SOFT40171 Lecture Slides: Design and Development of Secure Systems PDF

SOFT40171 – Design and Development of Secure Systems Week 1 – System Development Life Cycle and Security Dr Alexandros Konios 16/02/2025 Agenda  History of Computer System Development  A retrospective view of System Security  Introduction of Security primitives and methods  (Symmetric and asymmetric) cryptography and hash functions  Confidentiality Integrity Availability (CIA) triad  Other security principles and methods  System Development Life Cycle (SDLC)  Different application models  Incorporating and ensuring security in SDLC Week 1 – Development Life Cycle and Security Learning Objectives Upon completion of this talk, you should be able to understand: 1. How and why the evolution of computer systems resulted in further security measures/requirements 2. The CIA and other security principles 3. Some of the most common security methods 4. Different System Development Life Cycle approaches 5. How security is implemented in the SDLC Week 1 – Development Life Cycle and Security Evolution of Computer Systems 16/02/2025 History of Computer Systems (1/4) A retrospective journey from 40s to present: A. Turing designs the Colossus, In this year, J. P. Eckert and J. V. Mauchly an electronic machine, used by developed what was arguably the first the British military to break the commercially successful computer, the codes used by the German army UNIVAC. in World War II. 1937 1945 1956 - 59 End of era (1956) for 1943 1952 the first computer generation J. V. Atanasoff builds a machine that solves The first general purpose programmable High-level programming languages like FORTRAN, systems of partial differential equations. This electronic computer was the Electronic ALGOL and COBOL are introduced. Finally, IBM is the first non-programmable electronic Numerical Integrator and Computer releases the 7090 series of commercial machines computer. Technology: Vacuum tubes. (ENIAC), built by J. P. Eckert and J. V. that support I/O devices. Technology: Transistors. Mauchly. Week 1 – Development Life Cycle and Security History of Computer Systems (2/4) S. Cray developed the CDC 6600, which was the first architecture to use K. Thompson of Bell Labs developed functional parallelism. Technology: an early implementation of the UNIX Integrated circuits. operating system. End of era (1963) for End of era (1971) for the second computer the third computer generation. generation. 1961 1969 1972 1964 1970 The Livermore Atomic Research Computer Machines that use parallel processing D. Ritchie, developed the C (LARC) and the IBM 7030 (aka Stretch) are widely developed. Such examples language. Then, Thompson were the first machines that overlapped are: the IBM 360-195, SOLOMON and and Ritchie used C to write memory operations with processor CDC 7600. a new version of UNIX. operations and had primitive forms of parallel processing. Week 1 – Development Life Cycle and Security History of Computer Systems (3/4) IBM releases the 'IBM PC’, which signifies that Microsoft releases the Windows operating computer companies are beginning to build their system, which was exclusively running on computers based on consumer needs and are the 'IBM PC'. Microsoft Windows is currently being geared less towards the "advanced" the most used desktop operating system in computer users. use in the world today. 1975 1984 1990 1981 1989 ALTAIR is introduced. It ran on an Apple introduces the Macintosh The "WWW" or World Wide Web Intel 8080 processor and is the first Computer. It is the first computer was created when scientists at computer to have a microprocessor designed with a "user-friendly” CERN developed the HTML code. which is in most computers today. GUI operating system. Technology: Microprocessors Week 1 – Development Life Cycle and Security History of Computer Systems (4/4) Intel unveiled its first eight-core Google announces the Gmail. Also, the first desktop processor, the Intel release of Ubuntu Linux distribution is introduced. Core i7-5960X. 1994 - 95 2007 - 08 2016 2004 End of era (2010) for the fourth computer 2014 generation. In 1994, Intel releases the Pentium In 2007, the first iPhone is Scientists at MIT created the first processor. One year later, the Sun introduced by Apple. Next five-atom quantum computer with Microsystems first announces Java at year, Google introduces the the potential to crack the security the SunWorld conference. first Android version of traditional encryption schemes. Week 1 – Development Life Cycle and Security System Safety and Security: A Historical Overview 16/02/2025 Timeline of Critical Safety and Security Failures (1/2) Patriot missile – The defence system failed to track and intercept incoming Scud missile. It turns out that the cause AOL – A former software engineer stole 92 was an inaccurate calculation of the time since boot due to million screen names and email account and computer arithmetic errors. This resulted in the death of 28 sold them to spammers. Reason of leak: people. Reason of safety failure: Programming error. Inside job 1985-87 1996 2009 1991 2004 Therac 25 – It was a computer-controlled US military – The agency sent a Ariane 5 – It was a space vehicle manufactured by radiation therapy machine used for the cancer defective unencrypted hard drive for the European Space Agency. 40 sec after its treatment. Its use resulted in the death and injury repair and recycling without having first launch, the rocket explodes. A code error that was of 3 and 6 patients respectively as the electron- erased the sensitive data. This resulting storing a 64-bit float number into a 16-bit integer beam was improperly activated leading to in the exposure of 76 million records of forced the system to fail due to a severe overflow. radiation overdose. Reason of safety failure: veterans and Social Security numbers. Reason of safety failure: Programming error. Poor design and implementation. Reason of leak: Stolen/Lost device. Week 1 – Development Life Cycle and Security Timeline of Critical Safety and Security Failures (2/2) Yahoo - A massive data breach takes places in Twitter – A glitch caused around 330 million this year, resulting in the exploitation of sensitive passwords to be stored in readable text, data of 1 billion users including their names, tel. which was visible on the internal computer numbers, dates of birth, passwords and security system. Reason of leak: Poor design and questions. Reason of leak: Online hacking. security. 2011 2015 2018 2013 2016 Facebook - Cambridge Analytica collected NHS – A laptop containing River City Media – A dodgy backup resulted the personal information of 50 million unencrypted records of 8.3 in 1.37 billion email addresses plus other Facebook users via an app that scraped million patients went missing personal info to be leaked. Moreover, details about people’s personalities, social from an NHS storeroom. business plans and operations of the networks, and engagement on the platform. Reason of leak: Stolen/Lost company have been exposed. Reason of device. leak: Accidental publishing. Week 1 – Development Life Cycle and Security Security Primitives and Methods 16/02/2025 Necessity for Building Secure Systems The development of such systems depends on the proper use of security attributes and methods that could guarantee a high-level security profile. Thus, to achieve this, a system’s security plan should:  Ensure the Confidentiality, Integrity and Availability of the data/information or service that it deals with  Include authentication and authorisation mechanisms/technique (e.g. access control, biometrics, etc.) to verify the identity of potential users  Consider system accountability  Use encryption and hashing techniques for the data protection Week 1 – Development Life Cycle and Security Confidentiality, Integrity and Availability Note that these three properties are primary security goals for all the computer systems.  Confidentiality: it corresponds to the privacy of the data referring to the prevention of unauthorised disclosure of information. This security requirement should guarantee that the data is accessible only by the authorised users.  Integrity: it refers to the modification of information/data during the operation of the system. This property should guarantee the prevention of unauthorised data changes.  Availability: it refers to the continuous accessibility of the system services and assets. Availability property should guarantee that all the authorised users of the system should never be prevented from accessing the system’s data and assets whenever is required by them. Week 1 – Development Life Cycle and Security Authentication and Accountability To ensure the smooth and secure operation of a system, we also need to incorporate another two basic attributes in the security plan, the authentication and accountability.  Authentication: It refers to the process by which a system tries to confirm the identity of the user who wants to access it.  Accountability: It involves the duties and responsibilities of the employees with respect to the assurance of the information/data. Thus, the security plan should clearly define the responsibilities of the staff when it comes to regular maintenance, inspection, etc. Week 1 – Development Life Cycle and Security Cryptography – An essential Security Method 16/02/2025 What Cryptography is… Cryptography originates from the Greek words Crypto and Graphy:  The meaning of Crypto in Greek is hidden.  The meaning of Graphy in Greek is writing. Combining these two words, we get the meaning of Cryptography, which is “Writing something in a hidden form”. The purpose of cryptography is only one:  To keep the data/information secret and secure. Week 1 – Development Life Cycle and Security Cryptography – Some Useful Terms This glossary provides you with some of the most commonly used terms in cryptography:  Plain text Clear text – the message  Cipher An algorithm for performing encryption  Key A piece of information  Encryption The act of applying a cipher to a message  Ciphertext The output of applying a cipher to a message  Decryption The act of decoding a ciphertext Week 1 – Development Life Cycle and Security Two Basic Types of Ciphers  Substitution Ciphers  Where the positioning of the “letters” remains the same but the “letters” themselves are replaced by other “letters”.  Transposition  Where the “letters” remain the same but the positioning changes S E C U R I T Y R U Y S T E I C Week 1 – Development Life Cycle and Security Symmetric Cryptography  Symmetric key encryption makes use of a single key for both the encryption and decryption process  Algorithms that use symmetric key encryption include AES, DES, Triple-DES  Advantages:  Extremely secure and simple  It would take a billion years to guess the key for AES-256 through brute force  Relatively fast  compared to computationally intensive asymmetric algorithms that need complicated mathematics to work  Disadvantages:  Share the key  Need of a secure channel to pass the key to the other party with whom you want to share the data Week 1 – Development Life Cycle and Security Symmetric Cryptography – The Algorithm Algorithm steps: 1. Alice and Bob agree on the private key Alice ciphertext Bob 2. Alice passes the key to Bob 3. Alice creates ciphertext using the private key: ciphertext = encryptionkey(message) 4. Alice sends it through the communication Sends message Receives message channel. Eve 5. Bob receives the ciphertext and decrypts it Steals message using the private key: message = decryptionkey(ciphertext) 6. Bob receives the original message/plaintext Week 1 – Development Life Cycle and Security Symmetric Cryptography – Key Features  Symmetric (Key) Cryptography/ Encryption  For Alice and Bob  both Alice and Bob need access to the secret key  only Alice and Bob have access to the secret key  For Eve  full knowledge of the encryption/decryption algorithms,  a number of plaintext/ciphertext pairs associated to the target key  For key:  Number of possible keys must be very large  Avoid exhaustive search attack Week 1 – Development Life Cycle and Security Asymmetric Cryptography  Asymmetric or public key encryption makes use of two keys, one for the encryption and decryption process respectively  A public key that can be known by anyone  Used for the encryption  A private key that is kept secret  Used for the decryption  Most known and used asymmetric algorithm: RSA  Advantages:  No need of exchanging the private key  Increased security  The ciphertext cannot be decrypted by a third party only by using the public key  Disadvantages:  Relatively slow  compared to symmetric algorithms that need only one key to work Week 1 – Development Life Cycle and Security Asymmetric Cryptography – The Algorithm Algorithm steps: 1. Alice creates her private key and a public key (similarly for Bob) 2. Alice hides her private key and sends out a copy of the public key to Bob (similarly for Bob) 3. Bob creates the ciphertext using Alice’s public key (similarly ciphertext for Alice): Alice ciphertext = encryptionAlice_publickey(message) Sends message 4. Bob sends it through the communication channel (similarly for Alice). Bob 5. Alice receives the ciphertext and decrypts it using her private key Receives message (similarly for Bob): Eve message = decryptionAlice_privatekey(ciphertext) Steals message 6. Alice receives Bob’s original message/plaintext (similarly for Bob). Week 1 – Development Life Cycle and Security Asymmetric Cryptography – Key Features  Asymmetric (Public Key) Cryptography/ Encryption  For Alice and Bob  only the recipient of the original message (Alice or Bob) needs access to the private key  any sender (Alice and Bob) can have access to the public key  For Eve  full knowledge of the encryption/decryption algorithms,  possession of public key does not reveal the private one, which deprives the decryption of the plaintext  For key:  Strong mathematical functions prevent the computation of the private key Week 1 – Development Life Cycle and Security Hash Functions – Another Security Method 16/02/2025 Hashing Functions A hashing function is a special mathematical function, denoted by H, that:  Performs one-way encryption: H(message) = hash  is pre-image resistant: This property ensures that given a hash, the computation of the input message, such that hash= H(message), is hard. Figure is adapted from Wikipedia.com Week 1 – Development Life Cycle and Security Hash Functions Properties Properties:  Any small change to the message results to a totally different hash output (avalanche effect)  Given a message, it is hard to find message' (different from message) such that H(message) = H(message') (Second-preimage resistant)  It is hard to find message and message’ such that H(message) = H(message') (Collision resistant) Week 1 – Development Life Cycle and Security Example: Application of Hash Functions Properties  Avalanche effect:  Second-preimage resistant:  Alice prepares two versions of a contract. C1 is favourable to her, C2 favourable to Bob;  She makes several unnoticeable changes to each of C1 => C1' and C2 => C2' such that H(C1') = H(C2')  She gets Bob to sign C2', and then later claims he signed C1'  Collision resistant:  hashcalc.exe ≠ malware  H(hashcalc.exe)=H(malware) Week 1 – Development Life Cycle and Security Example: Hashing Passwords  Hashing is not encryption  One way computation  Computers do not store password in clear-text  Store hashes instead of that resulting in lower chances of password compromising Week 1 – Development Life Cycle and Security Hash Function Example: User Login Week 1 – Development Life Cycle and Security System Development Life Cycle (SDLC) 16/02/2025 Introduction to SDLC The System Development Life Cycle is a framework that was introduced in order to avoid the costly design and implementation mistakes regularly met in a developed system. Note that this framework can also expedite the development process of a system* as it proposes an iterative approach that consists of the following distinct stages:  Planning: Provides a project management plan that works as the basis for acquiring the resources needed to develop the considered system.  Requirements/Analysis: Specifies user requirements describing the detailed functioning of the intended system.  Design: System features and operations are described in detail (i.e. system requirements) through the use of prototype models like process diagrams, pseudocodes, etc.  Development: the system is constructed involving the actual programming process.  Testing: Demonstrates that the system conforms to requirements by applying testing techniques.  Maintenance: the system is assessed/evaluated to ensure it does not become obsolete. This is also where changes are made to initial system functioning * A system is defined either as a software, hardware or a combination of both Week 1 – Development Life Cycle and Security General Representation of SDLC Week 1 – Development Life Cycle and Security Waterfall Model – An Overview This model is the first SDLC model that was introduced.  It is very simple to understand and use  Each phase/stage need to be completed before proceeding to the next one  It does not consider any overlapping of the phases/stages involved in the DLC Week 1 – Development Life Cycle and Security Waterfall Model – Pros and Cons Advantages:  Allows departmentalization and control  Clearly defined stages  Each phase/stage proceeds in strict order Disadvantages:  Not good model for complex systems  Poor model for long and ongoing projects  Cannot accommodate changes to requirements Week 1 – Development Life Cycle and Security Iterative Model – An Overview Iterative model does not start with implementing a full specification of the system requirements  Iteratively enhances evolving versions until system is developed completely This process is repeated producing a new version of the system at the end of each iteration of the model. Build 1 Build 2 Build 3 Week 1 – Development Life Cycle and Security Iterative Model – Pros and Cons Advantages:  Some working functionality can be developed early in the life cycle  Parallel development can be planned  Less costly to change the requirements Disadvantages:  Not suitable for small systems  Higher management complexity  Design issues may arise as not all system requirements are considered Week 1 – Development Life Cycle and Security V-Model – An Overview The V model is a SDLC model where execution of Requirements - Acceptance phases occurs in a sequential way in V-shape. Analysis Testing  It is an extension of the waterfall model and is based on association of a testing phase for each corresponding development stage. System System design Testing This process is highly-disciplined and each Architecture Design Integration Testing phase/stage starts only after having completed the previous one. Module Design Unit Testing Coding Week 1 – Development Life Cycle and Security The V-Model – Pros and Cons Advantages:  Easy to understand and apply  Easy to manage as a development model  Suitable for small systems where requirements are well-understood Disadvantages:  Not flexible to changes  Not good for complex systems  Poor model for long and ongoing projects Week 1 – Development Life Cycle and Security Agile Model – An Overview Agile model is a combination of iterative and incremental process models with focus on process adaptability and customer satisfaction by rapid delivery of working system. 1 -3 weeks Agile Model breaks the system into small incremental builds. These builds are provided in iterations. 1 -3 weeks  Each iteration typically lasts from about one to three weeks.  Every iteration involves cross functional teams working simultaneously on various areas such as planning, requirements analysis, design, coding, unit testing, and acceptance testing. Week 1 – Development Life Cycle and Security Agile Model – Pros and Cons Advantages:  Promotes teamwork and cross training  Functionality can be developed rapidly and demonstrated  Suitable for fixed or changing requirements Disadvantages:  Not suitable for handling complex dependencies  Depends heavily on customer interaction  Transfer of technology to new team members may be quite challenging Week 1 – Development Life Cycle and Security Applying Security to SDLC 16/02/2025 Security in Development Life Cycle Figure: Security in SDLC stages (adapted from SANS Institute) Week 1 – Development Life Cycle and Security Summary The most important points of this session are summed up below:  Security and computer systems are interdependent  System security/safety relies on the satisfaction of core security primitives and the proper use of security methods  SDLC proposes an efficient and cost-effective way of developing secure systems.  Different SDLC models introduced to cope with the needs of a wide range of computer systems. Week 1 – Development Life Cycle and Security Any Questions?

SOFT40171 Lecture Slides: Design and Development of Secure Systems PDF

Document Details

Tags

Related

Summary

Full Transcript