This document summarizes the topics covered in the first lecture of a security engineering course. It discusses security engineering and management, security risk assessment, and designing systems for security. The lecture covers tools and techniques for developing secure systems, assessing security risks, and designing system architectures to protect assets and distribute them for redundancy.
A secure system is one where the features are relatively inaccessible to unauthorized users, therefore the system is protected.
A safe system needs to be secure, whereas, a secure system may not need to be safe depending on the application.
A secure system is one where the features are relatively inaccessible to unauthorized users, therefore the system is protected.
A safe system needs to be secure, whereas, a secure system may not need to be safe depending on the application.
This article examines the emerging need for software assurance. As defense contractors continue to develop systems for the Department of Defense (DoD) those systems must meet stringent requirements for deployment. However as over half of the vulnerabilities are found at the application layer organizations must ensure that proper mechanisms are in place to ensure the integrity, availability, and confidentiality of the code is maintained. Download paper at https://www.researchgate.net/publication/255965523_Integrating_Software_Assurance_into_the_Software_Development_Life_Cycle_(SDLC)
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
The weaponisation of software has ushered in a new era of cyber attacks. But with 99% of organizations not prepared for this new front line of cyber-warfare, what does this spell for your business?
• Gain a detailed overview of the next generation of threats out there
• Understand how to detect key threats and attacks before they develop a stranglehold on your business
• Implement the right integrated strategy to keep you safe from cybercriminals on today’s front line
5 Things to Know about Safety and Security of Embedded SystemsMEN Micro
A secure system is one where the features are relatively inaccessible to unauthorized users, therefore the system is protected.
A safe system needs to be secure, whereas, a secure system may not need to be safe depending on the application.
Information and network security 5 security attacks mechanisms and servicesVaibhav Khanna
One approach is to consider three aspects of information security: Security attack – Any action that compromises the security of information owned by an organization. Security mechanism – A mechanism that is designed to detect, prevent or recover from a security attack
Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
Computer security - , cybersecurity or information technology security (IT security) is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
The field is becoming more important due to increased reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of "smart" devices, including smartphones, televisions, and the various devices that constitute the "Internet of things". Owing to its complexity, both in terms of politics and technology, cybersecurity is also one of the major challenges in the contemporary world.
Computer Security: protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
Discusses sociotechnical issues that arose in the design of a national digital learning system intended for use by more than a million students and their teachers
2. Topics covered
• Security engineering and security management
– Security engineering concerned with applications; security
management with infrastructure.
• Security risk assessment
– Designing a system based on the assessment of security
risks.
• Design for security
– How system architectures have to be designed for security.
Security Engineering 1, 2013 Slide 2
3. Security engineering
• Tools, techniques and methods to support the
development and maintenance of systems that can
resist malicious attacks that are intended to damage
a computer-based system or its data.
• A sub-field of the broader field of computer security.
• Assumes background knowledge of dependability
and security concepts (Chapter 10) and security
requirements specification (Chapter 12)
Security Engineering 1, 2013 Slide 3
4. Security concerns
• Confidentiality
– Ensuring that data is only
accessible to authorised
people and organisations
• Integrity
– Ensuring that external
attacks cannot damage data
and programs
• Availability
– Ensuring that external
attacks do not compromise
the availability of data and
programs
Security Engineering 1, 2013 Slide 4
5. Application/infrastructure
security
Build • Application security is
Application a software engineering
problem where the
system is designed to
Purchased infrastructure
resist attacks.
Middleware
• Infrastructure security
is a systems
Platform management problem
where the purchased
Network infrastructure is
configured to resist
attacks.
Security Engineering 1, 2013 Slide 5
6. System layers where security
may be compromised
Security Engineering 1, 2013 Slide 6
7. System security management
• User and permission management
– Adding and removing users from the system and setting up
appropriate permissions for users
• Software deployment and maintenance
– Installing application software and middleware and
configuring these systems so that vulnerabilities are avoided.
• Attack monitoring, detection and recovery
– Monitoring the system for unauthorized access, design
strategies for resisting attacks and develop backup and
recovery strategies.
Security Engineering 1, 2013 Slide 7
8. Security risk management
• Risk management is concerned with assessing the
possible losses that might ensue from attacks on the
system and balancing these losses against the costs
of security procedures that may reduce these losses.
• Risk management should be driven by an
organisational security policy.
• Risk management involves
– Preliminary risk assessment
– Life cycle risk assessment
– Operational risk assessment
Security Engineering 1, 2013 Slide 8
10. Misuse cases
• Misuse cases are instances of threats to a system
• Interception threats
– Attacker gains access to an asset
• Interruption threats
– Attacker makes part of a system unavailable
• Modification threats
– A system asset if tampered with
• Fabrication threats
– False information is added to a system
Security Engineering 1, 2013 Slide 10
12. Asset analysis
Asset Value Exposure
The information system High. Required to support all High. Financial loss as clinics
clinical consultations. Potentially may have to be canceled. Costs
safety-critical. of restoring system. Possible
patient harm if treatment cannot
be prescribed.
The patient database High. Required to support all High. Financial loss as clinics
clinical consultations. Potentially may have to be canceled. Costs
safety-critical. of restoring system. Possible
patient harm if treatment cannot
be prescribed.
An individual patient record Normally low although may be Low direct losses but possible
high for specific high-profile loss of reputation.
patients.
Security Engineering 1, 2013 Slide 12
13. Threat and control analysis
Threat Probability Control Feasibility
Unauthorized user Low Only allow system Low cost of
gains access as system management from implementation but care
manager and makes specific locations that must be taken with key
system unavailable are physically secure. distribution and to
ensure that keys are
available in the event of
an emergency.
Unauthorized user High Require all users to Technically feasible but
gains access as system authenticate themselves high-cost solution.
user and accesses using a biometric Possible user
confidential information mechanism. resistance.
Log all changes to Simple and transparent
patient information to to implement and also
track system usage. supports recovery.
Security Engineering 1, 2013 Slide 13
14. Security requirements
• Patient information must be downloaded at the start
of a clinic session to a secure area on the system
client that is used by clinical staff.
• Patient information must not be maintained on
system clients after a clinic session has finished.
• A log on a separate computer from the database
server must be maintained of all changes made to the
system database.
Security Engineering 1, 2013 Slide 14
15. Life cycle risk assessment
• Risk assessment while the system is being
developed and after it has been deployed
• More information is available - system
platform, middleware and the system architecture
and data organisation.
• Vulnerabilities that arise from design choices may
therefore be identified.
Security Engineering 1, 2013 Slide 15
17. Design decisions from use of
off-the-shelf system
• System users are authenticated using a
name/password combination.
• The system architecture is client-server with clients
accessing the system through a standard web
browser.
• Information is presented as an editable web form.
Security Engineering 1, 2013 Slide 17
19. Security requirements
• A password checker shall be made available and
shall be run daily. Weak passwords shall be reported
to system administrators.
• Access to the system shall only be allowed by
approved client computers.
• All client computers shall have a single, approved
web browser installed by system administrators.
Security Engineering 1, 2013 Slide 19
20. Operational risk assessment
• Environment characteristics can lead to new system
risks
– Risk of interruption means that logged in computers are left
unattended.
Security Engineering 1, 2013 Slide 20
21. Design for security
• Architectural design
– how do architectural design decisions affect the security of a
system?
• Good practice
– what is accepted good practice when designing secure
systems?
• Design for deployment
– what support should be designed into a system to avoid the
introduction of vulnerabilities when a system is deployed for
use?
Security Engineering 1, 2013 Slide 21
22. Architectural design
• Two fundamental issues have to be considered when
designing an architecture for security.
– Protection
• How should the system be organised so that critical assets can
be protected against external attack?
– Distribution
• How should system assets be distributed so that the effects of a
successful attack are minimized?
• These are potentially conflicting
– If assets are distributed, then they are more expensive to
protect. If assets are protected, then usability and
performance requirements may be compromised.
Security Engineering 1, 2013 Slide 22
24. Layered protection model
• Platform-level protection
– Top-level controls on the platform on which a
system runs.
• Application-level protection
– Specific protection mechanisms built into the
application itself e.g. additional password
protection.
• Record-level protection
– Protection that is invoked when access to specific
information is requested
Security Engineering 1, 2013 Slide 24
27. Distributed assets
• Distributing assets means that attacks on one system
do not necessarily lead to complete loss of system
service
• Each platform has separate protection features and
may be different from other platforms so that they do
not share a common vulnerability
• Distribution is particularly important if the risk of
denial of service attacks is high
Security Engineering 1, 2013 Slide 27
28. Distributed assets in an equity
trading system
Security Engineering 1, 2013 Slide 28
29. Key points
• Security engineering is concerned with how to
develop systems that can resist malicious attacks
• Security threats can be threats to confidentiality,
integrity or availability of a system or its data
• Security risk management is concerned with
assessing possible losses from attacks and deriving
security requirements to minimise losses
• Design for security involves architectural design,
following good design practice and minimising the
introduction of system vulnerabilities
Security Engineering 1, 2013 Slide 29