Secure Software Design in Practice ARES SECSE Workshop



Similar documents
A qualitative evaluation of model-based security activities for software development

A Methodology for Capturing Software Systems Security Requirements

Developing Secure Software, assignment 1

The Security Development Lifecycle. OWASP 24 June The OWASP Foundation

Cutting Edge Practices for Secure Software Engineering

Building Security into the Software Life Cycle

Combining Security Risk Assessment and Security Testing based on Standards

A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT

Suraksha: A Security Designers Workbench

An Approach to Threat Modeling in Web Application Security Analysis

Developing Secure Software in a Agile environment

A Practical Approach to Threat Modeling

Security architecture and framework Design and pilot implementation

Building Resilient Systems: The Secure Software Development Lifecycle

How To Defend Your Network Security

The Security Development Lifecycle

CSE598k / CSE545 Advanced Network Security

Software Security Engineering: A Key Discipline for Project Managers

SecSDM: A Model for Integrating Security into the Software Development Life Cycle

A Threat Model for a Cloud Infrastructure with no Hypervisor

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

A Survey on Requirements and Design Methods for Secure Software Development*

Secure Programming Lecture 9: Secure Development

S. Faily I. Fléchais

In Building Security In, Gary McGraw proposes three pillars to use throughout the lifecycle: I: Applied Risk Management

Building Security Into The Software Life Cycle

The Security Development Lifecycle. Steven B. Lipner, CISSP Senior Director Security Engineering Strategy Microsoft Corp.

Symantec DLP Overview. Jonathan Jesse ITS Partners

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

On the Secure Software Development Process: CLASP and SDL Compared

The ISDF Framework: Towards Secure Software Development

How to Make Your IDS Useful. Joel M Snyder Senior Partner Opus One jms@opus1.com

Uncover security risks on your enterprise network

HIPAA: Compliance Essentials

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan

End-User Perception and Usability of Information Security

Network Security. Instructor: Adam Hahn

A Governance Framework for Building Secure IT Systems *

JOURNAL OF OBJECT TECHNOLOGY

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

White Paper. Information Security -- Network Assessment

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

Revel8or: Model Driven Capacity Planning Tool Suite

Is security awareness a waste of time?

Microsoft SDL: Agile Development

New Zealand Company Six full time technical staff Offices in Auckland and Wellington

Security Risk Assessment Framework for Network Layer

Contents. xvii. Preface. xxi. Foreword. 1 Introduction 1. Preamble 1. Scope and Structure of the Book 3. Acknowledgments 4 Endnotes 5

eguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success

Activities of Security Engineering in System Development Life Cycle: Security Engineer s View

PI Server Security Best Practice Guide Bryan Owen Cyber Security Manager OSIsoft

Microsoft Services Premier Support. Security Services Catalogue

Outline. Definitions. Course schedule

Legal Project Management: Don t Start Building Without a Blueprint. Lewis Wiener

An Integrated Quality Assurance Framework for Specifying Business Information Systems

Development Processes (Lecture outline)

How To Protect A Virtual Desktop From Attack

Nokia Networks. security you can rely on

Fuzzy Logic Approach for Threat Prioritization in Agile Security Framework using DREAD Model

Enterprise Application Security Program

Högskoleexamen. Web application Security. Sektionen för informationsvetenskap, data- och elektroteknik. Rapport för Högskoleexamen, January 2013

Data Driven Assessment of Cyber Risk:

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

LSM-based Secure System Monitoring Using Kernel Protection Schemes

Agile and Secure: Can We Be Both?

Enterprise Management Solutions Protection Profiles

FINAL Version 1.0 June 25, 2014

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

SETLabs Briefings ENTERPRISE ARCHITECTURE & BUSINESS COMPETITIVENESS VOL 2 NO 4. Oct Dec Threat Modeling in Enterprise Architecture Integration

E-Business Security Policies and Policies

Security testing has recently moved beyond the

Corporate Security in 2016.

Information & Asset Protection with SIEM and DLP

! Resident of Kauai, Hawaii

Transcription:

Secure Software Design in Practice ARES SECSE Workshop Per Håkon Meland and Jostein Jensen SINTEF Information and Communication Technology Department of Security, Safety and System Development {Per.H.Meland, Jostein.Jensen}@sintef.no 1

Increasing number of vulnerabilities in software 8000 6000 4000 2000 0 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 Vulnerability statistics from CERT CC 2

Increasing number of vulnerabilities in software 8000 6000 Software is the biggest problem in computer security today the problem is growing 4000 2000 G. McGraw, "Building Secure Software: Better than Protecting Bad Software," IEEE Software, vol. 19, pp. 57-59, 2002. 0 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 Vulnerability statistics from CERT CC 3

Increasing number of vulnerabilities in software 8000 6000 Software is the biggest problem in computer security today the problem is growing 4000 2000 0 G. McGraw, "Building Secure Software: Better than Protecting Bad Software," IEEE Software, vol. 19, pp. 57-59, 2002. What the heck is going on, and why is the problem getting worse instead of better? 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 Vulnerability statistics from CERT CC M. J. Ranum, "Security: The root of the problem," in ACM QUEUE, vol. 2, 2004, pp. 45-49. 4

Increasing number of vulnerabilities in software 8000 6000 4000 2000 Software is the biggest problem in computer We security wouldn t today have to spend so much the problem time is growing and money on network security if we didn t have such bad software security G. McGraw, "Building Secure Software: Better than Bruce Protecting Schneier, foreword of Bad Software," IEEE Building Software, Secure Software, 2001. vol. 19, pp. 57-59, 2002. What the heck is going on, and why is the problem getting worse instead of better? 0 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 Vulnerability statistics from CERT CC M. J. Ranum, "Security: The root of the problem," in ACM QUEUE, vol. 2, 2004, pp. 45-49. 5

SODA - a Security-Oriented Software Development Framework The target group is the ordinary developer-on-the-street not primarily interested in (or knowledgeable about) security must focus on designing/ implementing as much functionality as possible before the deadline and on budget. 6

The SODA assumptions 1. A developer will not try to learn or memorize security knowledge prior to starting the development. 2. There should be no significant change in the way developers work. 3. There must be good tool support that enhances security during development, preferably integrated into the current development tools. 7

8

SODA during architecture and design 9

Threat modeling Plan and evaluate from an attacker s point of view and based on your assets. Results in a threat model document Not solely connected to the design phase 10

11

12

13

14

Security design guidelines Describes good security hygiene -knowledge 1 Span from less formal best practices, principles and rules-of-thumb to different kinds of policies, rules, regulations and standards Forcing too much theoretical information about ways to incorporate security is not very efficient 2 We have applied the SODA assumptions on: Security design principles Security patterns 1. M. Howard and S. Lipner, The Security Development Lifecycle: Microsoft Press, 2006. 2. Apvrille and M. Pourzandi, "Secure Software Development by Example," in IEEE Security & Privacy, vol. 3, 2005, pp. 10-17. 15

Security design principles Proven rules for improving the security posture of an application E.g. the principle of least common mechanism states that mechanisms used to access resources should not be shared. SODAWeb is a tool that does a rough filtering based on your current project 16

Security patterns A security pattern is a well-understood solution to a recurring security problem Many types of patterns Structural, behavioural and creational security patterns, antipatterns, mini-pattern, procedural patterns. SODAWeb provides: An structured overview XMI templates for security design patterns 17

Security design pattern template 18

Example: Instantiation in an EPR 19

Security design review An architecture and design review helps you validate the security-related design features of your application before you start the development phase 1 Have fresh blood look at and question the design artifacts that have been produced so far. Use SODAWeb to find the most relevant checklists (see the example in Table 3) 1. J. D. Meier, A. Mackman, M. Dunner, S. Vasireddy, R. Escamilla, and A. Murukan, Improving Web Application Security: Threats and Countermeasures: Microsoft Corporation, 2003. 20

Summary and further work Have a set of specific and hands-on techniques and tools We are pretty compliant with the SODA assumptions Need more tuning Student experiments effort vs effect We would like to share security models in a more automated way EU FP7: SHIELDS 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information