Reducing Software Security Risk (RSSR) David Gilliam, John Powell California Institute of Technology, Jet Propulsion Labor...
Software Security Checklist (SSC) <ul><li>NOTE:  </li></ul><ul><ul><li>This research was carried out at the Jet Propulsion...
Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Software Security Assessme...
Current Collaborators <ul><li>David Gilliam – Principle Investigator, JPL </li></ul><ul><li>John Powell </li></ul><ul><li>...
Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Software Security Assessme...
Goal <ul><li>Reduce security risk to the computing environment by mitigating vulnerabilities in the software development a...
Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Software Security Assessme...
Problem <ul><li>Lack of Experts: Brooks – “No Silver Bullet” is still valid (IEEE Software Engineering, 1987) </li></ul><u...
Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Software Security Assessme...
Software Security Assessment Instrument (SSAI) <ul><li>Software Security Checklist (SSC) </li></ul><ul><ul><li>Software Li...
SSAI (Cont.) <ul><li>Model-Based Verification (MBV) and a Flexible Modeling Framework (FMF) </li></ul><ul><ul><li>SPIN Mod...
SSAI (Cont.) <ul><li>Security Assessment Tool’s (SAT’s) </li></ul><ul><ul><li>List of Tools and Purpose of Each </li></ul>...
Reducing Software Security Risk  Through an Integrated Approach <ul><li>Software Vulnerabilities Expose IT Systems and Inf...
Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Software Security Assessme...
Model Checking: Flexible Modeling Framework (cont.) <ul><li>MC with FMF Benefits Software Early in its Lifecycle </li></ul...
Model Checking: Flexible Modeling Framework Collection of Model Components  Model Checker  Component Combiner  Each Indivi...
Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Security & the Software Li...
Software Security Checklist (SSC) <ul><li>Two Phases </li></ul><ul><ul><li>Phase 1: </li></ul></ul><ul><ul><ul><li>Provide...
SSC (Cont.) <ul><li>Phase 1: </li></ul><ul><ul><li>Pre-Requirements </li></ul></ul><ul><ul><ul><li>Understand the Problem ...
SSC (Cont.) <ul><li>Phase 2: </li></ul><ul><ul><li>Release of Software </li></ul></ul><ul><ul><ul><li>Areas for Protection...
SSC (Cont.) <ul><li>Project Life Cycle Approach </li></ul><ul><ul><li>Security Requirements </li></ul></ul><ul><ul><ul><li...
SSC Tools <ul><li>Review Source Code </li></ul><ul><li>Review File Calls </li></ul><ul><li>Review Library Calls </li></ul>...
Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Security & the Software Li...
Final Notes <ul><li>Womb-to-Tomb Process </li></ul><ul><ul><li>Must Coincide with Organizational Polices and Requirements ...
Final Notes (Cont.) <ul><li>Return on Investment (ROI) </li></ul><ul><ul><li>Enhanced or Non-Loss of NASA Image </li></ul>...
Note on Future Work <ul><li>Training Course for SSC and Use of Security Assessment Tools </li></ul><ul><li>Experts and Exp...
David Gilliam JPL 400 Oak Grove Dr., MS 144-210 Pasadena, CA 91109 Phone:  (818) 354-0900 FAX: (818) 393-1377 Email:  [ema...
Upcoming SlideShare
Loading in …5
×

Reducing Software Security Risk Through an Integrated Approach

307 views
251 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
307
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Reducing Software Security Risk Through an Integrated Approach

  1. 1. Reducing Software Security Risk (RSSR) David Gilliam, John Powell California Institute of Technology, Jet Propulsion Laboratory Matt Bishop University of California at Davis California Institute of Technology, Jet Propulsion Lab
  2. 2. Software Security Checklist (SSC) <ul><li>NOTE: </li></ul><ul><ul><li>This research was carried out at the Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration </li></ul></ul><ul><ul><li>The work was sponsored by the NASA Office of Safety and Mission Assurance under the Software Assurance Research Program lead by the NASA Software IV&V Facility </li></ul></ul><ul><ul><li>This activity is managed locally at JPL through the Assurance and Technology Program Office </li></ul></ul>
  3. 3. Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Software Security Assessment Instrument (SSAI) </li></ul><ul><li>Model Checking: Flexible Modeling Framework </li></ul><ul><li>Software Security Checklist (SSC) </li></ul>
  4. 4. Current Collaborators <ul><li>David Gilliam – Principle Investigator, JPL </li></ul><ul><li>John Powell </li></ul><ul><li>Tom Wolfe </li></ul><ul><li>Matt Bishop – Associate Professor of Computer Science, University of California at Davis </li></ul><ul><li>http://rssr.jpl.nasa.gov </li></ul>
  5. 5. Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Software Security Assessment Instrument (SSAI) </li></ul><ul><li>Model Checking: Flexible Modeling Framework </li></ul><ul><li>Software Security Checklist (SSC) </li></ul>
  6. 6. Goal <ul><li>Reduce security risk to the computing environment by mitigating vulnerabilities in the software development and maintenance life cycles </li></ul><ul><li>Provide an instrument and tools to help avoid vulnerabilities and exposures in software </li></ul><ul><li>To aid in complying with security requirements and best practices </li></ul>
  7. 7. Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Software Security Assessment Instrument (SSAI) </li></ul><ul><li>Model Checking: Flexible Modeling Framework </li></ul><ul><li>Software Security Checklist (SSC) </li></ul>
  8. 8. Problem <ul><li>Lack of Experts: Brooks – “No Silver Bullet” is still valid (IEEE Software Engineering, 1987) </li></ul><ul><li>Poor Security Requirements </li></ul><ul><li>Poor System Engineering </li></ul><ul><ul><li>Leads to poor design, coding, and testing </li></ul></ul><ul><li>Cycle of Penetrate and Patch </li></ul><ul><li>Piecemeal Approach to Security Assurance </li></ul>
  9. 9. Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Software Security Assessment Instrument (SSAI) </li></ul><ul><li>Model Checking: Flexible Modeling Framework </li></ul><ul><li>Software Security Checklist (SSC) </li></ul>
  10. 10. Software Security Assessment Instrument (SSAI) <ul><li>Software Security Checklist (SSC) </li></ul><ul><ul><li>Software Life Cycle </li></ul></ul><ul><ul><li>External Release of Software </li></ul></ul><ul><li>Vulnerability Matrix (VMatrix) </li></ul><ul><ul><li>List and Ranking of Vulnerabilities </li></ul></ul><ul><ul><li>Vulnerability Properties </li></ul></ul><ul><ul><li>Classification of Types of Vulnerabilities </li></ul></ul><ul><ul><li>List Maintained by UC Davis </li></ul></ul>
  11. 11. SSAI (Cont.) <ul><li>Model-Based Verification (MBV) and a Flexible Modeling Framework (FMF) </li></ul><ul><ul><li>SPIN Model Checker and Promela </li></ul></ul><ul><ul><li>FMF Developed to Address State Space </li></ul></ul><ul><li>Property-Based Tester (PBT) </li></ul><ul><ul><li>Tests Source Code for JAVA, C, and C++ </li></ul></ul><ul><ul><li>Verifier to ensure security property violations have not been re-introduced in coding </li></ul></ul>
  12. 12. SSAI (Cont.) <ul><li>Security Assessment Tool’s (SAT’s) </li></ul><ul><ul><li>List of Tools and Purpose of Each </li></ul></ul><ul><ul><li>Alternate Tools and Sites to Obtain Them </li></ul></ul>
  13. 13. Reducing Software Security Risk Through an Integrated Approach <ul><li>Software Vulnerabilities Expose IT Systems and Infrastructure to Security Risks </li></ul><ul><li>Goal: Reduce Security Risk in Software and Protect IT Systems, Data, and Infrastructure </li></ul><ul><ul><ul><li>Security Training for System Engineers and Developers </li></ul></ul></ul><ul><ul><ul><li>Software Security Checklist for end-to-end life cycle </li></ul></ul></ul><ul><ul><ul><li>Software Security Assessment Instrument (SSAI) </li></ul></ul></ul><ul><li>Security Instrument Includes: </li></ul><ul><ul><li>Security Checklist </li></ul></ul><ul><ul><li>Vulnerability Matrix </li></ul></ul><ul><ul><li>Property-Based Testing </li></ul></ul><ul><ul><li>Model-Based Verification </li></ul></ul><ul><ul><li>Collection of security tools </li></ul></ul>NASA
  14. 14. Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Software Security Assessment Instrument (SSAI) </li></ul><ul><li>Model Checking: Flexible Modeling Framework </li></ul><ul><li>Software Security Checklist (SSC) </li></ul>
  15. 15. Model Checking: Flexible Modeling Framework (cont.) <ul><li>MC with FMF Benefits Software Early in its Lifecycle </li></ul><ul><ul><li>Earlier Discovery of Software Errors </li></ul></ul><ul><ul><li>Correction is easier / better / less expensive </li></ul></ul><ul><li>FMF must adapt to early lifecycle events </li></ul><ul><ul><li>Rapidly changing requirements and designs </li></ul></ul><ul><ul><li>Varying / Increasing levels of detail defined for different parts of the system </li></ul></ul>
  16. 16. Model Checking: Flexible Modeling Framework Collection of Model Components Model Checker Component Combiner Each Individual Component Unique Component Combinations If Combination State Space is too Large No Yes MCCT Implicit Explicit Heuristic Propagation of Results Updated Component  Combinations Containing 
  17. 17. Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Security & the Software Life Cycle </li></ul><ul><li>Software Security Assessment Instrument (SSAI) </li></ul><ul><li>Software Security Checklist (SSC) </li></ul><ul><li>Final Notes </li></ul>
  18. 18. Software Security Checklist (SSC) <ul><li>Two Phases </li></ul><ul><ul><li>Phase 1: </li></ul></ul><ul><ul><ul><li>Provide instrument to integrate security as a formal approach to the software life cycle </li></ul></ul></ul><ul><ul><ul><li>Requirements Driven </li></ul></ul></ul><ul><ul><li>Phase 2: </li></ul></ul><ul><ul><ul><li>External Release of Software </li></ul></ul></ul><ul><ul><ul><li>Release Process </li></ul></ul></ul>
  19. 19. SSC (Cont.) <ul><li>Phase 1: </li></ul><ul><ul><li>Pre-Requirements </li></ul></ul><ul><ul><ul><li>Understand the Problem and Scope </li></ul></ul></ul><ul><ul><li>Requirements Gathering and Elicitation </li></ul></ul><ul><ul><ul><li>Be Aware of Applicable Requirements Documents </li></ul></ul></ul><ul><ul><ul><li>Provide Trace to External Requirements Docs </li></ul></ul></ul><ul><ul><li>Security Risk Assessment </li></ul></ul><ul><ul><ul><li>NPG 7120.5B – Project Life Cycle document </li></ul></ul></ul><ul><ul><ul><li>Potential Integration with DDP Tool </li></ul></ul></ul><ul><ul><li>V&V Tools Available for Software Life Cycle </li></ul></ul>
  20. 20. SSC (Cont.) <ul><li>Phase 2: </li></ul><ul><ul><li>Release of Software </li></ul></ul><ul><ul><ul><li>Areas for Protection: </li></ul></ul></ul><ul><ul><ul><ul><li>Protect People </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Protect ITAR and EAR </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Protect Trade Secrets – Patents </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Protect Organizational Resources </li></ul></ul></ul></ul><ul><ul><ul><li>Considerations </li></ul></ul></ul><ul><ul><ul><ul><li>Insecure Subsystem Calls </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Embedded IP Addresses or Phone Numbers </li></ul></ul></ul></ul><ul><ul><ul><li>Delivered to Code R Draft Checklist </li></ul></ul></ul>
  21. 21. SSC (Cont.) <ul><li>Project Life Cycle Approach </li></ul><ul><ul><li>Security Requirements </li></ul></ul><ul><ul><ul><li>Stakeholders </li></ul></ul></ul><ul><ul><ul><li>Federal, State, Local Requirements </li></ul></ul></ul><ul><ul><ul><li>NASA Requirements and Guidelines </li></ul></ul></ul><ul><ul><li>Design, Development, Test </li></ul></ul><ul><ul><li>Maintenance and Decommissioning </li></ul></ul><ul><ul><li>Tools and Instruments </li></ul></ul><ul><ul><li>Expert Center (IV&V) and People to Assist </li></ul></ul><ul><ul><li>Training </li></ul></ul>
  22. 22. SSC Tools <ul><li>Review Source Code </li></ul><ul><li>Review File Calls </li></ul><ul><li>Review Library Calls </li></ul><ul><li>Check Subroutine Calls in Binaries </li></ul><ul><ul><li>Provided Perl Scripts </li></ul></ul><ul><ul><li>System and Programming Tools </li></ul></ul>
  23. 23. Agenda <ul><li>Collaborators </li></ul><ul><li>Goal </li></ul><ul><li>Problem </li></ul><ul><li>Security & the Software Life Cycle </li></ul><ul><li>Software Security Assessment Instrument (SSAI) </li></ul><ul><li>Software Security Checklist (SSC) </li></ul><ul><li>Final Notes </li></ul>
  24. 24. Final Notes <ul><li>Womb-to-Tomb Process </li></ul><ul><ul><li>Must Coincide with Organizational Polices and Requirements </li></ul></ul><ul><ul><li>Notification to Users and Functional Areas when Software or Systems De-Commissioned </li></ul></ul><ul><ul><ul><li>Regression Test on Decommissioning </li></ul></ul></ul><ul><ul><ul><li>Re-Verify Security on Decommissioning </li></ul></ul></ul>
  25. 25. Final Notes (Cont.) <ul><li>Return on Investment (ROI) </li></ul><ul><ul><li>Enhanced or Non-Loss of NASA Image </li></ul></ul><ul><ul><li>Maintenance Costs Decrease </li></ul></ul>
  26. 26. Note on Future Work <ul><li>Training Course for SSC and Use of Security Assessment Tools </li></ul><ul><li>Experts and Expert Center Available to Assist with the Instrument and Tools </li></ul><ul><li>Integrate with Deep Space Mission Systems (DSMS) </li></ul><ul><ul><li>Verifying SSL </li></ul></ul><ul><ul><li>Potential to Verify Space Link Extension (SLE) Protocol </li></ul></ul><ul><li>Developing an Approach to Project Life Cycle Security Risk Assessment at JPL </li></ul>
  27. 27. David Gilliam JPL 400 Oak Grove Dr., MS 144-210 Pasadena, CA 91109 Phone: (818) 354-0900 FAX: (818) 393-1377 Email: [email_address] John Powell MS 125-233 Phone: (818) 393-1377 Email: [email_address] Website: http://rssr.jpl.nasa.gov/ FOR MORE INFO...

×