SlideShare a Scribd company logo

Software security engineering

Download as PPT, PDF
A
aizazhussain234

This document discusses software security engineering. It covers security concepts like assets, vulnerabilities and threats. It discusses why security engineering is important to protect systems from malicious attackers. The document outlines security risk management processes like preliminary risk assessment. It also discusses designing systems for security through architectural choices that provide protection and distributing assets. The document concludes by covering system survivability through building resistance, recognition and recovery capabilities into systems.

Software
1 of 40
Downloaded 209 times
1
2
Most read
3
4
5
Most read
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Software Security Engineering
What we will learn today • Security concepts • Security risk management • Design for security • System survivability
What is Security Engineering ? Security engineering is concerned with how to develop and maintain systems that can resist malicious attacks intended to damage a computer-based system or its data.
Why Security Engineering? • To make more dependable systems we need to secure over systems from the threats from malicious and technically skilled attackers as well as problems resulting from accidentals mistakes in the development process. • This has become a priority for businesses and individuals as more and more criminals try to exploit networked systems for illegal purposes.
Security Concepts
Security Concepts • Assets • Exposure • Vulnerability • Attack • Threats • Control
Security concerns • Confidentiality Ensuring that data is only accessible to authorized people and organizations • Integrity Ensuring that external attacks cannot damage data and programs • Availability Ensuring that external attacks do not compromise the availability of data and programs
Controls for security • Controls that intend to ensure that the attacks are unsuccessful. • Controls that are intended to detect and repel attacks. • Controls that support from recovery problems.
Application/infrastructure security • Application security is a software engineering problem where the system is designed to resist attacks. • Infrastructure security is a systems management problem where the purchased infrastructure is configured to resist attacks.
System layers where security may be compromised
System security management • User and permission management Adding and removing users from the system and setting up appropriate permissions for users • Software deployment and maintenance Installing application software and middleware and configuring these systems so that vulnerabilities are avoided. • Attack monitoring, detection and recovery Monitoring the system for unauthorized access, design strategies for resisting attacks and develop backup and recovery strategies.
Security Risk Management
Security risk management • Risk management is concerned with assessing the possible losses that might ensue from attacks on the system and balancing these losses against the costs of security procedures that may reduce these losses.
Note: Risk management is a business issue rather than a technical issue, so software engineers should not decide what controls should be included in a system. It is up to senior management to decide whether or not to accept the cost of security or to accept the exposure that results from the lack of security procedures.
Risk management involves • Preliminary risk assessment • Life cycle risk assessment • Operational risk assessment
Preliminary risk assessment • In preliminary risk assessment security requirements for the whole system, not just the software. • At this stage, decisions on the detailed system requirements, the system design or the implementation technology have not been made.
Preliminary risk assessment
Misuse cases Misuse cases are instances of threats to a system. •Interception threats Attacker gains access to an asset •Interruption threats Attacker makes part of a system unavailable •Modification threats A system asset are modified •Fabrication threats False information is added to a system
Asset analysis Asset Value Exposure The information system High. Required to support all clinical consultations. Potentially safety-critical. High. Financial loss as clinics may have to be canceled. Costs of restoring system. Possible patient harm if treatment cannot be prescribed. The patient database High. Required to support all clinical consultations. Potentially safety-critical. High. Financial loss as clinics may have to be cancelled. Costs of restoring system. Possible patient harm if treatment cannot be prescribed. An individual patient record Normally low although may be high for specific high-profile patients. Low direct losses but possible loss of reputation.
Threat and control analysis Threat Probability Control Feasibility Unauthorized user gains access as system manager and makes system unavailable Low Only allow system management from specific locations that are physically secure. Low cost of implementation but care must be taken with key distribution and to ensure that keys are available in the event of an emergency. Unauthorized user gains access as system user and accesses confidential information High Require all users to authenticate themselves using a biometric mechanism. Log all changes to patient information to track system usage. Technically feasible but high-cost solution. Possible user resistance. Simple and transparent to implement and also supports recovery.
Security requirements • Patient information must be downloaded at the start of a clinic session to a secure area on the system client that is used by clinical staff. • Patient information must not be maintained on system clients after a clinic session has finished. • A log on a separate computer from the database server must be maintained of all changes made to the system database.
Life cycle risk assessment • Risk assessment while the system is being developed and after it has been deployed • More information is available - system platform, middleware and the system architecture and data organization. • Vulnerabilities that arise from design choices may therefore be identified.
Vulnerabilities associated with technology choices
Security requirements • A password checker shall be made available and shall be run daily. Weak passwords shall be reported to system administrators. • Access to the system shall only be allowed by approved client computers. • All client computers shall have a single, approved web browser installed by system administrators.
Operational risk assessment • Environment characteristics can lead to new system risks • Risk of interruption means that logged in computers are left unattended.
Design for Security
Design for security • Architectural design how do architectural design decisions affect the security of a system? • Good practice what is accepted good practice when designing secure systems? • Design for deployment what support should be designed into a system to avoid the introduction of vulnerabilities when a system is deployed for use?
Architectural design • Two fundamental issues have to be considered when designing an architecture for security. • Protection How should the system be organized so that critical assets can be protected against external attack? • Distribution How should system assets be distributed so that the effects of a successful attack are minimized? • These are potentially conflicting If assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised.
Protection – defense in depth
Layered protection model • Platform-level protection Top-level controls on the platform on which a system runs. • Application-level protection Specific protection mechanisms built into the application itself e.g. additional password protection. • Record-level protection Protection that is invoked when access to specific information is requested
A layered protection architecture
Distribute assets to reduce losses
Distributed assets • Distributing assets means that attacks on one system do not necessarily lead to complete loss of system service • Each platform has separate protection features and may be different from other platforms so that they do not share a common vulnerability
Distributed assets in an equity trading system
Guideline for Security Design • Base security decisions on an explicit security policy • Avoid a single point of failure • Fail securely • Balance security and usability • Be aware of the possibility of social engineering • Use redundancy and diversity to reduce risk • Validate all inputs • Compartmentalize your assets • Design for deployment • Design for recoverability
System Survivability
System Survivability dependency System survivability depends upon three factors •Resistance – avoiding problems by building capabilities into the system to repel attacks. •Recognition – detecting problems by building capabilities into the system to detect attacks and failures and assess the resultant damage. •Recovery – tolerating problems by building capabilities into the system to deliver essential services whilst under attack and to recover full functionality after an attack.
System Survivability analysis Four stage process: •System Understanding •Critical services identification •Attack simulation •Survivability analysis
System Survivability analysis
Thank you !!!

More Related Content

PPT
Software process improvement.ppt
ImXaib
 
PPT
Software Engineering (Introduction to Software Engineering)
ShudipPal
 
PPTX
Secure SDLC Framework
Rishi Kant
 
PPT
Unit 7
anuragmbst
 
PPT
Domain model
Eagle Eyes
 
PDF
An Introduction to Software Architecture
RahimLotfi
 
PPTX
Information Security Risk Management
Nikhil Soni
 
PPTX
Software Architecture
Dharmalingam Ganesan
 
Software process improvement.ppt
ImXaib
 
Software Engineering (Introduction to Software Engineering)
ShudipPal
 
Secure SDLC Framework
Rishi Kant
 
Unit 7
anuragmbst
 
Domain model
Eagle Eyes
 
An Introduction to Software Architecture
RahimLotfi
 
Information Security Risk Management
Nikhil Soni
 
Software Architecture
Dharmalingam Ganesan
 

What's hot (20)

PPTX
Design of security architecture in Information Technology
trainersenthil14
 
PDF
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
PPTX
Cloud security Presentation
Ajay p
 
PPTX
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
PPTX
7 Steps to Threat Modeling
Danny Wong
 
PPTX
Penetration Testing
RomSoft SRL
 
PPTX
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
PPTX
Secure coding practices
Mohammed Danish Amber
 
PDF
Cyber Security For Organization Proposal Powerpoint Presentation Slides
SlideTeam
 
PPTX
Risk Management
Saqib Raza
 
PPTX
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
PDF
Threat Modelling
n|u - The Open Security Community
 
PPTX
Network Security: Physical security
lalithambiga kamaraj
 
PPTX
Vulnerabilities in modern web applications
Niyas Nazar
 
PPTX
Software process
Jennifer Polack
 
PPTX
04. availability-concepts
Muhammad Ahad
 
PDF
Kernel security Concepts
Mohit Saxena
 
PDF
Unit 5- Architectural Design in software engineering
arvind pandey
 
PPTX
Software engineering 23 software reliability
Vaibhav Khanna
 
PPTX
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
Design of security architecture in Information Technology
trainersenthil14
 
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Cloud security Presentation
Ajay p
 
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
7 Steps to Threat Modeling
Danny Wong
 
Penetration Testing
RomSoft SRL
 
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Secure coding practices
Mohammed Danish Amber
 
Cyber Security For Organization Proposal Powerpoint Presentation Slides
SlideTeam
 
Risk Management
Saqib Raza
 
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Threat Modelling
n|u - The Open Security Community
 
Network Security: Physical security
lalithambiga kamaraj
 
Vulnerabilities in modern web applications
Niyas Nazar
 
Software process
Jennifer Polack
 
04. availability-concepts
Muhammad Ahad
 
Kernel security Concepts
Mohit Saxena
 
Unit 5- Architectural Design in software engineering
arvind pandey
 
Software engineering 23 software reliability
Vaibhav Khanna
 
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
Ad

Viewers also liked (10)

PPTX
CS5032 L9 security engineering 1 2013
Ian Sommerville
 
PPTX
Ch13 security engineering
software-engineering-book
 
PPT
Mobile banking feasibility study among smallholder cocoa farmers in Ghana
Technical Centre for Agricultural and Rural Cooperation ACP-EU (CTA)
 
PDF
Data Encryption Standard
Amirul Wiramuda
 
PPTX
Data encryption standard
Mohammad Golyani
 
PPT
Software cost estimation
djview
 
PPT
DES
Naga Srimanyu Timmaraju
 
PPTX
Importance of Quality Assurance
Cyber Group
 
PPTX
Quality assurance
Hareesh Sasidharan
 
PPTX
QUALITY ASSURANCE
Pharmaceutical
 
CS5032 L9 security engineering 1 2013
Ian Sommerville
 
Ch13 security engineering
software-engineering-book
 
Mobile banking feasibility study among smallholder cocoa farmers in Ghana
Technical Centre for Agricultural and Rural Cooperation ACP-EU (CTA)
 
Data Encryption Standard
Amirul Wiramuda
 
Data encryption standard
Mohammad Golyani
 
Software cost estimation
djview
 
DES
Naga Srimanyu Timmaraju
 
Importance of Quality Assurance
Cyber Group
 
Quality assurance
Hareesh Sasidharan
 
QUALITY ASSURANCE
Pharmaceutical
 
Ad

Similar to Software security engineering (20)

PPTX
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
PPTX
How To Secure MIS
AaDi Malik
 
PPT
Network security, change control, outsourcing
Nicholas Davis
 
PPT
Network Security, Change Control, Outsourcing
Nicholas Davis
 
PPTX
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Knoldus Inc.
 
PDF
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
PDF
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
PDF
Design and Analyze Secure Networked Systems - 2
Don Kim
 
PPTX
002 Security Design Principles with best
AssadLeo1
 
PPTX
002 Security Design Principles and some other
AssadLeo1
 
PPTX
CISM_WK_3.pptx
dotco
 
PPTX
chap-1 : Vulnerabilities in Information Systems
KashfUlHuda1
 
PPTX
IT Security Bachelor in information technology.pptx
MahmadKasimAnsari
 
PPTX
Management Information System Presentation
AaDi Malik
 
PPTX
Security management concepts and principles
Divya Tiwari
 
PPTX
crisc_wk_5.pptx
dotco
 
PPT
IM Unit 4 Security and its a control.ppt
RAJESH S
 
PPTX
Vulnerabilities and Protections in Information Security.pptx
AssadLeo1
 
PPT
ch0001 computer systems security and principles and practices
stephen972973
 
PDF
Monotype IS Policy Supplement for Information Technology, DevOps, Production ...
nopihab937
 
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
How To Secure MIS
AaDi Malik
 
Network security, change control, outsourcing
Nicholas Davis
 
Network Security, Change Control, Outsourcing
Nicholas Davis
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Knoldus Inc.
 
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
Design and Analyze Secure Networked Systems - 2
Don Kim
 
002 Security Design Principles with best
AssadLeo1
 
002 Security Design Principles and some other
AssadLeo1
 
CISM_WK_3.pptx
dotco
 
chap-1 : Vulnerabilities in Information Systems
KashfUlHuda1
 
IT Security Bachelor in information technology.pptx
MahmadKasimAnsari
 
Management Information System Presentation
AaDi Malik
 
Security management concepts and principles
Divya Tiwari
 
crisc_wk_5.pptx
dotco
 
IM Unit 4 Security and its a control.ppt
RAJESH S
 
Vulnerabilities and Protections in Information Security.pptx
AssadLeo1
 
ch0001 computer systems security and principles and practices
stephen972973
 
Monotype IS Policy Supplement for Information Technology, DevOps, Production ...
nopihab937
 

Recently uploaded (20)

PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PPTX
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
System and Network Administraation Chapter 3
jaramharo
 
System and Network Administration Chapter 2
jaramharo
 
Introduction Database Management System for Course Database
ReinertYosua
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 

Software security engineering

  • 2. What we will learn today • Security concepts • Security risk management • Design for security • System survivability
  • 3. What is Security Engineering ? Security engineering is concerned with how to develop and maintain systems that can resist malicious attacks intended to damage a computer-based system or its data.
  • 4. Why Security Engineering? • To make more dependable systems we need to secure over systems from the threats from malicious and technically skilled attackers as well as problems resulting from accidentals mistakes in the development process. • This has become a priority for businesses and individuals as more and more criminals try to exploit networked systems for illegal purposes.
  • 6. Security Concepts • Assets • Exposure • Vulnerability • Attack • Threats • Control
  • 7. Security concerns • Confidentiality Ensuring that data is only accessible to authorized people and organizations • Integrity Ensuring that external attacks cannot damage data and programs • Availability Ensuring that external attacks do not compromise the availability of data and programs
  • 8. Controls for security • Controls that intend to ensure that the attacks are unsuccessful. • Controls that are intended to detect and repel attacks. • Controls that support from recovery problems.
  • 9. Application/infrastructure security • Application security is a software engineering problem where the system is designed to resist attacks. • Infrastructure security is a systems management problem where the purchased infrastructure is configured to resist attacks.
  • 10. System layers where security may be compromised
  • 11. System security management • User and permission management Adding and removing users from the system and setting up appropriate permissions for users • Software deployment and maintenance Installing application software and middleware and configuring these systems so that vulnerabilities are avoided. • Attack monitoring, detection and recovery Monitoring the system for unauthorized access, design strategies for resisting attacks and develop backup and recovery strategies.
  • 13. Security risk management • Risk management is concerned with assessing the possible losses that might ensue from attacks on the system and balancing these losses against the costs of security procedures that may reduce these losses.
  • 14. Note: Risk management is a business issue rather than a technical issue, so software engineers should not decide what controls should be included in a system. It is up to senior management to decide whether or not to accept the cost of security or to accept the exposure that results from the lack of security procedures.
  • 15. Risk management involves • Preliminary risk assessment • Life cycle risk assessment • Operational risk assessment
  • 16. Preliminary risk assessment • In preliminary risk assessment security requirements for the whole system, not just the software. • At this stage, decisions on the detailed system requirements, the system design or the implementation technology have not been made.
  • 18. Misuse cases Misuse cases are instances of threats to a system. •Interception threats Attacker gains access to an asset •Interruption threats Attacker makes part of a system unavailable •Modification threats A system asset are modified •Fabrication threats False information is added to a system
  • 19. Asset analysis Asset Value Exposure The information system High. Required to support all clinical consultations. Potentially safety-critical. High. Financial loss as clinics may have to be canceled. Costs of restoring system. Possible patient harm if treatment cannot be prescribed. The patient database High. Required to support all clinical consultations. Potentially safety-critical. High. Financial loss as clinics may have to be cancelled. Costs of restoring system. Possible patient harm if treatment cannot be prescribed. An individual patient record Normally low although may be high for specific high-profile patients. Low direct losses but possible loss of reputation.
  • 20. Threat and control analysis Threat Probability Control Feasibility Unauthorized user gains access as system manager and makes system unavailable Low Only allow system management from specific locations that are physically secure. Low cost of implementation but care must be taken with key distribution and to ensure that keys are available in the event of an emergency. Unauthorized user gains access as system user and accesses confidential information High Require all users to authenticate themselves using a biometric mechanism. Log all changes to patient information to track system usage. Technically feasible but high-cost solution. Possible user resistance. Simple and transparent to implement and also supports recovery.
  • 21. Security requirements • Patient information must be downloaded at the start of a clinic session to a secure area on the system client that is used by clinical staff. • Patient information must not be maintained on system clients after a clinic session has finished. • A log on a separate computer from the database server must be maintained of all changes made to the system database.
  • 22. Life cycle risk assessment • Risk assessment while the system is being developed and after it has been deployed • More information is available - system platform, middleware and the system architecture and data organization. • Vulnerabilities that arise from design choices may therefore be identified.
  • 24. Security requirements • A password checker shall be made available and shall be run daily. Weak passwords shall be reported to system administrators. • Access to the system shall only be allowed by approved client computers. • All client computers shall have a single, approved web browser installed by system administrators.
  • 25. Operational risk assessment • Environment characteristics can lead to new system risks • Risk of interruption means that logged in computers are left unattended.
  • 27. Design for security • Architectural design how do architectural design decisions affect the security of a system? • Good practice what is accepted good practice when designing secure systems? • Design for deployment what support should be designed into a system to avoid the introduction of vulnerabilities when a system is deployed for use?
  • 28. Architectural design • Two fundamental issues have to be considered when designing an architecture for security. • Protection How should the system be organized so that critical assets can be protected against external attack? • Distribution How should system assets be distributed so that the effects of a successful attack are minimized? • These are potentially conflicting If assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised.
  • 30. Layered protection model • Platform-level protection Top-level controls on the platform on which a system runs. • Application-level protection Specific protection mechanisms built into the application itself e.g. additional password protection. • Record-level protection Protection that is invoked when access to specific information is requested
  • 32. Distribute assets to reduce losses
  • 33. Distributed assets • Distributing assets means that attacks on one system do not necessarily lead to complete loss of system service • Each platform has separate protection features and may be different from other platforms so that they do not share a common vulnerability
  • 34. Distributed assets in an equity trading system
  • 35. Guideline for Security Design • Base security decisions on an explicit security policy • Avoid a single point of failure • Fail securely • Balance security and usability • Be aware of the possibility of social engineering • Use redundancy and diversity to reduce risk • Validate all inputs • Compartmentalize your assets • Design for deployment • Design for recoverability
  • 37. System Survivability dependency System survivability depends upon three factors •Resistance – avoiding problems by building capabilities into the system to repel attacks. •Recognition – detecting problems by building capabilities into the system to detect attacks and failures and assess the resultant damage. •Recovery – tolerating problems by building capabilities into the system to deliver essential services whilst under attack and to recover full functionality after an attack.
  • 38. System Survivability analysis Four stage process: •System Understanding •Critical services identification •Attack simulation •Survivability analysis