SlideShare a Scribd company logo

Security Engineering 2 (CS 5032 2012)

Download as PPTX, PDF
Ian Sommerville
Ian Sommerville
TechnologyBusiness
1 of 24
Security Engineering Lecture 2 Security Engineering, Critical Systems Engineering, 2010 Slide 1
Topics covered • Design guidelines for security – Guidelines that help you design a secure system • Design for deployment – Design so that deployment problems that may introduce vulnerabilities are minimized • System survivability – Allow the system to deliver essential services when under attack Security Engineering, Critical Systems Engineering, 2010 Slide 2
Design guidelines for security engineering • Design guidelines encapsulate good practice in secure systems design. They help the designer make design decisions. • Design guidelines: – Raise awareness of security issues in a software engineering team. Security is considered when design decisions are made. – Can be used as the basis of a review checklist that is applied during the system validation process. Security Engineering, Critical Systems Engineering, 2010 Slide 3
Design guidelines for secure systems engineering Security guidelines Base security decisions on an explicit security policy Avoid a single point of failure Fail securely Balance security and usability Log user actions Use redundancy and diversity to reduce risk Validate all inputs Compartmentalize your assets Design for deployment Design for recoverability Security Engineering, Critical Systems Engineering, 2010 Slide 4
Design guidelines 1-3 • Base decisions on an explicit security policy – Define a security policy for the organization that sets out the fundamental security requirements that should apply to all organizational systems. • Avoid a single point of failure – Ensure that a security failure can only result when there is more than one failure in security procedures. For example, have password and question-based authentication. • Fail securely – When systems fail, for whatever reason, ensure that sensitive information cannot be accessed by unauthorized users even although normal security procedures are unavailable. Security Engineering, Critical Systems Engineering, 2010 Slide 5
Design guidelines 4-6 • Balance security and usability – Try to avoid security procedures that make the system difficult to use. Sometimes you have to accept weaker security to make the system more usable. • Log user actions – Maintain a log of user actions that can be analyzed to discover who did what. If users know about such a log, they are less likely to behave in an irresponsible way. • Use redundancy and diversity to reduce risk – Keep multiple copies of data and use diverse infrastructure so that an infrastructure vulnerability cannot be the single point of failure. Security Engineering, Critical Systems Engineering, 2010 Slide 6
Design guidelines 7-10 • Validate all inputs – Check that all inputs are within range so that unexpected inputs cannot cause problems. • Compartmentalize your assets – Organize the system so that assets are in separate areas and users only have access to the information that they need rather than all system information. • Design for deployment – Design the system to avoid deployment problems • Design for recoverability – Design the system to simplify recoverability after a successful attack. Security Engineering, Critical Systems Engineering, 2010 Slide 7
Software deployment Security Engineering, Critical Systems Engineering, 2010 Slide 8
Design for deployment • Deployment involves configuring software to operate in its working environment, installing the system and configuring it for the operational platform. • Vulnerabilities may be introduced at this stage as a result of configuration mistakes. • Designing deployment support into the system can reduce the probability that vulnerabilities will be introduced. Security Engineering, Critical Systems Engineering, 2010 Slide 9
Configuration vulnerabilities • Vulnerable default settings – Attackers can find out the default settings for software. If these are weak (often to increase usability) then they can be exploited by users when attacking a system. • Development rather than deployment – Some configuration settings in systems are designed to support development and debugging. If these are not turned off, they can be a vulnerability that can be exploited by attackers. • Access permissions – Access permissions to system assets may be set incorrectly Security Engineering, Critical Systems Engineering, 2010 Slide 10
Deployment support 1 • Include support for viewing and analyzing configurations • Make sure that a system administrator responsible for deployment can easily view the entire configuration. This makes it easier to spot omissions and errors that have been made. Security Engineering, Critical Systems Engineering, 2010 Slide 11
Deployment support 2 • Localize configuration settings – When setting up a system, all information that is relevant to the same part or component of a system should be localized so that it is all set up at once. – Otherwise, it is easy to forget to set up related security features. • Minimize default privileges and thus limit the damage that might be caused – Design the system so that the default privileges for an administrator are minimized. This means that if someone gains admin access, they do not have immediate access to the features of the system. Security Engineering, Critical Systems Engineering, 2010 Slide 12
Deployment support 3 • Provide easy ways to fix security vulnerabilities – When problems are detected, provide easy ways, such as auto- updating, to repair security vulnerabilities in the deployed systems. Security Engineering, Critical Systems Engineering, 2010 Slide 13
System resilience • Resilience (or survivability) is an emergent system property that reflects the systems ability to deliver essential services whilst it is under attack or after part of the system has been damaged • Resilience analysis and design should be part of the security engineering Security Engineering, Critical Systems Engineering, 2010 process Slide 14
Importance of resilience • Our economic and social lives are dependent on computer systems – Critical infrastructure – electricity, gas, telecommunications, transport – Healthcare – Government • Loss of business systems for even a short time can have very severe economic effects – Airline reservation systems – E-commerce systems – Payment systems Security Engineering, Critical Systems Engineering, 2010 Slide 15
Service availability • Which system services are the most critical for a business? • How might these services be compromised? • What is the minimal quality of service that must be maintained? • How can these services be protected? • If a service becomes unavailable, how quickly can it be recovered? Security Engineering, Critical Systems Engineering, 2010 Slide 16
Resilience strategies • Resistance – Avoiding problems by building capabilities into the system to resist attacks • Recognition – Detecting problems by building capabilities into the system to detect attacks and failures and assess the resultant damage • Recovery – Tolerating problems by building capabilities into the system to deliver services whilst under attack Security Engineering, Critical Systems Engineering, 2010 Slide 17
Stages in resilience analysis Security Engineering, Critical Systems Engineering, 2010 Slide 18
Key activities • System understanding – Review golas, requirements and architecture • Critical service identification – Identify services that must be maintained • Attack simulation – Devise attack scenarios and identify components affected • Resilience analysis – Identify resilience strategies to be applied Security Engineering, Critical Systems Engineering, 2010 Slide 19
Trading system resilience • User accounts and equity prices replicated across servers so some provision for resilience made • Key capability to be maintained is the ability to place orders for stock • Orders must be accurate and reflect the actual sales/purchases made by a trader Security Engineering, Critical Systems Engineering, 2010 Slide 20
Resilient ordering service • The critical service that must survive is the ability for authorized users to place orders for stock • This requires 3 components of the system to be available and operating reliability: – User authentication, allowing authorized users to log on to the system – Price quotation, allowing buying and selling prices to be quoted – Order placement, allowing buy and sell orders to be made Security Engineering, Critical Systems Engineering, 2010 Slide 21
Possible attacks • Malicious user masquerades as a legitimate user and places malicious orders for stock, with the aim of causing problems for the legitimate user • An unauthorized user corrupts the database of transactions thus making reconciliation of sales and purchases impossible Security Engineering, Critical Systems Engineering, 2010 Slide 22
Resilience analysis in an equity trading system Attack Resistance Recognition Recovery Unauthorized user places Require a dealing Send copy of order by e- Provide mechanism to malicious orders password that is different mail to authorized user automatically ‘undo’ from the login password with contact phone trades and restore user to place orders. number (so that they can accounts. detect malicious orders). Refund users for losses Maintain user’s order that are due to malicious history and check for trading. unusual trading patterns. Insure against consequential losses. Corruption of transactions Require privileged users Maintain read-only copies Recover database from database to be authorized using a of transactions for an backup copies. stronger authentication office on an international Provide a mechanism to mechanism, such as server. Periodically replay trades from a digital certificates. compare transactions to specified time to re-create check for corruption. the transactions Maintain cryptographic database. checksum with all transaction records to detect corruption. Security Engineering, Critical Systems Engineering, 2010 Slide 23
Key points • General security guidelines sensitize designers to security issues and serve as review checklists • Configuration visualization, setting localization, and minimization of default privileges help reduce deployment errors • System survivability reflects the ability of a system to deliver services whilst under attack or after part of the system has been damaged. Security Engineering, Critical Systems Engineering, 2010 Slide 24

Recommended

CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
aizazhussain234
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
Security engineering
Security engineeringSecurity engineering
Security engineering
OWASP Indonesia Chapter
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 

Recommended

CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
aizazhussain234
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
Security engineering
Security engineeringSecurity engineering
Security engineering
OWASP Indonesia Chapter
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
software-engineering-book
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013Ian Sommerville
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9Ian Sommerville
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013Ian Sommerville
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 
Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Ian Sommerville
 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013Ian Sommerville
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
Ch12 safety engineering
Ch12 safety engineeringCh12 safety engineering
Ch12 safety engineering
software-engineering-book
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013Ian Sommerville
 
A Secure Software Engineering Perspective
A Secure Software Engineering PerspectiveA Secure Software Engineering Perspective
A Secure Software Engineering Perspective
idescitation
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
MEN Mikro Elektronik GmbH
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
John M. Kennedy
 
Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)
Ian Sommerville
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9Ian Sommerville
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Muhammad Asim
 
Ch14 resilience engineering
Ch14 resilience engineeringCh14 resilience engineering
Ch14 resilience engineering
software-engineering-book
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Dawn.schaible
Dawn.schaibleDawn.schaible
Dawn.schaibleNASAPMC
 
Arun_Rai_Resume
Arun_Rai_ResumeArun_Rai_Resume
Arun_Rai_ResumeArun Rai
 

More Related Content

What's hot

Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
software-engineering-book
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013Ian Sommerville
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9Ian Sommerville
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013Ian Sommerville
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 
Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Ian Sommerville
 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013Ian Sommerville
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
Ch12 safety engineering
Ch12 safety engineeringCh12 safety engineering
Ch12 safety engineering
software-engineering-book
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013Ian Sommerville
 
A Secure Software Engineering Perspective
A Secure Software Engineering PerspectiveA Secure Software Engineering Perspective
A Secure Software Engineering Perspective
idescitation
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
MEN Mikro Elektronik GmbH
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
John M. Kennedy
 
Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)
Ian Sommerville
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9Ian Sommerville
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Muhammad Asim
 
Ch14 resilience engineering
Ch14 resilience engineeringCh14 resilience engineering
Ch14 resilience engineering
software-engineering-book
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 

What's hot (20)

Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013
 
Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)
 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 
Ch12 safety engineering
Ch12 safety engineeringCh12 safety engineering
Ch12 safety engineering
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013
 
A Secure Software Engineering Perspective
A Secure Software Engineering PerspectiveA Secure Software Engineering Perspective
A Secure Software Engineering Perspective
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Ch14 resilience engineering
Ch14 resilience engineeringCh14 resilience engineering
Ch14 resilience engineering
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 

Similar to Security Engineering 2 (CS 5032 2012)

Dawn.schaible
Dawn.schaibleDawn.schaible
Dawn.schaibleNASAPMC
 
Arun_Rai_Resume
Arun_Rai_ResumeArun_Rai_Resume
Arun_Rai_ResumeArun Rai
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
Alert Logic
 
Ikuti Public Training AS/400 System Administration & Control (27-31 Augustus ...
Ikuti Public Training AS/400 System Administration & Control (27-31 Augustus ...Ikuti Public Training AS/400 System Administration & Control (27-31 Augustus ...
Ikuti Public Training AS/400 System Administration & Control (27-31 Augustus ...
Hany Paulina
 
Security testing (CS 5032 2012)
Security testing (CS 5032 2012)Security testing (CS 5032 2012)
Security testing (CS 5032 2012)Ian Sommerville
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
Piyush Jain
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
Ikuti Public Training AS/400 System Administration & Control (12-16 Maret 2018)
Ikuti Public Training AS/400 System Administration & Control (12-16 Maret 2018)Ikuti Public Training AS/400 System Administration & Control (12-16 Maret 2018)
Ikuti Public Training AS/400 System Administration & Control (12-16 Maret 2018)
Hany Paulina
 
Ingin Belajar System AS/400, Security, Back Up Recovery & Problem Determintat...
Ingin Belajar System AS/400, Security, Back Up Recovery & Problem Determintat...Ingin Belajar System AS/400, Security, Back Up Recovery & Problem Determintat...
Ingin Belajar System AS/400, Security, Back Up Recovery & Problem Determintat...
Hany Paulina
 
Ikuti Public Training AS/400 System Administration & Control (29 Januari - 02...
Ikuti Public Training AS/400 System Administration & Control (29 Januari - 02...Ikuti Public Training AS/400 System Administration & Control (29 Januari - 02...
Ikuti Public Training AS/400 System Administration & Control (29 Januari - 02...
Hany Paulina
 
Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7
Don Kim
 
Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2
Don Kim
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Bob Rhubart
 
Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Ian Sommerville
 
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
Yusuf Hadiwinata Sutandar
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous Delivery
Tom Stiehm
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-Ansible
Major Hayden
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
Hamed Moghaddam
 
Fundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptxFundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptx
KelvinDube4
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaMicrosoft Singapore
 

Similar to Security Engineering 2 (CS 5032 2012) (20)

Dawn.schaible
Dawn.schaibleDawn.schaible
Dawn.schaible
 
Arun_Rai_Resume
Arun_Rai_ResumeArun_Rai_Resume
Arun_Rai_Resume
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
 
Ikuti Public Training AS/400 System Administration & Control (27-31 Augustus ...
Ikuti Public Training AS/400 System Administration & Control (27-31 Augustus ...Ikuti Public Training AS/400 System Administration & Control (27-31 Augustus ...
Ikuti Public Training AS/400 System Administration & Control (27-31 Augustus ...
 
Security testing (CS 5032 2012)
Security testing (CS 5032 2012)Security testing (CS 5032 2012)
Security testing (CS 5032 2012)
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
Ikuti Public Training AS/400 System Administration & Control (12-16 Maret 2018)
Ikuti Public Training AS/400 System Administration & Control (12-16 Maret 2018)Ikuti Public Training AS/400 System Administration & Control (12-16 Maret 2018)
Ikuti Public Training AS/400 System Administration & Control (12-16 Maret 2018)
 
Ingin Belajar System AS/400, Security, Back Up Recovery & Problem Determintat...
Ingin Belajar System AS/400, Security, Back Up Recovery & Problem Determintat...Ingin Belajar System AS/400, Security, Back Up Recovery & Problem Determintat...
Ingin Belajar System AS/400, Security, Back Up Recovery & Problem Determintat...
 
Ikuti Public Training AS/400 System Administration & Control (29 Januari - 02...
Ikuti Public Training AS/400 System Administration & Control (29 Januari - 02...Ikuti Public Training AS/400 System Administration & Control (29 Januari - 02...
Ikuti Public Training AS/400 System Administration & Control (29 Januari - 02...
 
Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7Design and Analyze Secure Networked Systems - 7
Design and Analyze Secure Networked Systems - 7
 
Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 
Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)
 
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous Delivery
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-Ansible
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Fundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptxFundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptx
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
 

More from Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
Ian Sommerville
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
Ian Sommerville
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
Ian Sommerville
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
Ian Sommerville
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
Ian Sommerville
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
Ian Sommerville
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
Ian Sommerville
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
Ian Sommerville
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
Ian Sommerville
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
Ian Sommerville
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
Ian Sommerville
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013Ian Sommerville
 

More from Ian Sommerville (17)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013
 

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 

Security Engineering 2 (CS 5032 2012)

  • 1. Security Engineering Lecture 2 Security Engineering, Critical Systems Engineering, 2010 Slide 1
  • 2. Topics covered • Design guidelines for security – Guidelines that help you design a secure system • Design for deployment – Design so that deployment problems that may introduce vulnerabilities are minimized • System survivability – Allow the system to deliver essential services when under attack Security Engineering, Critical Systems Engineering, 2010 Slide 2
  • 3. Design guidelines for security engineering • Design guidelines encapsulate good practice in secure systems design. They help the designer make design decisions. • Design guidelines: – Raise awareness of security issues in a software engineering team. Security is considered when design decisions are made. – Can be used as the basis of a review checklist that is applied during the system validation process. Security Engineering, Critical Systems Engineering, 2010 Slide 3
  • 4. Design guidelines for secure systems engineering Security guidelines Base security decisions on an explicit security policy Avoid a single point of failure Fail securely Balance security and usability Log user actions Use redundancy and diversity to reduce risk Validate all inputs Compartmentalize your assets Design for deployment Design for recoverability Security Engineering, Critical Systems Engineering, 2010 Slide 4
  • 5. Design guidelines 1-3 • Base decisions on an explicit security policy – Define a security policy for the organization that sets out the fundamental security requirements that should apply to all organizational systems. • Avoid a single point of failure – Ensure that a security failure can only result when there is more than one failure in security procedures. For example, have password and question-based authentication. • Fail securely – When systems fail, for whatever reason, ensure that sensitive information cannot be accessed by unauthorized users even although normal security procedures are unavailable. Security Engineering, Critical Systems Engineering, 2010 Slide 5
  • 6. Design guidelines 4-6 • Balance security and usability – Try to avoid security procedures that make the system difficult to use. Sometimes you have to accept weaker security to make the system more usable. • Log user actions – Maintain a log of user actions that can be analyzed to discover who did what. If users know about such a log, they are less likely to behave in an irresponsible way. • Use redundancy and diversity to reduce risk – Keep multiple copies of data and use diverse infrastructure so that an infrastructure vulnerability cannot be the single point of failure. Security Engineering, Critical Systems Engineering, 2010 Slide 6
  • 7. Design guidelines 7-10 • Validate all inputs – Check that all inputs are within range so that unexpected inputs cannot cause problems. • Compartmentalize your assets – Organize the system so that assets are in separate areas and users only have access to the information that they need rather than all system information. • Design for deployment – Design the system to avoid deployment problems • Design for recoverability – Design the system to simplify recoverability after a successful attack. Security Engineering, Critical Systems Engineering, 2010 Slide 7
  • 8. Software deployment Security Engineering, Critical Systems Engineering, 2010 Slide 8
  • 9. Design for deployment • Deployment involves configuring software to operate in its working environment, installing the system and configuring it for the operational platform. • Vulnerabilities may be introduced at this stage as a result of configuration mistakes. • Designing deployment support into the system can reduce the probability that vulnerabilities will be introduced. Security Engineering, Critical Systems Engineering, 2010 Slide 9
  • 10. Configuration vulnerabilities • Vulnerable default settings – Attackers can find out the default settings for software. If these are weak (often to increase usability) then they can be exploited by users when attacking a system. • Development rather than deployment – Some configuration settings in systems are designed to support development and debugging. If these are not turned off, they can be a vulnerability that can be exploited by attackers. • Access permissions – Access permissions to system assets may be set incorrectly Security Engineering, Critical Systems Engineering, 2010 Slide 10
  • 11. Deployment support 1 • Include support for viewing and analyzing configurations • Make sure that a system administrator responsible for deployment can easily view the entire configuration. This makes it easier to spot omissions and errors that have been made. Security Engineering, Critical Systems Engineering, 2010 Slide 11
  • 12. Deployment support 2 • Localize configuration settings – When setting up a system, all information that is relevant to the same part or component of a system should be localized so that it is all set up at once. – Otherwise, it is easy to forget to set up related security features. • Minimize default privileges and thus limit the damage that might be caused – Design the system so that the default privileges for an administrator are minimized. This means that if someone gains admin access, they do not have immediate access to the features of the system. Security Engineering, Critical Systems Engineering, 2010 Slide 12
  • 13. Deployment support 3 • Provide easy ways to fix security vulnerabilities – When problems are detected, provide easy ways, such as auto- updating, to repair security vulnerabilities in the deployed systems. Security Engineering, Critical Systems Engineering, 2010 Slide 13
  • 14. System resilience • Resilience (or survivability) is an emergent system property that reflects the systems ability to deliver essential services whilst it is under attack or after part of the system has been damaged • Resilience analysis and design should be part of the security engineering Security Engineering, Critical Systems Engineering, 2010 process Slide 14
  • 15. Importance of resilience • Our economic and social lives are dependent on computer systems – Critical infrastructure – electricity, gas, telecommunications, transport – Healthcare – Government • Loss of business systems for even a short time can have very severe economic effects – Airline reservation systems – E-commerce systems – Payment systems Security Engineering, Critical Systems Engineering, 2010 Slide 15
  • 16. Service availability • Which system services are the most critical for a business? • How might these services be compromised? • What is the minimal quality of service that must be maintained? • How can these services be protected? • If a service becomes unavailable, how quickly can it be recovered? Security Engineering, Critical Systems Engineering, 2010 Slide 16
  • 17. Resilience strategies • Resistance – Avoiding problems by building capabilities into the system to resist attacks • Recognition – Detecting problems by building capabilities into the system to detect attacks and failures and assess the resultant damage • Recovery – Tolerating problems by building capabilities into the system to deliver services whilst under attack Security Engineering, Critical Systems Engineering, 2010 Slide 17
  • 18. Stages in resilience analysis Security Engineering, Critical Systems Engineering, 2010 Slide 18
  • 19. Key activities • System understanding – Review golas, requirements and architecture • Critical service identification – Identify services that must be maintained • Attack simulation – Devise attack scenarios and identify components affected • Resilience analysis – Identify resilience strategies to be applied Security Engineering, Critical Systems Engineering, 2010 Slide 19
  • 20. Trading system resilience • User accounts and equity prices replicated across servers so some provision for resilience made • Key capability to be maintained is the ability to place orders for stock • Orders must be accurate and reflect the actual sales/purchases made by a trader Security Engineering, Critical Systems Engineering, 2010 Slide 20
  • 21. Resilient ordering service • The critical service that must survive is the ability for authorized users to place orders for stock • This requires 3 components of the system to be available and operating reliability: – User authentication, allowing authorized users to log on to the system – Price quotation, allowing buying and selling prices to be quoted – Order placement, allowing buy and sell orders to be made Security Engineering, Critical Systems Engineering, 2010 Slide 21
  • 22. Possible attacks • Malicious user masquerades as a legitimate user and places malicious orders for stock, with the aim of causing problems for the legitimate user • An unauthorized user corrupts the database of transactions thus making reconciliation of sales and purchases impossible Security Engineering, Critical Systems Engineering, 2010 Slide 22
  • 23. Resilience analysis in an equity trading system Attack Resistance Recognition Recovery Unauthorized user places Require a dealing Send copy of order by e- Provide mechanism to malicious orders password that is different mail to authorized user automatically ‘undo’ from the login password with contact phone trades and restore user to place orders. number (so that they can accounts. detect malicious orders). Refund users for losses Maintain user’s order that are due to malicious history and check for trading. unusual trading patterns. Insure against consequential losses. Corruption of transactions Require privileged users Maintain read-only copies Recover database from database to be authorized using a of transactions for an backup copies. stronger authentication office on an international Provide a mechanism to mechanism, such as server. Periodically replay trades from a digital certificates. compare transactions to specified time to re-create check for corruption. the transactions Maintain cryptographic database. checksum with all transaction records to detect corruption. Security Engineering, Critical Systems Engineering, 2010 Slide 23
  • 24. Key points • General security guidelines sensitize designers to security issues and serve as review checklists • Configuration visualization, setting localization, and minimization of default privileges help reduce deployment errors • System survivability reflects the ability of a system to deliver services whilst under attack or after part of the system has been damaged. Security Engineering, Critical Systems Engineering, 2010 Slide 24