SlideShare a Scribd company logo

Security Engineering 1 (CS 5032 2012)

Download as PPTX, PDF
Ian Sommerville
Ian Sommerville
TechnologyBusiness
1 of 29
Security Engineering Lecture 1 Security Engineering, Critical Systems Engineering, 2010 Slide 1
Topics covered • Security engineering and security management – Security engineering concerned with applications; security management with infrastructure. • Security risk assessment – Designing a system based on the assessment of security risks. • Design for security – How system architectures have to be designed for security. Security Engineering, Critical Systems Engineering, 2010 Slide 2
Security engineering • Tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer-based system or its data. • A sub-field of the broader field of computer security. • Assumes background knowledge of dependability and security concepts (Chapter 10) and security requirements specification (Chapter 12) Security Engineering, Critical Systems Engineering, 2010 Slide 3
Security concerns • Confidentiality – Ensuring that data is only accessible to authorised people and organisations • Integrity – Ensuring that external attacks cannot damage data and programs • Availability – Ensuring that external attacks do not compromise the availability of data and programs Security Engineering, Critical Systems Engineering, 2010 Slide 4
Application/infrastructure security Build • Application security is Application a software engineering problem where the system is designed to Purchased infrastructure resist attacks. Middleware • Infrastructure security is a systems Platform management problem where the purchased Network infrastructure is configured to resist attacks. Security Engineering, Critical Systems Engineering, 2010 Slide 5
System layers where security may be compromised Security Engineering, Critical Systems Engineering, 2010 Slide 6
System security management • User and permission management – Adding and removing users from the system and setting up appropriate permissions for users • Software deployment and maintenance – Installing application software and middleware and configuring these systems so that vulnerabilities are avoided. • Attack monitoring, detection and recovery – Monitoring the system for unauthorized access, design strategies for resisting attacks and develop backup and recovery strategies. Security Engineering, Critical Systems Engineering, 2010 Slide 7
Security risk management • Risk management is concerned with assessing the possible losses that might ensue from attacks on the system and balancing these losses against the costs of security procedures that may reduce these losses. • Risk management should be driven by an organisational security policy. • Risk management involves – Preliminary risk assessment – Life cycle risk assessment – Operational risk assessment Security Engineering, Critical Systems Engineering, 2010 Slide 8
Preliminary risk assessment Security Engineering, Critical Systems Engineering, 2010 Slide 9
Misuse cases • Misuse cases are instances of threats to a system • Interception threats – Attacker gains access to an asset • Interruption threats – Attacker makes part of a system unavailable • Modification threats – A system asset if tampered with • Fabrication threats – False information is added to a system Security Engineering, Critical Systems Engineering, 2010 Slide 10
Security Engineering, Critical Systems Engineering, 2010 Slide 11
Asset analysis Asset Value Exposure The information system High. Required to support all High. Financial loss as clinics clinical consultations. Potentially may have to be canceled. Costs safety-critical. of restoring system. Possible patient harm if treatment cannot be prescribed. The patient database High. Required to support all High. Financial loss as clinics clinical consultations. Potentially may have to be canceled. Costs safety-critical. of restoring system. Possible patient harm if treatment cannot be prescribed. An individual patient record Normally low although may be Low direct losses but possible high for specific high-profile loss of reputation. patients. Security Engineering, Critical Systems Engineering, 2010 Slide 12
Threat and control analysis Threat Probability Control Feasibility Unauthorized user Low Only allow system Low cost of gains access as system management from implementation but care manager and makes specific locations that must be taken with key system unavailable are physically secure. distribution and to ensure that keys are available in the event of an emergency. Unauthorized user High Require all users to Technically feasible but gains access as system authenticate themselves high-cost solution. user and accesses using a biometric Possible user confidential information mechanism. resistance. Log all changes to Simple and transparent patient information to to implement and also track system usage. supports recovery. Security Engineering, Critical Systems Engineering, 2010 Slide 13
Security requirements • Patient information must be downloaded at the start of a clinic session to a secure area on the system client that is used by clinical staff. • Patient information must not be maintained on system clients after a clinic session has finished. • A log on a separate computer from the database server must be maintained of all changes made to the system database. Security Engineering, Critical Systems Engineering, 2010 Slide 14
Life cycle risk assessment • Risk assessment while the system is being developed and after it has been deployed • More information is available - system platform, middleware and the system architecture and data organisation. • Vulnerabilities that arise from design choices may therefore be identified. Security Engineering, Critical Systems Engineering, 2010 Slide 15
Life-cycle risk analysis Security Engineering, Critical Systems Engineering, 2010 Slide 16
Design decisions from use of off-the-shelf system • System users are authenticated using a name/password combination. • The system architecture is client-server with clients accessing the system through a standard web browser. • Information is presented as an editable web form. Security Engineering, Critical Systems Engineering, 2010 Slide 17
Vulnerabilities associated with technology choices Security Engineering, Critical Systems Engineering, 2010 Slide 18
Security requirements • A password checker shall be made available and shall be run daily. Weak passwords shall be reported to system administrators. • Access to the system shall only be allowed by approved client computers. • All client computers shall have a single, approved web browser installed by system administrators. Security Engineering, Critical Systems Engineering, 2010 Slide 19
Operational risk assessment • Environment characteristics can lead to new system risks – Risk of interruption means that logged in computers are left unattended. Security Engineering, Critical Systems Engineering, 2010 Slide 20
Design for security • Architectural design – how do architectural design decisions affect the security of a system? • Good practice – what is accepted good practice when designing secure systems? • Design for deployment – what support should be designed into a system to avoid the introduction of vulnerabilities when a system is deployed for use? Security Engineering, Critical Systems Engineering, 2010 Slide 21
Architectural design • Two fundamental issues have to be considered when designing an architecture for security. – Protection • How should the system be organised so that critical assets can be protected against external attack? – Distribution • How should system assets be distributed so that the effects of a successful attack are minimized? • These are potentially conflicting – If assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised. Security Engineering, Critical Systems Engineering, 2010 Slide 22
Protection – defence in depth Security Engineering, Critical Systems Engineering, 2010 Slide 23
Layered protection model • Platform-level protection – Top-level controls on the platform on which a system runs. • Application-level protection – Specific protection mechanisms built into the application itself e.g. additional password protection. • Record-level protection – Protection that is invoked when access to specific information is requested Security Engineering, Critical Systems Engineering, 2010 Slide 24
A layered protection architecture Security Engineering, Critical Systems Engineering, 2010 Slide 25
Distribute assets to reduce losses Security Engineering, Critical Systems Engineering, 2010 Slide 26
Distributed assets • Distributing assets means that attacks on one system do not necessarily lead to complete loss of system service • Each platform has separate protection features and may be different from other platforms so that they do not share a common vulnerability • Distribution is particularly important if the risk of denial of service attacks is high Security Engineering, Critical Systems Engineering, 2010 Slide 27
Distributed assets in an equity trading system Security Engineering, Critical Systems Engineering, 2010 Slide 28
Key points • Security engineering is concerned with how to develop systems that can resist malicious attacks • Security threats can be threats to confidentiality, integrity or availability of a system or its data • Security risk management is concerned with assessing possible losses from attacks and deriving security requirements to minimise losses • Design for security involves architectural design, following good design practice and minimising the introduction of system vulnerabilities Security Engineering, Critical Systems Engineering, 2010 Slide 29

Recommended

CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Ian Sommerville
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013Ian Sommerville
 

Recommended

CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Ian Sommerville
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013Ian Sommerville
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013Ian Sommerville
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013Ian Sommerville
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013Ian Sommerville
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgJohn M. Kennedy
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear FacilitiesOPSWAT
 
Network security Topic 2 overview continued
Network security Topic 2 overview continuedNetwork security Topic 2 overview continued
Network security Topic 2 overview continuedKhawar Nehal khawar.nehal@atrc.net.pk
 
I0516064
I0516064I0516064
I0516064IOSR Journals
 
SMS Manager Static Demo | Aviation Safety Management System
SMS Manager Static Demo | Aviation Safety Management SystemSMS Manager Static Demo | Aviation Safety Management System
SMS Manager Static Demo | Aviation Safety Management SystemUniversal Weather and Aviation, Inc.
 
It secuirty policy guidelines and practices
It secuirty policy guidelines and practicesIt secuirty policy guidelines and practices
It secuirty policy guidelines and practiceswaruireuben
 
Security testing (CS 5032 2012)
Security testing (CS 5032 2012)Security testing (CS 5032 2012)
Security testing (CS 5032 2012)Ian Sommerville
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations SecurityAlfred Ouyang
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk MgmtAlfred Ouyang
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Luxembourg Institute of Science and Technology
 
Multi agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reactionMulti agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reactionLuxembourg Institute of Science and Technology
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsIn Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsDETER-Project
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 

More Related Content

What's hot

CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013Ian Sommerville
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013Ian Sommerville
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013Ian Sommerville
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgJohn M. Kennedy
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear FacilitiesOPSWAT
 
It secuirty policy guidelines and practices
It secuirty policy guidelines and practicesIt secuirty policy guidelines and practices
It secuirty policy guidelines and practiceswaruireuben
 
Security testing (CS 5032 2012)
Security testing (CS 5032 2012)Security testing (CS 5032 2012)
Security testing (CS 5032 2012)Ian Sommerville
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations SecurityAlfred Ouyang
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk MgmtAlfred Ouyang
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsIn Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsDETER-Project
 

What's hot (20)

CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear Facilities
 
Network security Topic 2 overview continued
Network security Topic 2 overview continuedNetwork security Topic 2 overview continued
Network security Topic 2 overview continued
 
I0516064
I0516064I0516064
I0516064
 
SMS Manager Static Demo | Aviation Safety Management System
SMS Manager Static Demo | Aviation Safety Management SystemSMS Manager Static Demo | Aviation Safety Management System
SMS Manager Static Demo | Aviation Safety Management System
 
It secuirty policy guidelines and practices
It secuirty policy guidelines and practicesIt secuirty policy guidelines and practices
It secuirty policy guidelines and practices
 
Security testing (CS 5032 2012)
Security testing (CS 5032 2012)Security testing (CS 5032 2012)
Security testing (CS 5032 2012)
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...
 
Multi agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reactionMulti agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reaction
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical SystemsIn Quest of Benchmarking Security Risks to Cyber-Physical Systems
In Quest of Benchmarking Security Risks to Cyber-Physical Systems
 

Similar to Security Engineering 1 (CS 5032 2012)

Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)Sandeep Agarwal
 
Information and network security 5 security attacks mechanisms and services
Information and network security 5 security attacks mechanisms and servicesInformation and network security 5 security attacks mechanisms and services
Information and network security 5 security attacks mechanisms and servicesVaibhav Khanna
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9Ian Sommerville
 
Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2Don Kim
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded SystemsMEN Micro
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded SystemsMEN Mikro Elektronik GmbH
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdfShyma Jugesh
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfssuserf98dd4
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systemsRaghav S
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringTieu Luu
 

Similar to Security Engineering 1 (CS 5032 2012) (20)

Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Information systems security(1)
Information systems security(1)Information systems security(1)
Information systems security(1)
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
Information and network security 5 security attacks mechanisms and services
Information and network security 5 security attacks mechanisms and servicesInformation and network security 5 security attacks mechanisms and services
Information and network security 5 security attacks mechanisms and services
 
Ch14
Ch14Ch14
Ch14
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9
 
Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systems
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous Monitoring
 

More from Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale SystemsIan Sommerville
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITSIan Sommerville
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems designIan Sommerville
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITSIan Sommerville
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITSIan Sommerville
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-studyIan Sommerville
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013Ian Sommerville
 

More from Ian Sommerville (17)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Security Engineering 1 (CS 5032 2012)

  • 1. Security Engineering Lecture 1 Security Engineering, Critical Systems Engineering, 2010 Slide 1
  • 2. Topics covered • Security engineering and security management – Security engineering concerned with applications; security management with infrastructure. • Security risk assessment – Designing a system based on the assessment of security risks. • Design for security – How system architectures have to be designed for security. Security Engineering, Critical Systems Engineering, 2010 Slide 2
  • 3. Security engineering • Tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer-based system or its data. • A sub-field of the broader field of computer security. • Assumes background knowledge of dependability and security concepts (Chapter 10) and security requirements specification (Chapter 12) Security Engineering, Critical Systems Engineering, 2010 Slide 3
  • 4. Security concerns • Confidentiality – Ensuring that data is only accessible to authorised people and organisations • Integrity – Ensuring that external attacks cannot damage data and programs • Availability – Ensuring that external attacks do not compromise the availability of data and programs Security Engineering, Critical Systems Engineering, 2010 Slide 4
  • 5. Application/infrastructure security Build • Application security is Application a software engineering problem where the system is designed to Purchased infrastructure resist attacks. Middleware • Infrastructure security is a systems Platform management problem where the purchased Network infrastructure is configured to resist attacks. Security Engineering, Critical Systems Engineering, 2010 Slide 5
  • 6. System layers where security may be compromised Security Engineering, Critical Systems Engineering, 2010 Slide 6
  • 7. System security management • User and permission management – Adding and removing users from the system and setting up appropriate permissions for users • Software deployment and maintenance – Installing application software and middleware and configuring these systems so that vulnerabilities are avoided. • Attack monitoring, detection and recovery – Monitoring the system for unauthorized access, design strategies for resisting attacks and develop backup and recovery strategies. Security Engineering, Critical Systems Engineering, 2010 Slide 7
  • 8. Security risk management • Risk management is concerned with assessing the possible losses that might ensue from attacks on the system and balancing these losses against the costs of security procedures that may reduce these losses. • Risk management should be driven by an organisational security policy. • Risk management involves – Preliminary risk assessment – Life cycle risk assessment – Operational risk assessment Security Engineering, Critical Systems Engineering, 2010 Slide 8
  • 9. Preliminary risk assessment Security Engineering, Critical Systems Engineering, 2010 Slide 9
  • 10. Misuse cases • Misuse cases are instances of threats to a system • Interception threats – Attacker gains access to an asset • Interruption threats – Attacker makes part of a system unavailable • Modification threats – A system asset if tampered with • Fabrication threats – False information is added to a system Security Engineering, Critical Systems Engineering, 2010 Slide 10
  • 11. Security Engineering, Critical Systems Engineering, 2010 Slide 11
  • 12. Asset analysis Asset Value Exposure The information system High. Required to support all High. Financial loss as clinics clinical consultations. Potentially may have to be canceled. Costs safety-critical. of restoring system. Possible patient harm if treatment cannot be prescribed. The patient database High. Required to support all High. Financial loss as clinics clinical consultations. Potentially may have to be canceled. Costs safety-critical. of restoring system. Possible patient harm if treatment cannot be prescribed. An individual patient record Normally low although may be Low direct losses but possible high for specific high-profile loss of reputation. patients. Security Engineering, Critical Systems Engineering, 2010 Slide 12
  • 13. Threat and control analysis Threat Probability Control Feasibility Unauthorized user Low Only allow system Low cost of gains access as system management from implementation but care manager and makes specific locations that must be taken with key system unavailable are physically secure. distribution and to ensure that keys are available in the event of an emergency. Unauthorized user High Require all users to Technically feasible but gains access as system authenticate themselves high-cost solution. user and accesses using a biometric Possible user confidential information mechanism. resistance. Log all changes to Simple and transparent patient information to to implement and also track system usage. supports recovery. Security Engineering, Critical Systems Engineering, 2010 Slide 13
  • 14. Security requirements • Patient information must be downloaded at the start of a clinic session to a secure area on the system client that is used by clinical staff. • Patient information must not be maintained on system clients after a clinic session has finished. • A log on a separate computer from the database server must be maintained of all changes made to the system database. Security Engineering, Critical Systems Engineering, 2010 Slide 14
  • 15. Life cycle risk assessment • Risk assessment while the system is being developed and after it has been deployed • More information is available - system platform, middleware and the system architecture and data organisation. • Vulnerabilities that arise from design choices may therefore be identified. Security Engineering, Critical Systems Engineering, 2010 Slide 15
  • 16. Life-cycle risk analysis Security Engineering, Critical Systems Engineering, 2010 Slide 16
  • 17. Design decisions from use of off-the-shelf system • System users are authenticated using a name/password combination. • The system architecture is client-server with clients accessing the system through a standard web browser. • Information is presented as an editable web form. Security Engineering, Critical Systems Engineering, 2010 Slide 17
  • 18. Vulnerabilities associated with technology choices Security Engineering, Critical Systems Engineering, 2010 Slide 18
  • 19. Security requirements • A password checker shall be made available and shall be run daily. Weak passwords shall be reported to system administrators. • Access to the system shall only be allowed by approved client computers. • All client computers shall have a single, approved web browser installed by system administrators. Security Engineering, Critical Systems Engineering, 2010 Slide 19
  • 20. Operational risk assessment • Environment characteristics can lead to new system risks – Risk of interruption means that logged in computers are left unattended. Security Engineering, Critical Systems Engineering, 2010 Slide 20
  • 21. Design for security • Architectural design – how do architectural design decisions affect the security of a system? • Good practice – what is accepted good practice when designing secure systems? • Design for deployment – what support should be designed into a system to avoid the introduction of vulnerabilities when a system is deployed for use? Security Engineering, Critical Systems Engineering, 2010 Slide 21
  • 22. Architectural design • Two fundamental issues have to be considered when designing an architecture for security. – Protection • How should the system be organised so that critical assets can be protected against external attack? – Distribution • How should system assets be distributed so that the effects of a successful attack are minimized? • These are potentially conflicting – If assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised. Security Engineering, Critical Systems Engineering, 2010 Slide 22
  • 23. Protection – defence in depth Security Engineering, Critical Systems Engineering, 2010 Slide 23
  • 24. Layered protection model • Platform-level protection – Top-level controls on the platform on which a system runs. • Application-level protection – Specific protection mechanisms built into the application itself e.g. additional password protection. • Record-level protection – Protection that is invoked when access to specific information is requested Security Engineering, Critical Systems Engineering, 2010 Slide 24
  • 25. A layered protection architecture Security Engineering, Critical Systems Engineering, 2010 Slide 25
  • 26. Distribute assets to reduce losses Security Engineering, Critical Systems Engineering, 2010 Slide 26
  • 27. Distributed assets • Distributing assets means that attacks on one system do not necessarily lead to complete loss of system service • Each platform has separate protection features and may be different from other platforms so that they do not share a common vulnerability • Distribution is particularly important if the risk of denial of service attacks is high Security Engineering, Critical Systems Engineering, 2010 Slide 27
  • 28. Distributed assets in an equity trading system Security Engineering, Critical Systems Engineering, 2010 Slide 28
  • 29. Key points • Security engineering is concerned with how to develop systems that can resist malicious attacks • Security threats can be threats to confidentiality, integrity or availability of a system or its data • Security risk management is concerned with assessing possible losses from attacks and deriving security requirements to minimise losses • Design for security involves architectural design, following good design practice and minimising the introduction of system vulnerabilities Security Engineering, Critical Systems Engineering, 2010 Slide 29