Chapter 2 SW Secure Software Engineering Life Cycle (1).pdf

Full Transcript

⑦ Mid exam Software Security ---dis - Dig : Id sid....

⑦ Mid exam Software Security ---dis - Dig : Id sid. V ① - Software security is I the practices of engineering i Secure Software o - software to ensure that the software richt Engineering Life JI 1 : 11o. : 1) m conforms en to all security requirements, and < -81 I - d IR 2) functions in intended manner under any o C & 361- Cycle - - - /Is- circumstance. - - me o What causes software security problems? -51-> o Security vulnerabilities are the results of CCCY322 Software Security - - ⑪ security mem bugs, flaws orQueen ne defects in the software o A security problem may not involve any malicious third party. I o An honest mistake made O by a developer may - Is Si.. 2 - s - -cause serious security problem. n e e uz -I - ?= 535 What Is Secure Software m e n Goal of Secure Software Engineering? Iy b : - - ⑪ e Recognize threats that almost every software- - 3 I- * s Engineering 3. Minimize the number of security vulnerabilities in i, - n e e 81 - - gl 3 s controlled system faces from potential - 5. - - adversaries, and produce systems with credible $53 D? - - mean software -3 Implement repeatable processes which reliably 41slog S s defense [I O Integrate security in software development Is : 11 193② 2 - - deliver improved security - -S process Adopt a more stringent software ? ! L Iss Is.. development process that greatly focuses on * - Security reviews at each stage: requirement, - - :11 design, implementation, test, and maintenance I security Keep track e of risks over time as a software Identify and remove vulnerabilities in = - project unfolds. - development process as early as possible Much easier and economical than retroLtting a - system for security e Software Security Software is secure if it can handle intentionally - Common Vulnerabilities and - malformed input; the attacker picks (the -11;' Exposures (CVE) - probability distribution of) the inputs. e nee Secure software:↳ Protect the integrity of the - S runtime system. - Secure software ≠ software with security X X - - features. - ener Networking software is a popular target: Si - - & I3:" 14 Intended to receive external input. - = May construct instructions dynamically from input. 5 May involve low level manipulations of buUers. Common Weakness - Security & Reliability % id i I - Enumeration (CWE) ·st - I - - Software security is related to software quality and - - nee - software reliability-- - ↳ Reliability deals with accidental failures: Failures are - assumed to occur according to some given probability distribution. - = The probabilities for failures is given Lrst, then the protection mechanisms are constructed. · To make software more reliable, it is tested against typical - usage patterns: “It does- not matter one how many bugs - - - there are, it matters how often they are triggered”. - In security, the # defender has to move Lrst; the attacker e picks inputs to exploit weak defences. c To make software more secure, it has to be tested 8 against “untypical” usage patterns. - What does Software Security What Is the Real t Involve? , ~ Problem? Software security is knowledge-intensive - which involves - Why has software security attracted Incorporating security consideration early in software lifecycle attention only recently? - - People do not care about security before? understanding security problems, ne including those related to language, No usability I - I database, network, OS, outsourced - However, this is a trade-oU issue security Mostly everything is automated i.e., software, services and environments developing systems with security - eCommerce, mCommerce e Software is more adopted today. risk analysis and ene & testing for software security e 9 10 What Is the Real -51 Problem? ↳ Complexity When program is simple, easy to reduce bugs What makes secure software development - Software has grown bigger and bigger so diUicult today? Challenges with big software - Comparing the software being used now, I More lines, more bugs I ? - to the software we had 20 years ago, More complicated, and more diccult to test major changes are and easier for bugs to hide. Cannot be completed by a few developers. ⑮i - Complexity E 3 challenge Miscommunication among members of a - Extensibility large software development team is usually the cause of trouble. Er Connectivity Diccult to maintain Diccult to conLgure properly during 11 deployment 12 8 -51 Complexity (Cont.) - - 100088 - Extensibility S ! Estimated number of bugs per thousand lines of bugs code (KLOC) for commercial software normally 5-So Most of current software support between 5 to 50 - Even if a software package has me extensibility through dynamically updating undergone rigorous quality assurance drivers, modules, libraries, controls and n e e (QA) testing, it will likely contain around components. - 5 bugs per KLOC [ 1115 Software extensibility is convenient since dugs Number of bugs can increase greatly if 3 gs it allows the system’s functionality gibil - , I sound software development process is I evolving incrementally. I dis95 Netscape: 17M " not well followed. Linux LOC Microsoft provides security patches and : 3. --- Some examples: (2011): - 15M driver updates↳ through “Automatic 0 Windows LOC - - 13 Updates” 14 XP: 45M - Window 7 80 LOC -- Ol Extensibility (Cont.) - Connectivity Extensibility also ↳ makes security much more Cr eate Internet makes information and computing - - resources accessible0 to millions of people in a diUicult. - - - - m o re - timely manner Consider the following questions: - - The - growing connectivity of computers has How can you trust a piece of code you get? security problems: - Diccult to prevent malicious code from - It has increased both the number of attack slipping in as an undesirable extension. - - vectors (methods for attack) and the range - > [ How can you analyze a system that - - of targets. keeps changing? - Because access through a network does not O st - A new program installed can bring - - new vulnerabilities require - human- intervention, launching ne - 2 595 - automated attacks is relatively easy. Attacks YI : How can you evaluate code which has not n e e - - can be launched remotely without any arrived yet? Or how can you anticipate what 15 16 - physical contact kinds of updates you may get? What is Missing Now? What Should We Do? " - - ① - Software developers usually try to get functional - E Security should be dealt with throughout the requirements done first, and worry about security e Gree later which causes etwo major problems Eileen complete software development life-cycle: - Requirement level: Security requirements ① -Too much burden on testing, will likely result in problems :195081 shouldC ne - a - / more bugs not discovered until being exploited by - e IS & not be considered as an ↳ “add-on” malicious users after the software is released - - - e - Design and architecture level: System ② The later a bug is found, the more costly it is - to Lx the problem must present a uniLed security architecture - Implementation level: Using The relative cost for fixing problems in software: - - static/dynamic analysis techniques and try to : 115 - Design = 1 I remove as many coding bugs and security holes as possible Implementation = 6.5 -Y bugs --- Sinis - Testing level: Not only functionality testing, but Testing = 15. also involving more rigorous steps like fault 0 - Maintenance = 100 -nee injection and failure analysis for security purpose / Source: IBM Systems Sciences Institute. 17 - e 18 What Should We Do? (Cont.) Security is a lifecycle issue! Y. Focus on the need to develop the theory, - i - o ISystem monitoring processes, practices and technology to- - - support the agile construction and maintenance of secure security - No matter how hard you have tried, it is - o software ↓ almost certain that there will be security user n e - She breaches and attacks - o Monitoring software behavior is an e n eUective and necessary defensive - technique - o [ Training and education should be promoted -- e S Not realizing a problem exists is even I o · - worse than not knowing the solution 19 20 Security is a lifecycle issue! Security is a lifecycle issue! 0 0 -0-0- Due to lack of enforcement on security during - - - - - - - - - development life cycle, most vulnerabilities - Si C - - - are caused by programming errors. - - 1 64% of the vulnerabilities in the National # S - -. ! Vulnerability Database were due to -- ! 5 - 1 programming - errors * -His - e More - 0 than 81% do not coordinate their Er en - security practices in various stages of the development life e 21 - ·$198 1 22 cycle.* - IS - - Software Development - Process Requirements surpiss Design Secure Software Engineering - Lifecycle Implementation - - System Testing Deployment - Maintenance - 1-Requirements Phase Eidi= - s 15 pla - T I. :I - 1-Requirements Phase (cont.) s ! - oGather all information about the application - Is -Isyd11 - oIncluding security related information - - Verify requirements - oAnalyze threats Make sure 0all the security requirements are consistent - n e e ⑳oWho are the potential attackers and threats? with each other Documentation - - o ⑳What are you attempting to protect? oAnalyze requirements i It n e e - Mine - - Check feasibility of requirements - oMake sure all security issues have been included - e n t e re I S 15 18 - Balance security with usability - rade-off - 581 S'Els - and addressed 5 1 - Cost - oConLdentiality - 0 & 01 : [ - - o 0Integrity n e e - EUort at this phase oUers most eccient way to build secure oAvailability O software - I - " o 0Authentication (identity management) cost o ⑧Authorization (access control) e oIntrusion detection - Is el I - Is : 0 >... time e II o 0Contingency plans and recovery plans gist., oil - - -I Is & - - ↑ - I 2-Design Phase Design Principles - -All design decisions, including 1. Least privilege System architecture 2. e Fail safe defaults Software components 3. - Economy of security mechanisms Programming languages 4. - - Complete mediation Interfaces 5. - Separation of privilege ConLrm that all requirements are followed - - - 6. - Least common mechanism and met 7. - Psychological acceptability Documentation is the key - - - Will be discussed latter in chapter 2... S'A S 3-Implementation Phase "I 4-Testing Phase Is - sit's is - To-write secure software code, you need Last stage to catch security vulnerabilities Coding standards - > ? 519- S E a before delivery ⑪ Security designs - isi- Ensure that - Aware of known security vulnerabilities in coding, such ↳I - software meets both functional ② - - - S and non-functional requirements. s - n e e I as race conditions, buUer oversow, format string, malicious j0l" · Testing - - & - - - - S functional correctness. logic, SQL, XSS. etc ! 5I Follow design documents -i Testing non-functional requirements. · & - egt - E Quality of software (performance, time &, = 1 1 · Find more about information in secure code section delay, usability, expandability) W Security testing is "i is · -SOT- is sil bis 4-Testing Phase (cont.) is I /I 4-Testing Phase (cont.) - 98 i big - ② - - 189 -5 I -88 i > ⑪ Unit testing - Integration Testing - Types of Security Testing - S - Ensure that software components integrate and : Involving Eine - - testing the components or pieces en interact properly.- of software independently to ensure that they is Ensure compatibility of interfaces of all - - - Eil - I meet their functional and non-functional S - ⑤8 E components, and no consict among functionalities of L -S S - - - I speciLcations. componentsgat-2 s I / - , Applicable ↳ - - attack patterns should be used Check whether individual components make - to identify relevant weaknesses and to > - -> diEerent assumptions based on security such generate test cases for each component to - - that the integrated software may contain consicts ensure that these weaknesses are avoided or ambiguities. 4-Testing Phase (cont.) 4-Testing Phase (cont.) 0 - Security Testing 18 /1 Ensure a system to perform properly and > - protect its -> assets as required ③ System Testing Test the entire system to ↳ ensure that it meets all of its Focus ↳ - on testing con?dentiality, integrity, n e e e n e - authenticity, non-repudiation, availability and - functional and non-functional requirements. authorization ↳ digital Signature - & The security requirements identiLed in the The process includes - ↓I' requirements phase should be tested during system C Discovery s"I testing. - It's I. S Is E ?↳ I Vulnerability scan -96 jists S The application’s actual behavior when - - under attack Vulnerability assessment 189eis'si6seisc should be compared with the desired behavior deLned Penetration test -I g I S 1 19 · - in the security requirements. systeming Security audit and review - Static & dynamic code analysis - &. Fuzz testing Testings -Sie - is ⑤59 S - S 9:-C " 4-Testing Phase (cont.) - Sis gl 5-Deployment Phase yes -. -- - E -- I - · s I - S ⑤ gi's - ~ Regression Testing Run existing tests on the software any time that the I Secure Management Procedures -I -> es ST= I 2 Properly - conLgure the software - i code - is changed to ensure that the changes0 - not only are nee - Set appropriate environment parameters - for the intended behavior, but also not advertently >is - > o Assign individual responsibilities - , cause any unintended changes. / - - 9 - Sess System Monitoring n e e - St Monitor the system and report - abnormal 5 Deployment 9. * - - - -SsS - - behavior as soon as possible ↓ -.. l I I8 · - 1 of I! -s 5 I egs" - 3- s I - - 6-Maintenance Phase dis 99 y ↳ - Maintenance activities include Introducing new functionality and deleting obsolete - m e n - ee features I sit. - - : e - S Upgrading the system to keep up with technology n e e - Addressing discovered vulnerabilities (and errors) - - -I Software Secure Coding - 1 # ° 0 Inputs normally include -8 - [ User feedback = > Co Security incident details and vulnerability - - reports - Validating Incoming Requests near ne Secure Coding Al St Every incoming request should be treated as a I = i digs s'es - - potential attack nee 156;9 AUected by the programming language to be -1990 men , - - used m e e n e Each incoming request should be validated Who is the requester? ↓11.- > - Secure coding includes - Does the requester have proper privilege? -- &is 41 I - Validating incoming requests - -I O /I - Is the request in a right format? dis S - - S Handling exceptions : $-8) Does the request contain any malicious code? Ss - & s 81 I 3 - - Creating self-monitoring code - Sets - - 0 If a request contains data to be processed, make - : - Complying with coding standards > i 39 sure the data has not been changed or tempered ean - > rtee 40 during the transmission Sinisin - - I 3S Handling Exceptions ~ , Handling Exceptions (Cont.) ~j - 1 I 55 Two major types of errors in software Motivated attackers like to see error messages 59- I - Compile-time i s errors occur at compile-time and code will - S - and look for information that may give clues as to I 9. - - what types of attacks they can unleash on the I - 5 not execute until Lxed. - m e a n s Applicable to languages like Java and C, but may not be 1 application software S - S applicable to languages like Python 195, e If not handled properly, errors can provide useful 0 -Easy to Lnd and Lx information to attackers, such as database -I - Runtime errors occur when a program is running information, code location and Web server ~S It ↳Hard to Lnd and Lx - information 88 - - S19 Ellis I I These errors give a lot of secure information about the - - -151 - jjb -4 So / I se application software, and must be dealt up front See - y 41 C 42 -, sess ·? - ; 39 1 ↳is · Creating Self-Monitoring Code - Complying with Coding Standards - Self-monitoring code- watches the user’s activity and looks CERT for unusual events. For example, the number of times a nee · (Computer Emergency Readiness Team) Secure Coding Initiative is working with various single user has tried to log on, request-sensitive I ene I - I software development and security communities to - information that exceeds normal conditions. -58 reduce vulnerabilities resulting from coding errors - I'l Self-monitoring applications is designed to react misuses before deployment. Examples: 15=- https://www.securecoding.cert.org/consuence/display/ seccode/SEI+CERT+Coding+Standards - 0 Canceling user passwords based on situational - awareness - nee Secure coding standards ⑰ Automated bounds checking Range 0 Provide developers guidance for secure - implementation of software. - Requiring physical requests for data based on user’s - - n e e activity - 43 Help 0 - developers avoid common software defects - - 44 and programming errors. - Alerting stakeholders of intrusion - jess - s http://www.cert.org/secure-coding/ S ~ If ils I - References Software security building security in book. The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities 45

Use Quizgecko on...
Browser
Browser