Engineering Secure Complex Software Systems and Services

Transcription

1 Engineering Secure Complex Software Systems and Services Preparation of FP7-ICT WP Mini-Concertation Meeting Henrique Madeira University of Coimbra Portugal University of Coimbra

2 Question 1 What should secure software engineering deal with, in addition to software engineering, to ensure the development of secure complex software systems and services? Secure software engineering tends to be seen as a software lifecycle where a special emphasis is placed on software security in each phase. Best practices can continuously be improved. But secure software engineering should deal with a few facts: Developing software is still a human intensive and error prone process secure coding is hard to achieve. Available verification and validation techniques and tools are not perfect. Component based SW development (COTS and custom components) is a solid trend but the impact on security of using COTS is difficult to estimate. Security is not a one-time issue continuous monitoring and management of security configuration settings at runtime is essential. 2

3 Question 1 What should secure software engineering deal with, in addition to software engineering, to ensure the development of secure complex software systems and services? Secure software engineering tends to be seen as a software lifecycle where a special emphasis is placed on software security in each phase. Best practices can continuously be improved. But secure software engineering should deal with a few facts: Developing software is still a human intensive and error prone process secure coding is hard to achieve. Available verification and validation techniques and tools are not perfect. Component based SW development (COTS and custom components) is a solid Example: trend McGraw s but the Security impact Development on security of Lifecylce using COTS is difficult to estimate. Security is not a one-time issue continuous monitoring and management of security configuration settings at runtime is essential. 3

4 Question 1 What should Example secure of benchmarking software engineering vulnerability scanners deal with, in addition to software engineering, to ensure the development of secure complex software systems and services? Vulnerability Detected by Scanner 1 17 manual (detected 51/117) Secure software engineering tends to be seen as scanning a software only lifecycle where 17 a special emphasis is placed on software security in each phase. Best practices can continuously be improved. But secure software engineering 30 should deal with a few facts: 3 Developing software is still a human 1 intensive and error prone process secure coding Vulnerability is hard to achieve. 7 Vulnerability Scanner 3 Available verification and validation 16techniques Scanner and tools 2 are not perfect. (detected 73/117) 26 (detected 27/117) Component based SW development (COTS and custom components) is a solid trend but the impact on security of using COTS is difficult to estimate. Vulnerability Scanner 1 = Acunetix Web Vulnerability Scanner 4 Security is not a one-time issue continuous monitoring and management of Vulnerability Scanner 2 = Watchfire AppScan 7 (aquired by IBM) security configuration settings at runtime is essential. Vulnerability Scanner 3 = Spi Dynamics WebInspect 6.32 (aquired by HP) 4

5 Question 2 What is the state of the art today in engineering secure software systems (from a research and an industrial practice perspective)? Security is a very broad area cryptography, security protocols, access control, information flow, code obfuscation, software security, network security, intrusion detection, etc Security software Software whose primary functionality is to implement a security protocol or mechanism, or a security technique good examples of successful mechanisms and techniques Security of software Software that does not contain vulnerabilities and functions correctly under malicious use secure coding is still a software engineering problem Verification and Static Analysis lots of progress but far from being effective We still don t know How to measure security How to benchmark security (of components or systems) 5

6 Question 3 What are the main problems we face today in the field? (From a research and an industrial practice perspective)? Complexity of software Human issues (in development and maintenance) Development of software is still a quite manual process (in spite of all formal methods available ). System management is crucial to security and again still very manual. Development based on the integration of components (often unsecure or even malicious) is a challenge to security. Reuse issues. Adaptation to uncertainty in complex networked systems We don t really know how to assess and compare security (and resilience and dependability ). 6

7 Question 5 Where should we focus our future research efforts in the coming 5-10 years What should be the major new research directions? How to achieve them (in terms of mobilising a critical mass, funding instruments to use, etc.)? Quantifiable resilience and security: measurement, assessment, and validation of resiliency and security. Resilient, secure and dependable dynamic infrastructures and systems Adaptable to changes Made of dynamic mixture of components built by different parties Resilient adaptation in contrast to static provable dependability Component benchmarking (security, resilience) Risk/cost assessment (security, resilience) 7

8 Question 5 Where should we focus our future research efforts in the coming 5-10 years What should be the major new research directions? How to achieve them (in terms of mobilising a critical mass, funding instruments to use, etc.)? How to achieve this: Projects, consortia, councils that bring together people from different areas of expertise Create context for component certification (cost control ) Industry and research effort Invest on better tools Plans to educate programs for security 8