A New Standards Project on Avoiding Programming Language Vulnerabilities



Similar documents
Actions and Recommendations (A/R) Summary

Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes

External Supplier Control Requirements

International Software & Systems Engineering. Standards. Jim Moore The MITRE Corporation Chair, US TAG to ISO/IEC JTC1/SC7 James.W.Moore@ieee.

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

ANALYSIS OF SOFTWARE THREATS AND SOFTWARE SECURITY. Department of Computer Science & IT University of Jammu, Jammu

Cyber Security Research and Development: A Homeland Security Perspective

Middle Class Economics: Cybersecurity Updated August 7, 2015

What is Really Needed to Secure the Internet of Things?

IEEE/EIA AS THE FOUNDATION FOR ENTERPRISE SOFTWARE PROCESSES

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

FREQUENTLY ASKED QUESTIONS

Software Assurance: Considerations in Advancing the National Strategy to Secure Cyberspace

Enterprise Application Security Program

Information technology Security techniques Information security management systems Overview and vocabulary

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

INTERNATIONAL TELECOMMUNICATION UNION

UF IT Risk Assessment Standard

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

The Next Generation of Security Leaders

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

ISO Information Security Management Systems Foundation

- Table of Contents -

Before the DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Washington, DC ) ) ) ) )

Cyber Security R&D (NE-1) and (NEET-4)

TUSKEGEE CYBER SECURITY PATH FORWARD

MS Information Security (MSIS)

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Taxonomic Modeling of Security Threats in Software Defined Networking

TELEFÓNICA UK LTD. Introduction to Security Policy

Security Issues with Integrated Smart Buildings

Data Security Concerns for the Electric Grid

POLICIES TO MITIGATE CYBER RISK

Juniper Networks Secure

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

The Emerging ISO International Standard for Certification of Software Engineering Professionals

ISO/IEC JTC 1/WG 10 Working Group on Internet of Things. Sangkeun YOO, Convenor

AURORA Vulnerability Background

Cyber Security nei prodotti di automazione

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

This document is a preview generated by EVS

Implementing Program Protection and Cybersecurity

Working with the FBI

CESG Certification of Cyber Security Training Courses

Options for Cyber Security. Reactors. April 9, 2015

SYSTEMS SECURITY ENGINEERING

Combining Security Risk Assessment and Security Testing based on Standards

NETWORK SECURITY ASPECTS & VULNERABILITIES

Introduction to Information Security Management

Intrusion Tolerance to Mitigate Attacks that Persist

International standards and guidance that address Medical Device Software

Computer Network Security & Privacy Protection

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

DoD Strategy for Defending Networks, Systems, and Data

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Preventing and Defending Against Cyber Attacks June 2011

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Software and IT Asset Management Standards: Benefits for Organizations and Individuals

Passing PCI Compliance How to Address the Application Security Mandates

Assumption Busters Workshop - Cloud Computing

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

INCO-TRUST. INCO-TRUST: to set up a co-operation framework based on mutual interests & capabilities! Canada US S. Korea Japan.

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Homeland Security Red Teaming

ISO/IEC Information & ICT Security and Governance Standards in practice. Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT

Securing the Cloud Infrastructure

The Software Supply Chain Integrity Framework. Defining Risks and Responsibilities for Securing Software in the Global Supply Chain.

Lessons from Defending Cyberspace

Cyber R &D Research Roundtable

Improving Software Security at the. Source

Software Development: The Next Security Frontier

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

Who s Doing the Hacking?

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter

An Overview of Large US Military Cybersecurity Organizations

Preventing and Defending Against Cyber Attacks November 2010

WRITTEN TESTIMONY OF

DHS, National Cyber Security Division Overview

Cyber Security Education: My Personal Thoughts. Bharat Doshi

AN INFORMATION GOVERNANCE BEST

IEEE SESC Architecture Planning Group: Action Plan

Oil and Gas Industry A Comprehensive Security Risk Management Approach.

Pass-the-Hash. Solution Brief

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

Cyber Information-Sharing Models: An Overview

CYBER SECURITY SERVICES PWNED

Down the SCADA (security) Rabbit Hole. Alberto Volpatto

Software in safety critical systems

Identity Management Initiatives in identity management and emerging standards Presented to Fondazione Ugo Bordoni Rome, Italy

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division

Securing OS Legacy Systems Alexander Rau

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Transcription:

A New Standards Project on Avoiding Programming Language Vulnerabilities Jim Moore Liaison Representative from IEEE Computer Society to ISO/IEC JTC 1/SC 7 Liaison Representative between ISO/IEC JTC 1/SC 7 and SC 22 Convener, ISO/IEC JTC 1/SC 22/OWG Vulnerability James.W.Moore@ieee.org For C Language WG, 2006 March, Berlin 1 Cyber Security is a Growing Problem President s Information Technology Advisory Committee (PITAC) Subcommittee on Cyber Security -- From Joe Jarzombek, PMP, Director for Software Assurance, NCSD, DHS Areas in Need of Increased Support Computer Authentication Methodologies Securing Fundamental Protocols Secure Software Engineering and Software Assurance Holistic System Security Monitoring and Detection Mitigation and Recovery Methodologies Cyber Forensics and Technology to Enable Prosecution of Criminals Modeling and Testbeds for New Technologies Metrics, Benchmarks, and Best Practices Societal and Governance Issues For C Language WG, 2006 March, Berlin 2 2

The problem has implications for: Safety Privacy Security Economy Even national security -- From Joe Jarzombek, PMP, Director for Software Assurance, NCSD, DHS Threat PITAC s Findings Relative to Needs for Secure Software Engineering & Software Assurance Commercial software engineering today lacks the scientific underpinnings and rigorous controls needed to produce high-quality, secure products at acceptable cost. Commonly used software engineering practices permit dangerous errors, such as improper handling of buffer overflows, which enable hundreds of attack programs to compromise millions of computers every year. In the future, the Nation may face even more challenging problems as adversaries both foreign and domestic become increasingly sophisticated in their ability to insert malicious code into critical software. 3 For C Language WG, 2006 March, Berlin 3 Government Response There are initiatives underway in both DoD and DHS. -- From Joe Jarzombek, PMP, Director for Software Assurance, NCSD, DHS DHS Software Assurance Initiative Purpose: Shift security paradigm from Patch Management to Software Assurance Encourage the software developers (public and private industry) to raise the bar on software quality and security Facilitate discussion, develop practical guidance, review tools, and promote R&D investment Charter -- The National Strategy to Secure Cyberspace - Action/Recommendation 2-14: DHS will facilitate a national public-private effort to promulgate best practices and methodologies that promote integrity, security, and reliability in software code development, including processes and procedures that diminish the possibilities of erroneous code, malicious code, or trap doors that could be introduced during development. For C Language WG, 2006 March, Berlin 4 7

Relationship of Software Assurance to Other Disciplines Relating SW Assurance to SW Engineering Information Assurance System and SW Engineering Predictable Execution Safety For a safety analysis to be valid For a security analysis to be valid The execution of the system must be predictable. This requires Correct implementation of requirements, expectations and regulations. Exclusion of unwanted function even in the face of attempted exploitation. Traditional concern New concern 2005 The MITRE Corporation. All rights reserved 3 For C Language WG, 2006 March, Berlin 5 Relationship of Software Assurance to Other Disciplines Raising the Ceiling and Raising the Floor Some avoidable mistakes are encouraged by poor usage (arguably, poor design) of programming languages. Raising the Ceiling Raising the Floor Information Assurance and System Safety typically treat the concerns of the most critical of systems. They prescribe extra practices (and possibly, extra cost) in developing, maintaining and operating such systems. However, some of the concerns of Software Assurance involve simple things that any developer should do. They don t cost anything extra. In some cases, they amount to stop making avoidable mistakes. Best available methods Minimum level of responsible practice 4 2005 The MITRE Corporation. All rights reserved For C Language WG, 2006 March, Berlin 6

Problem Any programming language has constructs that are imperfectly defined, implementationdependent or difficult to use correctly. As a result, software programs sometimes execute differently than intended by the writer. In some cases, these vulnerabilities can be exploited by unfriendly parties. Can compromise safety, security and privacy. Can be used to make additional attacks. For C Language WG, 2006 March, Berlin 7 Complicating Factors The choice of programming language for a project is not solely a technical decision and is not made solely by software engineers. Some vulnerabilities cannot be mitigated by better use of the language but require mitigation by other methods, e.g. review, static analysis. For C Language WG, 2006 March, Berlin 8

ISO IEC TC176 JTC1 TC65 Quality Mgmt Safety SC7 Software and Systems Engineering SC22 Programming Languages SC27 IT Security For C Language WG, 2006 March, Berlin 9 Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use (1 of 3) New project in ISO/IEC JTC 1/SC 22 will produce a Technical Report (which is not a standard ). It will provide guidance, not requirements. Purpose:... prepare comparative guidance spanning a large number of programming languages, so that application developers will be better informed regarding the vulnerabilities inherent to candidate languages and the costs of avoiding such vulnerabilities. An additional benefit is that developers will be better prepared to select tooling to assist in the evaluation and avoidance of vulnerabilities... For C Language WG, 2006 March, Berlin 10

Example from NUREG/CR-6463, Rev. 1, Review Guidelines for Software Languages for Use in Nuclear Power Plant Safety Systems: Final Report, 1997, US Nuclear Regulatory Commission If dynamic memory allocation is unavoidable, the source code should include provisions to ensure that: All dynamically allocated memory during a specific execution cycle is released at the end of that cycle, and The possibility of interruption of execution between the point where memory is dynamically allocated and when it is released is minimized (if not totally eliminated); there should also be provisions in the application code that will detect any situation where dynamically allocated memory has not been released and release such memory. To see the following languages select: Ada; C and C++ ; Pascal; PL/M; Ada 95. For C Language WG, 2006 March, Berlin 11 Example from NUREG/CR-6463, Rev. 1, Review Guidelines for Software Languages for Use in Nuclear Power Plant Safety Systems: Final Report, 1997, US Nuclear Regulatory Commission The following discussion applies to C++ only. In C++, the functions to dynamically allocate and free memory are new and delete. The following guideline applies. Ensure that all classes include a destructor. To avoid memory leaks, all classes must include a destructor that releases any memory allocated by the class. Constructors must themselves be defined in a way to avoid possible memory leaks in case of failures. Ensure that for all derived classes there are virtual destructors. For C Language WG, 2006 March, Berlin 12

Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use (2 of 3)... the project will prefer linguistic means of avoiding vulnerabilities but, when necessary may describe extra-linguistic means (e.g. static analysis or targeted testing)... the project will prefer the avoidance of identified risks but, when necessary, may describe means to mitigate the risk of vulnerabilities that cannot be economically avoided... in cases where identified problems can be neither avoided nor mitigated, the report may assist users in understanding the nature of risk that must be accepted... For C Language WG, 2006 March, Berlin 13 Example from ISO/IEC TR 15942:2000, Information technology Programming languages Guide for the use of the Ada programming language in high integrity systems Initialization of Variables All variables should be given a meaningful value before use. Failure to do so may raise a predefined exception or cause a bounded error at run-time. Initial values may be given by: 1. Associating an explicit initialization expression with the variable at the point of its declaration. 2. Making an assignment to the variable that will be executed prior to references to it. For state variables in packages, assignments may also be made in the package elaboration part. A consistent approach to the initialization of package state variables should be adopted. In all cases, Data Flow analysis should be used to confirm that every object has been assigned a value before it is used. The effectiveness of the analysis is undermined if variables are initialized unnecessarily (sometimes called junk initialization ).... For C Language WG, 2006 March, Berlin 14

Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use (3 of 3)... in some situations, one construct might be preferred over another on the grounds that it is easier to test or easier to analyze. This relationship between construction and subsequent verification activities makes it clear that the report will be useful both for those emphasizing "correctness by construction" and those who desire to improve the predictability of execution through testing and analysis... For C Language WG, 2006 March, Berlin 15 Status The project is now being organized. The project is assigned to SC22 s OWG on Vulnerability: Convener, Jim Moore Co-Convener, John Benito More information http://aitc.aitcnet.org/isai/ For C Language WG, 2006 March, Berlin 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information