensure compliance with industry regulations.
  • Which of the following is an example of a temporal memory safety error?

  • Reading data that was previously overwritten.
  • Using memory after it has been freed. (correct)
  • Attempting to access a null pointer.
  • Accessing memory that is outside allocated boundaries.
  • Which of the following accurately describes a TOCTTOU bug?

  • It allows unauthorized access due to insufficient data checks.
  • It occurs when data is leaked from the operating system.
  • It results from unsynchronized reads across privilege levels. (correct)
  • It is caused by memory corruption due to hardware malfunctions.
  • What type of attack might involve using advanced technology like x-ray to compromise security?

    <p>Physical attacks on hardware such as safes.</p> Signup and view all the answers

    What is the most likely consequence of a memory corruption bug in an operating system?

    <p>It may cause crashes or unpredictable behavior.</p> Signup and view all the answers

    What is the primary purpose of confidentiality in software security?

    <p>To prevent unauthorized recovery of protected data</p> Signup and view all the answers

    Which of the following is NOT a component of the attack surface?

    <p>User Accessibility Surface</p> Signup and view all the answers

    In the context of asset valuation, which factor is NOT typically considered?

    <p>Market trends in software prices</p> Signup and view all the answers

    What key principle may be considered as the fourth fundamental concept in security?

    <p>Accountability/non-repudiation</p> Signup and view all the answers

    Which type of asset includes applications and operating systems?

    <p>Software assets</p> Signup and view all the answers

    Study Notes

    Software Security Basic Principles

    • Software security aims to allow intended use and prevent unintended use that could cause harm.
    • Key security principles include Confidentiality, Integrity, and Availability.
    • Accountability/non-repudiation is a fundamental concept that prevents denial of message transmission or receipt.

    Security Analysis

    • Security analysis for a software system depends on factors such as the attack surface, the assets, and the goals of the attacker.
    • The attack surface needs to be assessed to determine potential vulnerabilities that attackers could exploit.
    • Assets within a software system represent the potential targets for an attack (hardware, software, data, communication facilities & networks)
    • Understanding attacker goals provides insight into how attackers might act and target assets.

    Assets of a Computer System

    • Computer systems have several types of assets including hardware, software, data, and communication facilities/networks.
    • Hardware assets encompass servers, workstations, mobile devices, peripheral equipment, and removable media.
    • Key concerns regarding hardware assets include loss or damage, disruption due to malfunction, and the time it takes to replace hardware or repair damages.

    Software Assets

    • Software assets encompass applications, operating systems, virtualization software (virtual machine and container), networking software (SDN and NFV), database management systems, file systems, and client/server software.
    • Availability is a vital concern for software assets, accounting for potential disruption losses and expenses that may occur due to vulnerabilities.

    Information Assets

    • IT assets include data stored in databases and filesystems, whether on-site or in the cloud.
    • ITU-T X.1055 defines categories of information assets, such as communication data, routing information, subscriber information, blacklist information, registered services, and operational information, among others.

    Attack Surface

    • Understanding the attack surface is crucial for security analysis.
    • The attack surface is categorized in terms of layering, being either deep or shallow.
    • The attack surface is also categorized by its size, small or large.
    • Attack surfaces have a security risk that is categorized as either low, medium, or high.

    Attacks and Defenses

    • Attack models define the types of attacks that need to be prevented.
    • Attack models identify attacker capabilities, impact, and scope of attacks to assess potential vulnerabilities.
    • Defenses address specific attack/threat models at a general or a specific level.

    Threat Model

    • Threat models define the abilities and resources of an attacker, enabling structured reasoning about how the system can be compromised.
    • Essential steps in creating a threat model are to acknowledge entry points and threats, decompose applications by identifying structure, determining and ranking threats, and determining countermeasures/mitigation.

    Threat Model: Safe

    • In a trust land scenario, no need for locking your safe.
    • An attacker could pick your lock, use a torch, advanced technology, or access your keys.

    Threat Model: Operating Systems

    • Malicious extensions inject attacker-controlled drivers into the OS.
    • Bootkits compromise boot processes (BIOS, boot sector).
    • Memory corruption involves software/hardware bugs like spatial/temporal memory safety errors or rowhammer
    • Data leakage occurs when the OS accidentally leaks confidential data.
    • Concurrency bugs lead to TOCTOU issues, an issue occurring when resource state changes between permission checks and use.
    • Side channels cause indirect leaks via shared resources (hardware caches) or software techniques like page deduplication.
    • Resource depletion or deadlocks stop legitimate computations by blocking access.

    Cost of Security

    • Security incurs overhead, which could be expensive to develop, may have performance overhead, and could be inconvenient to users.

    Fundamental Security Mechanisms

    • Isolation isolates components from each other, enabling access only through defined APIs.
    • Least privilege limits components to the minimal privileges necessary for functionality, restricting potential of privileges.
    • Fault compartments isolate components to limit the impact of possible faults.
    • Trust and correctness ensures components trust, rely on given specifications to operate correctly.

    Hardware and Software Abstractions

    • Operating System (OS) abstractions and hardware abstractions are essential components.
    • The operating system (OS) provides process abstraction through well-defined APIs for access of hardware resources.
    • The OS enforces access permissions of hardware and resources by using user/group/ACL restrictions to restrict attackers.
    • OS process isolation protects the memory (code, data, etc.) of a process from other processes via memory protection, addressing memory spaces through virtual memory, using page tables and an MMU.

    OS Design: Single Domain | Monolithic | Micro-Kernel | Library OS

    • Various OS design models exist: single-domain, monolithic, micro-kernel, and library OS.
    • Single-domain OS has one layer without isolation, offering high performance, suitable for embedded systems.
    • Monolithic OS has two layers, operating system and applications, for access of resources, and applications require access request from the operating system.
    • Micro-kernel OS has many layers, with processes as separate privileged entities.
    • Library OS has few layers for flat structure of OS services, with each application bringing its necessary components.

    Hardware Abstraction

    • Hardware abstraction hides raw hardware interfaces, exposing abstracted interfaces for applications.
    • Virtual memory and DMA through MMU/OS provides access to raw physical memory only to the operating system.
    • ISA enforces privilege abstraction by restricting access through ring protection levels.

    Access Control

    • Access control includes authentication, authorization, and audit.
    • Authentication verifies user identities by what they know, are, or have.
    • Authorization determines who has access to objects based on policies.
    • Audit and provenance provide an overview of access activities.

    Authentication | Authorization | MAC | DAC | RBAC

    • Authentication mechanisms include username/password, biometrics, or something other.
    • Authorization handles access control, including different policies and types
    • Mandatory Access Control (MAC) is a centralized policy for access control.
    • Discretionary Access Control (DAC) gives object owners control over access policies.
    • Role-Based Access Control (RBAC) defines access policies based on user roles.

    Multi-level Security Models | Bell-LaPadula | Biba

    • Multi-level security models control information flow.
    • Bell-LaPadula model enforces confidentiality (read-down, write-up).
    • Biba model enforces integrity (read-up, write-down).

    Different Security Models

    • Security models include Access Control Lists, Capabilities, Bell-LaPadula, and information flow.

    Access Control Matrix

    • Access control matrix defines access rights between subjects (users, groups, etc.) and objects.

    • Provides a way to define how different entities have access to information in a system.

    • Security requires careful consideration of various factors throughout the software development lifecycle for protecting the system.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Explore the fundamental principles of software security, including confidentiality, integrity, and availability. This quiz covers key concepts such as security analysis, attack surfaces, and the various assets of a computer system crucial for security assessment.

    More Like This

    Static Analysis in Software Testing
    12 questions
    Input Validation in Code Analysis
    23 questions
    Teknikoù kontrolerezh kod PHP
    0 questions
    Use Quizgecko on...
    Browser
    Browser