SlideShare a Scribd company logo

Ch14

Download as PPTX, PDF
Keith Jasper Mier
Keith Jasper Mier

This document provides an overview of topics covered in Chapter 14 on Security Engineering. It discusses security engineering and how it is concerned with applying security to applications, as well as security risk assessment and designing systems based on risk assessments. The document outlines the importance of security management, as well as risk management approaches like preliminary risk assessment, life cycle risk assessment, and operational risk assessment. It also discusses designing systems for security through approaches like incorporating security into architectural design, following best practices, and minimizing vulnerabilities introduced during deployment. Finally, the document discusses system survivability and delivering essential services even when under attack.

Engineering
1 of 48
Chapter 14 – Security Engineering Lecture 1 Chapter 14 Security Engineering 1
Topics covered  Security engineering and security management  Security engineering concerned with applications; security management with infrastructure.  Security risk assessment  Designing a system based on the assessment of security risks.  Design for security  How system architectures have to be designed for security. Chapter 14 Security Engineering 2
Security engineering  Tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer-based system or its data.  A sub-field of the broader field of computer security.  Assumes background knowledge of dependability and security concepts (Chapter 10) and security requirements specification (Chapter 12) Chapter 14 Security Engineering 3
Application/infrastructure security  Application security is a software engineering problem where the system is designed to resist attacks.  Infrastructure security is a systems management problem where the infrastructure is configured to resist attacks.  The focus of this chapter is application security. Chapter 14 Security Engineering 4
System layers where security may be compromised Chapter 14 Security Engineering 5
System security management  User and permission management  Adding and removing users from the system and setting up appropriate permissions for users  Software deployment and maintenance  Installing application software and middleware and configuring these systems so that vulnerabilities are avoided.  Attack monitoring, detection and recovery  Monitoring the system for unauthorized access, design strategies for resisting attacks and develop backup and recovery strategies. Chapter 14 Security Engineering 6
Security risk management  Risk management is concerned with assessing the possible losses that might ensue from attacks on the system and balancing these losses against the costs of security procedures that may reduce these losses.  Risk management should be driven by an organisational security policy.  Risk management involves  Preliminary risk assessment  Life cycle risk assessment  Operational risk assessment Chapter 14 Security Engineering 7
Preliminary risk assessment Chapter 14 Security Engineering 8
Misuse cases  Misuse cases are instances of threats to a system  Interception threats  Attacker gains access to an asset  Interruption threats  Attacker makes part of a system unavailable  Modification threats  A system asset if tampered with  Fabrication threats  False information is added to a system Chapter 14 Security Engineering 9
Asset analysis Chapter 14 Security Engineering 10 Asset Value Exposure The information system High. Required to support all clinical consultations. Potentially safety-critical. High. Financial loss as clinics may have to be canceled. Costs of restoring system. Possible patient harm if treatment cannot be prescribed. The patient database High. Required to support all clinical consultations. Potentially safety-critical. High. Financial loss as clinics may have to be canceled. Costs of restoring system. Possible patient harm if treatment cannot be prescribed. An individual patient record Normally low although may be high for specific high-profile patients. Low direct losses but possible loss of reputation.
Threat and control analysis Chapter 14 Security Engineering 11 Threat Probability Control Feasibility Unauthorized user gains access as system manager and makes system unavailable Low Only allow system management from specific locations that are physically secure. Low cost of implementation but care must be taken with key distribution and to ensure that keys are available in the event of an emergency. Unauthorized user gains access as system user and accesses confidential information High Require all users to authenticate themselves using a biometric mechanism. Log all changes to patient information to track system usage. Technically feasible but high-cost solution. Possible user resistance. Simple and transparent to implement and also supports recovery.
Security requirements  Patient information must be downloaded at the start of a clinic session to a secure area on the system client that is used by clinical staff.  Patient information must not be maintained on system clients after a clinic session has finished.  A log on a separate computer from the database server must be maintained of all changes made to the system database. Chapter 14 Security Engineering 12
Life cycle risk assessment  Risk assessment while the system is being developed and after it has been deployed  More information is available - system platform, middleware and the system architecture and data organisation.  Vulnerabilities that arise from design choices may therefore be identified. Chapter 14 Security Engineering 13
Life-cycle risk analysis Chapter 14 Security Engineering 14
Design decisions from use of COTS  System users authenticated using a name/password combination.  The system architecture is client-server with clients accessing the system through a standard web browser.  Information is presented as an editable web form. Chapter 14 Security Engineering 15
Vulnerabilities associated with technology choices Chapter 14 Security Engineering 16
Security requirements  A password checker shall be made available and shall be run daily. Weak passwords shall be reported to system administrators.  Access to the system shall only be allowed by approved client computers.  All client computers shall have a single, approved web browser installed by system administrators. Chapter 14 Security Engineering 17
Operational risk assessment  Continuation of life cycle risk assessment but with additional information about the environment where the system is used.  Environment characteristics can lead to new system risks  Risk of interruption means that logged in computers are left unattended. Chapter 14 Security Engineering 18
Design for security  Architectural design  how do architectural design decisions affect the security of a system?  Good practice  what is accepted good practice when designing secure systems?  Design for deployment  what support should be designed into a system to avoid the introduction of vulnerabilities when a system is deployed for use? Chapter 14 Security Engineering 19
Architectural design  Two fundamental issues have to be considered when designing an architecture for security.  Protection • How should the system be organised so that critical assets can be protected against external attack?  Distribution • How should system assets be distributed so that the effects of a successful attack are minimized?  These are potentially conflicting  If assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised. Chapter 14 Security Engineering 20
Protection  Platform-level protection  Top-level controls on the platform on which a system runs.  Application-level protection  Specific protection mechanisms built into the application itself e.g. additional password protection.  Record-level protection  Protection that is invoked when access to specific information is requested  These lead to a layered protection architecture Chapter 14 Security Engineering 21
A layered protection architecture Chapter 14 Security Engineering 22
Distribution  Distributing assets means that attacks on one system do not necessarily lead to complete loss of system service  Each platform has separate protection features and may be different from other platforms so that they do not share a common vulnerability  Distribution is particularly important if the risk of denial of service attacks is high Chapter 14 Security Engineering 23
Distributed assets in an equity trading system Chapter 14 Security Engineering 24
Key points  Security engineering is concerned with how to develop systems that can resist malicious attacks  Security threats can be threats to confidentiality, integrity or availability of a system or its data  Security risk management is concerned with assessing possible losses from attacks and deriving security requirements to minimise losses  Design for security involves architectural design, following good design practice and minimising the introduction of system vulnerabilities Chapter 14 Security Engineering 25
Chapter 14 – Security Engineering Lecture 2 Chapter 14 Security Engineering 26
Topics covered  Design guidelines for security  Guidelines that help you design a secure system  Design for deployment  Design so that deployment problems that may introduce vulnerabilities are minimized  System survivability  Allow the system to deliver essential services when under attack Chapter 14 Security Engineering 27
Design guidelines for security engineering  Design guidelines encapsulate good practice in secure systems design  Design guidelines serve two purposes:  They raise awareness of security issues in a software engineering team. Security is considered when design decisions are made.  They can be used as the basis of a review checklist that is applied during the system validation process.  Design guidelines here are applicable during software specification and design Chapter 14 Security Engineering 28
Design guidelines for secure systems engineering Security guidelines Base security decisions on an explicit security policy Avoid a single point of failure Fail securely Balance security and usability Log user actions Use redundancy and diversity to reduce risk Validate all inputs Compartmentalize your assets Design for deployment Design for recoverability Chapter 14 Security Engineering 29
Design guidelines 1-3  Base decisions on an explicit security policy  Define a security policy for the organization that sets out the fundamental security requirements that should apply to all organizational systems.  Avoid a single point of failure  Ensure that a security failure can only result when there is more than one failure in security procedures. For example, have password and question-based authentication.  Fail securely  When systems fail, for whatever reason, ensure that sensitive information cannot be accessed by unauthorized users even although normal security procedures are unavailable. Chapter 14 Security Engineering 30
Design guidelines 4-6  Balance security and usability  Try to avoid security procedures that make the system difficult to use. Sometimes you have to accept weaker security to make the system more usable.  Log user actions  Maintain a log of user actions that can be analyzed to discover who did what. If users know about such a log, they are less likely to behave in an irresponsible way.  Use redundancy and diversity to reduce risk  Keep multiple copies of data and use diverse infrastructure so that an infrastructure vulnerability cannot be the single point of failure. Chapter 14 Security Engineering 31
Design guidelines 7-10  Validate all inputs  Check that all inputs are within range so that unexpected inputs cannot cause problems.  Compartmentalize your assets  Organize the system so that assets are in separate areas and users only have access to the information that they need rather than all system information.  Design for deployment  Design the system to avoid deployment problems  Design for recoverability  Design the system to simplify recoverability after a successful attack. Chapter 14 Security Engineering 32
Design for deployment  Deployment involves configuring software to operate in its working environment, installing the system and configuring it for the operational platform.  Vulnerabilities may be introduced at this stage as a result of configuration mistakes.  Designing deployment support into the system can reduce the probability that vulnerabilities will be introduced. Chapter 14 Security Engineering 33
Software deployment Chapter 14 Security Engineering 34
Configuration vulnerabilities  Vulnerable default settings  Attackers can find out the default settings for software. If these are weak (often to increase usability) then they can be exploited by users when attacking a system.  Development rather than deployment  Some configuration settings in systems are designed to support development and debugging. If these are not turned off, they can be a vulnerability that can be exploited by attackers. Chapter 14 Security Engineering 35
Deployment support 1  Include support for viewing and analyzing configurations  Make sure that the system administrator responsible for deployment can easily view the entire configuration. This makes it easier to spot omissions and errors that have been made.  Minimize default privileges and thus limit the damage that might be caused  Design the system so that the default privileges for an administrator are minimized. This means that if someone gains admin access, they do not have immediate access to the features of the system. Chapter 14 Security Engineering 36
Deployment support 2  Localize configuration settings  When setting up a system, all information that is relevant to the same part or component of a system should be localized so that it is all set up at once. Otherwise, it is easy to forget to set up related security features.  Provide easy ways to fix security vulnerabilities  When problems are detected, provide easy ways, such as auto- updating, to repair security vulnerabilities in the deployed systems. Chapter 14 Security Engineering 37
System survivability  Survivability is an emergent system property that reflects the systems ability to deliver essential services whilst it is under attack or after part of the system has been damaged  Survivability analysis and design should be part of the security engineering process Chapter 14 Security Engineering 38
Importance of survivability  Our economic and social lives are dependent on computer systems  Critical infrastructure – electricity, gas, telecommunications, transport  Healthcare  Government  Loss of business systems for even a short time can have very severe economic effects  Airline reservation systems  E-commerce systems  Payment systems Chapter 14 Security Engineering 39
Service availability  Which system services are the most critical for a business?  How might these services be compromised?  What is the minimal quality of service that must be maintained?  How can these services be protected?  If a service becomes unavailable, how quickly can it be recovered? Chapter 14 Security Engineering 40
Survivability strategies  Resistance  Avoiding problems by building capabilities into the system to resist attacks  Recognition  Detecting problems by building capabilities into the system to detect attacks and failures and assess the resultant damage  Recovery  Tolerating problems by building capabilities into the system to deliver services whilst under attack Chapter 14 Security Engineering 41
Stages in survivability analysis Chapter 14 Security Engineering 42
Key activities  System understanding  Review golas, requirements and architecture  Critical service identification  Identify services that must be maintained  Attack simulation  Devise attack scenarios and identify components affected  Survivability analysis  Identify survivability strategies to be applied Chapter 14 Security Engineering 43
Trading system survivability  User accounts and equity prices replicated across servers so some provision for survivability made  Key capability to be maintained is the ability to place orders for stock  Orders must be accurate and reflect the actual sales/purchases made by a trader Chapter 14 Security Engineering 44
Survivable ordering service  The critical service that must survive is the ability for authorized users to place orders for stock  This requires 3 components of the system to be available and operating reliability:  User authentication, allowing authorized users to log on to the system  Price quotation, allowing buying and selling prices to be quoted  Order placement, allowing buy and sell orders to be made Chapter 14 Security Engineering 45
Possible attacks  Malicious user masquerades as a legitimate user and places malicious orders for stock, with the aim of causing problems for the legitimate user  An unauthorized user corrupts the database of transactions thus making reconciliation of sales and purchases impossible Chapter 14 Security Engineering 46
Survivability analysis in an equity trading system Attack Resistance Recognition Recovery Unauthorized user places malicious orders Require a dealing password that is different from the login password to place orders. Send copy of order by e- mail to authorized user with contact phone number (so that they can detect malicious orders). Maintain user’s order history and check for unusual trading patterns. Provide mechanism to automatically ‘undo’ trades and restore user accounts. Refund users for losses that are due to malicious trading. Insure against consequential losses. Corruption of transactions database Require privileged users to be authorized using a stronger authentication mechanism, such as digital certificates. Maintain read-only copies of transactions for an office on an international server. Periodically compare transactions to check for corruption. Maintain cryptographic checksum with all transaction records to detect corruption. Recover database from backup copies. Provide a mechanism to replay trades from a specified time to re-create the transactions database. 47
Key points  General security guidelines sensitize designers to security issues and serve as review checklists  Configuration visualization, setting localization, and minimization of default privileges help reduce deployment errors  System survivability reflects the ability of a system to deliver services whilst under attack or after part of the system has been damaged. Chapter 14 Security Engineering 48

Recommended

Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Ian Sommerville
 
Ch12 safety engineering
Ch12 safety engineeringCh12 safety engineering
Ch12 safety engineeringsoftware-engineering-book
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineeringsoftware-engineering-book
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
Scada implement secure - architecture
Scada implement secure - architectureScada implement secure - architecture
Scada implement secure - architectureFelipe Prado
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 

Recommended

Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Ian Sommerville
 
Ch12 safety engineering
Ch12 safety engineeringCh12 safety engineering
Ch12 safety engineeringsoftware-engineering-book
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineeringsoftware-engineering-book
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
Scada implement secure - architecture
Scada implement secure - architectureScada implement secure - architecture
Scada implement secure - architectureFelipe Prado
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
Ch12-Software Engineering 9
Ch12-Software Engineering 9Ch12-Software Engineering 9
Ch12-Software Engineering 9Ian Sommerville
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9Ian Sommerville
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded SystemsMEN Mikro Elektronik GmbH
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specificationAryan Ajmer
 
Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Ian Sommerville
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
 
Multi agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reactionMulti agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reactionLuxembourg Institute of Science and Technology
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Luxembourg Institute of Science and Technology
 
System dependability
System dependabilitySystem dependability
System dependabilitysommerville-videos
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Ian Sommerville
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
Chapter006
Chapter006Chapter006
Chapter006Jeanie Delos Arcos
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policyphanleson
 
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSChristina33713
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101Donald E. Hester
 
2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge DeliverableCurtis Brazzell
 
Efma Article
Efma ArticleEfma Article
Efma ArticleRoxana_Hidan
 
Adenocarcinoma caso interesante ok
Adenocarcinoma caso interesante okAdenocarcinoma caso interesante ok
Adenocarcinoma caso interesante okeddynoy velasquez
 

More Related Content

What's hot

Ch12-Software Engineering 9
Ch12-Software Engineering 9Ch12-Software Engineering 9
Ch12-Software Engineering 9Ian Sommerville
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9Ian Sommerville
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded SystemsMEN Mikro Elektronik GmbH
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specificationAryan Ajmer
 
Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Ian Sommerville
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Ian Sommerville
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSChristina33713
 
2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge DeliverableCurtis Brazzell
 

What's hot (20)

Ch12-Software Engineering 9
Ch12-Software Engineering 9Ch12-Software Engineering 9
Ch12-Software Engineering 9
 
Ch11-Software Engineering 9
Ch11-Software Engineering 9Ch11-Software Engineering 9
Ch11-Software Engineering 9
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specification
 
Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)
 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
 
Multi agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reactionMulti agents based architecture for is security incident reaction
Multi agents based architecture for is security incident reaction
 
Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...Multi agents system service based platform in telecommunication security inci...
Multi agents system service based platform in telecommunication security inci...
 
System dependability
System dependabilitySystem dependability
System dependability
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
Chapter006
Chapter006Chapter006
Chapter006
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101
 
2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable
 

Viewers also liked

Adenocarcinoma caso interesante ok
Adenocarcinoma caso interesante okAdenocarcinoma caso interesante ok
Adenocarcinoma caso interesante okeddynoy velasquez
 
La gestión del conocimiento: la Web 2.0, Redes Sociales, y otras herramientas
La gestión del conocimiento: la Web 2.0, Redes Sociales, y otras herramientasLa gestión del conocimiento: la Web 2.0, Redes Sociales, y otras herramientas
La gestión del conocimiento: la Web 2.0, Redes Sociales, y otras herramientasRadar Información y Conocimiento
 
Gmm vol 148_-_1_2012 (1) cópia
Gmm vol 148_-_1_2012 (1) cópiaGmm vol 148_-_1_2012 (1) cópia
Gmm vol 148_-_1_2012 (1) cópiaClapbio
 
E-Book Reimagine How You Use SageCRM in Your Business
E-Book Reimagine How You Use SageCRM in Your BusinessE-Book Reimagine How You Use SageCRM in Your Business
E-Book Reimagine How You Use SageCRM in Your BusinessBurCom Consulting Ltd.
 
Cesnavarra 2008-boletín 6
Cesnavarra 2008-boletín 6Cesnavarra 2008-boletín 6
Cesnavarra 2008-boletín 6Cein
 
Corporate_Profile_2008 - NKT
Corporate_Profile_2008 - NKTCorporate_Profile_2008 - NKT
Corporate_Profile_2008 - NKTJakob Risom
 
K PANDIYA RAJAN , founder Ranstad India
K PANDIYA RAJAN , founder Ranstad IndiaK PANDIYA RAJAN , founder Ranstad India
K PANDIYA RAJAN , founder Ranstad Indiaswtnspicyaqua
 
Prisma Media : maximiser le mix contenu-data. Une strategie data driven @ Big...
Prisma Media : maximiser le mix contenu-data. Une strategie data driven @ Big...Prisma Media : maximiser le mix contenu-data. Une strategie data driven @ Big...
Prisma Media : maximiser le mix contenu-data. Une strategie data driven @ Big...ACTUONDA
 
Era Digital
Era Digital Era Digital
Era Digital Titus
 
Bullying
Bullying Bullying
Bullying zaydy12
 
Effective Diversity Marketing in Retail: A Look at MEXX in 2006
Effective Diversity Marketing in Retail: A Look at MEXX in 2006Effective Diversity Marketing in Retail: A Look at MEXX in 2006
Effective Diversity Marketing in Retail: A Look at MEXX in 2006Adrian Parker
 
Dii1 Introduccion A La Informatica
Dii1 Introduccion A La InformaticaDii1 Introduccion A La Informatica
Dii1 Introduccion A La InformaticaEspol
 
Span 4583 hispanoamerica en el siglo xx final
Span 4583 hispanoamerica en el siglo xx finalSpan 4583 hispanoamerica en el siglo xx final
Span 4583 hispanoamerica en el siglo xx finalDonna Shelton
 
Tackle healthcare interoperability challenges and improve transitions of care v3
Tackle healthcare interoperability challenges and improve transitions of care v3Tackle healthcare interoperability challenges and improve transitions of care v3
Tackle healthcare interoperability challenges and improve transitions of care v3Perficient, Inc.
 

Viewers also liked (20)

Efma Article
Efma ArticleEfma Article
Efma Article
 
Adenocarcinoma caso interesante ok
Adenocarcinoma caso interesante okAdenocarcinoma caso interesante ok
Adenocarcinoma caso interesante ok
 
CPA Vision 2011
CPA Vision 2011CPA Vision 2011
CPA Vision 2011
 
La gestión del conocimiento: la Web 2.0, Redes Sociales, y otras herramientas
La gestión del conocimiento: la Web 2.0, Redes Sociales, y otras herramientasLa gestión del conocimiento: la Web 2.0, Redes Sociales, y otras herramientas
La gestión del conocimiento: la Web 2.0, Redes Sociales, y otras herramientas
 
Gmm vol 148_-_1_2012 (1) cópia
Gmm vol 148_-_1_2012 (1) cópiaGmm vol 148_-_1_2012 (1) cópia
Gmm vol 148_-_1_2012 (1) cópia
 
E-Book Reimagine How You Use SageCRM in Your Business
E-Book Reimagine How You Use SageCRM in Your BusinessE-Book Reimagine How You Use SageCRM in Your Business
E-Book Reimagine How You Use SageCRM in Your Business
 
Cesnavarra 2008-boletín 6
Cesnavarra 2008-boletín 6Cesnavarra 2008-boletín 6
Cesnavarra 2008-boletín 6
 
Corporate_Profile_2008 - NKT
Corporate_Profile_2008 - NKTCorporate_Profile_2008 - NKT
Corporate_Profile_2008 - NKT
 
Obro corp
Obro corpObro corp
Obro corp
 
K PANDIYA RAJAN , founder Ranstad India
K PANDIYA RAJAN , founder Ranstad IndiaK PANDIYA RAJAN , founder Ranstad India
K PANDIYA RAJAN , founder Ranstad India
 
Prisma Media : maximiser le mix contenu-data. Une strategie data driven @ Big...
Prisma Media : maximiser le mix contenu-data. Une strategie data driven @ Big...Prisma Media : maximiser le mix contenu-data. Une strategie data driven @ Big...
Prisma Media : maximiser le mix contenu-data. Une strategie data driven @ Big...
 
Era Digital
Era Digital Era Digital
Era Digital
 
Bullying
Bullying Bullying
Bullying
 
Effective Diversity Marketing in Retail: A Look at MEXX in 2006
Effective Diversity Marketing in Retail: A Look at MEXX in 2006Effective Diversity Marketing in Retail: A Look at MEXX in 2006
Effective Diversity Marketing in Retail: A Look at MEXX in 2006
 
Dii1 Introduccion A La Informatica
Dii1 Introduccion A La InformaticaDii1 Introduccion A La Informatica
Dii1 Introduccion A La Informatica
 
Span 4583 hispanoamerica en el siglo xx final
Span 4583 hispanoamerica en el siglo xx finalSpan 4583 hispanoamerica en el siglo xx final
Span 4583 hispanoamerica en el siglo xx final
 
Paper fisica matematica
Paper fisica matematicaPaper fisica matematica
Paper fisica matematica
 
Codigos de-ocupaciones-dane
Codigos de-ocupaciones-daneCodigos de-ocupaciones-dane
Codigos de-ocupaciones-dane
 
Blended Learning
Blended LearningBlended Learning
Blended Learning
 
Tackle healthcare interoperability challenges and improve transitions of care v3
Tackle healthcare interoperability challenges and improve transitions of care v3Tackle healthcare interoperability challenges and improve transitions of care v3
Tackle healthcare interoperability challenges and improve transitions of care v3
 

Similar to Ch14

Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9Ian Sommerville
 
Ch14 - Resilience Engineering
Ch14 - Resilience EngineeringCh14 - Resilience Engineering
Ch14 - Resilience EngineeringHarsh Verdhan Raj
 
Security at the Core: Unraveling Secure by Design Principles
Security at the Core: Unraveling Secure by Design PrinciplesSecurity at the Core: Unraveling Secure by Design Principles
Security at the Core: Unraveling Secure by Design PrinciplesCentextech
 
Security Education and Training1111.pdf
Security Education and Training1111.pdfSecurity Education and Training1111.pdf
Security Education and Training1111.pdfakkashkumar055
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptxEnhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptxerickxandergarin
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docxoswald1horne84988
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded SystemsMEN Micro
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practicesphanleson
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
Step-by-Step Implementation of the Essential 8 Cybersecurity Framework
Step-by-Step Implementation of the Essential 8 Cybersecurity FrameworkStep-by-Step Implementation of the Essential 8 Cybersecurity Framework
Step-by-Step Implementation of the Essential 8 Cybersecurity FrameworkOnsite Helper
 
5 - Safety - Critical Systems.pdf
5 - Safety - Critical Systems.pdf5 - Safety - Critical Systems.pdf
5 - Safety - Critical Systems.pdfFelixKipyego1
 
Operational Security for Transportation: Connectivity to Rails
Operational Security for Transportation: Connectivity to Rails Operational Security for Transportation: Connectivity to Rails
Operational Security for Transportation: Connectivity to Rails Ashley Finden
 

Similar to Ch14 (20)

Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9
 
Ch13 - Security Engineering
Ch13 - Security EngineeringCh13 - Security Engineering
Ch13 - Security Engineering
 
Ch14 - Resilience Engineering
Ch14 - Resilience EngineeringCh14 - Resilience Engineering
Ch14 - Resilience Engineering
 
Ch14 resilience engineering
Ch14 resilience engineeringCh14 resilience engineering
Ch14 resilience engineering
 
Security at the Core: Unraveling Secure by Design Principles
Security at the Core: Unraveling Secure by Design PrinciplesSecurity at the Core: Unraveling Secure by Design Principles
Security at the Core: Unraveling Secure by Design Principles
 
Security Education and Training1111.pdf
Security Education and Training1111.pdfSecurity Education and Training1111.pdf
Security Education and Training1111.pdf
 
02.security systems
02.security systems02.security systems
02.security systems
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptxEnhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
Step-by-Step Implementation of the Essential 8 Cybersecurity Framework
Step-by-Step Implementation of the Essential 8 Cybersecurity FrameworkStep-by-Step Implementation of the Essential 8 Cybersecurity Framework
Step-by-Step Implementation of the Essential 8 Cybersecurity Framework
 
Ch13.pptx
Ch13.pptxCh13.pptx
Ch13.pptx
 
Ch13
Ch13Ch13
Ch13
 
5 - Safety - Critical Systems.pdf
5 - Safety - Critical Systems.pdf5 - Safety - Critical Systems.pdf
5 - Safety - Critical Systems.pdf
 
Operational Security for Transportation: Connectivity to Rails
Operational Security for Transportation: Connectivity to Rails Operational Security for Transportation: Connectivity to Rails
Operational Security for Transportation: Connectivity to Rails
 
Security
SecuritySecurity
Security
 
BSidesQuebec2013_fred
BSidesQuebec2013_fredBSidesQuebec2013_fred
BSidesQuebec2013_fred
 

More from Keith Jasper Mier

More from Keith Jasper Mier (20)

Ch26
Ch26Ch26
Ch26
 
Ch25
Ch25Ch25
Ch25
 
Ch24
Ch24Ch24
Ch24
 
Ch23
Ch23Ch23
Ch23
 
Ch22
Ch22Ch22
Ch22
 
Ch21
Ch21Ch21
Ch21
 
Ch20
Ch20Ch20
Ch20
 
Ch19
Ch19Ch19
Ch19
 
Ch18
Ch18Ch18
Ch18
 
Ch17
Ch17Ch17
Ch17
 
Ch16
Ch16Ch16
Ch16
 
Ch15
Ch15Ch15
Ch15
 
Ch12
Ch12Ch12
Ch12
 
Ch11
Ch11Ch11
Ch11
 
Ch10
Ch10Ch10
Ch10
 
Ch9
Ch9Ch9
Ch9
 
Ch8
Ch8Ch8
Ch8
 
Ch7
Ch7Ch7
Ch7
 
Ch6
Ch6Ch6
Ch6
 
Ch5
Ch5Ch5
Ch5
 

Recently uploaded

Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
Piping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringPiping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringJuanCarlosMorales19600
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsSachinPawar510423
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptJasonTagapanGulla
 

Recently uploaded (20)

Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Piping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringPiping Basic stress analysis by engineering
Piping Basic stress analysis by engineering
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documents
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.ppt
 

Ch14

  • 1. Chapter 14 – Security Engineering Lecture 1 Chapter 14 Security Engineering 1
  • 2. Topics covered  Security engineering and security management  Security engineering concerned with applications; security management with infrastructure.  Security risk assessment  Designing a system based on the assessment of security risks.  Design for security  How system architectures have to be designed for security. Chapter 14 Security Engineering 2
  • 3. Security engineering  Tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer-based system or its data.  A sub-field of the broader field of computer security.  Assumes background knowledge of dependability and security concepts (Chapter 10) and security requirements specification (Chapter 12) Chapter 14 Security Engineering 3
  • 4. Application/infrastructure security  Application security is a software engineering problem where the system is designed to resist attacks.  Infrastructure security is a systems management problem where the infrastructure is configured to resist attacks.  The focus of this chapter is application security. Chapter 14 Security Engineering 4
  • 5. System layers where security may be compromised Chapter 14 Security Engineering 5
  • 6. System security management  User and permission management  Adding and removing users from the system and setting up appropriate permissions for users  Software deployment and maintenance  Installing application software and middleware and configuring these systems so that vulnerabilities are avoided.  Attack monitoring, detection and recovery  Monitoring the system for unauthorized access, design strategies for resisting attacks and develop backup and recovery strategies. Chapter 14 Security Engineering 6
  • 7. Security risk management  Risk management is concerned with assessing the possible losses that might ensue from attacks on the system and balancing these losses against the costs of security procedures that may reduce these losses.  Risk management should be driven by an organisational security policy.  Risk management involves  Preliminary risk assessment  Life cycle risk assessment  Operational risk assessment Chapter 14 Security Engineering 7
  • 8. Preliminary risk assessment Chapter 14 Security Engineering 8
  • 9. Misuse cases  Misuse cases are instances of threats to a system  Interception threats  Attacker gains access to an asset  Interruption threats  Attacker makes part of a system unavailable  Modification threats  A system asset if tampered with  Fabrication threats  False information is added to a system Chapter 14 Security Engineering 9
  • 10. Asset analysis Chapter 14 Security Engineering 10 Asset Value Exposure The information system High. Required to support all clinical consultations. Potentially safety-critical. High. Financial loss as clinics may have to be canceled. Costs of restoring system. Possible patient harm if treatment cannot be prescribed. The patient database High. Required to support all clinical consultations. Potentially safety-critical. High. Financial loss as clinics may have to be canceled. Costs of restoring system. Possible patient harm if treatment cannot be prescribed. An individual patient record Normally low although may be high for specific high-profile patients. Low direct losses but possible loss of reputation.
  • 11. Threat and control analysis Chapter 14 Security Engineering 11 Threat Probability Control Feasibility Unauthorized user gains access as system manager and makes system unavailable Low Only allow system management from specific locations that are physically secure. Low cost of implementation but care must be taken with key distribution and to ensure that keys are available in the event of an emergency. Unauthorized user gains access as system user and accesses confidential information High Require all users to authenticate themselves using a biometric mechanism. Log all changes to patient information to track system usage. Technically feasible but high-cost solution. Possible user resistance. Simple and transparent to implement and also supports recovery.
  • 12. Security requirements  Patient information must be downloaded at the start of a clinic session to a secure area on the system client that is used by clinical staff.  Patient information must not be maintained on system clients after a clinic session has finished.  A log on a separate computer from the database server must be maintained of all changes made to the system database. Chapter 14 Security Engineering 12
  • 13. Life cycle risk assessment  Risk assessment while the system is being developed and after it has been deployed  More information is available - system platform, middleware and the system architecture and data organisation.  Vulnerabilities that arise from design choices may therefore be identified. Chapter 14 Security Engineering 13
  • 14. Life-cycle risk analysis Chapter 14 Security Engineering 14
  • 15. Design decisions from use of COTS  System users authenticated using a name/password combination.  The system architecture is client-server with clients accessing the system through a standard web browser.  Information is presented as an editable web form. Chapter 14 Security Engineering 15
  • 16. Vulnerabilities associated with technology choices Chapter 14 Security Engineering 16
  • 17. Security requirements  A password checker shall be made available and shall be run daily. Weak passwords shall be reported to system administrators.  Access to the system shall only be allowed by approved client computers.  All client computers shall have a single, approved web browser installed by system administrators. Chapter 14 Security Engineering 17
  • 18. Operational risk assessment  Continuation of life cycle risk assessment but with additional information about the environment where the system is used.  Environment characteristics can lead to new system risks  Risk of interruption means that logged in computers are left unattended. Chapter 14 Security Engineering 18
  • 19. Design for security  Architectural design  how do architectural design decisions affect the security of a system?  Good practice  what is accepted good practice when designing secure systems?  Design for deployment  what support should be designed into a system to avoid the introduction of vulnerabilities when a system is deployed for use? Chapter 14 Security Engineering 19
  • 20. Architectural design  Two fundamental issues have to be considered when designing an architecture for security.  Protection • How should the system be organised so that critical assets can be protected against external attack?  Distribution • How should system assets be distributed so that the effects of a successful attack are minimized?  These are potentially conflicting  If assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised. Chapter 14 Security Engineering 20
  • 21. Protection  Platform-level protection  Top-level controls on the platform on which a system runs.  Application-level protection  Specific protection mechanisms built into the application itself e.g. additional password protection.  Record-level protection  Protection that is invoked when access to specific information is requested  These lead to a layered protection architecture Chapter 14 Security Engineering 21
  • 22. A layered protection architecture Chapter 14 Security Engineering 22
  • 23. Distribution  Distributing assets means that attacks on one system do not necessarily lead to complete loss of system service  Each platform has separate protection features and may be different from other platforms so that they do not share a common vulnerability  Distribution is particularly important if the risk of denial of service attacks is high Chapter 14 Security Engineering 23
  • 24. Distributed assets in an equity trading system Chapter 14 Security Engineering 24
  • 25. Key points  Security engineering is concerned with how to develop systems that can resist malicious attacks  Security threats can be threats to confidentiality, integrity or availability of a system or its data  Security risk management is concerned with assessing possible losses from attacks and deriving security requirements to minimise losses  Design for security involves architectural design, following good design practice and minimising the introduction of system vulnerabilities Chapter 14 Security Engineering 25
  • 26. Chapter 14 – Security Engineering Lecture 2 Chapter 14 Security Engineering 26
  • 27. Topics covered  Design guidelines for security  Guidelines that help you design a secure system  Design for deployment  Design so that deployment problems that may introduce vulnerabilities are minimized  System survivability  Allow the system to deliver essential services when under attack Chapter 14 Security Engineering 27
  • 28. Design guidelines for security engineering  Design guidelines encapsulate good practice in secure systems design  Design guidelines serve two purposes:  They raise awareness of security issues in a software engineering team. Security is considered when design decisions are made.  They can be used as the basis of a review checklist that is applied during the system validation process.  Design guidelines here are applicable during software specification and design Chapter 14 Security Engineering 28
  • 29. Design guidelines for secure systems engineering Security guidelines Base security decisions on an explicit security policy Avoid a single point of failure Fail securely Balance security and usability Log user actions Use redundancy and diversity to reduce risk Validate all inputs Compartmentalize your assets Design for deployment Design for recoverability Chapter 14 Security Engineering 29
  • 30. Design guidelines 1-3  Base decisions on an explicit security policy  Define a security policy for the organization that sets out the fundamental security requirements that should apply to all organizational systems.  Avoid a single point of failure  Ensure that a security failure can only result when there is more than one failure in security procedures. For example, have password and question-based authentication.  Fail securely  When systems fail, for whatever reason, ensure that sensitive information cannot be accessed by unauthorized users even although normal security procedures are unavailable. Chapter 14 Security Engineering 30
  • 31. Design guidelines 4-6  Balance security and usability  Try to avoid security procedures that make the system difficult to use. Sometimes you have to accept weaker security to make the system more usable.  Log user actions  Maintain a log of user actions that can be analyzed to discover who did what. If users know about such a log, they are less likely to behave in an irresponsible way.  Use redundancy and diversity to reduce risk  Keep multiple copies of data and use diverse infrastructure so that an infrastructure vulnerability cannot be the single point of failure. Chapter 14 Security Engineering 31
  • 32. Design guidelines 7-10  Validate all inputs  Check that all inputs are within range so that unexpected inputs cannot cause problems.  Compartmentalize your assets  Organize the system so that assets are in separate areas and users only have access to the information that they need rather than all system information.  Design for deployment  Design the system to avoid deployment problems  Design for recoverability  Design the system to simplify recoverability after a successful attack. Chapter 14 Security Engineering 32
  • 33. Design for deployment  Deployment involves configuring software to operate in its working environment, installing the system and configuring it for the operational platform.  Vulnerabilities may be introduced at this stage as a result of configuration mistakes.  Designing deployment support into the system can reduce the probability that vulnerabilities will be introduced. Chapter 14 Security Engineering 33
  • 34. Software deployment Chapter 14 Security Engineering 34
  • 35. Configuration vulnerabilities  Vulnerable default settings  Attackers can find out the default settings for software. If these are weak (often to increase usability) then they can be exploited by users when attacking a system.  Development rather than deployment  Some configuration settings in systems are designed to support development and debugging. If these are not turned off, they can be a vulnerability that can be exploited by attackers. Chapter 14 Security Engineering 35
  • 36. Deployment support 1  Include support for viewing and analyzing configurations  Make sure that the system administrator responsible for deployment can easily view the entire configuration. This makes it easier to spot omissions and errors that have been made.  Minimize default privileges and thus limit the damage that might be caused  Design the system so that the default privileges for an administrator are minimized. This means that if someone gains admin access, they do not have immediate access to the features of the system. Chapter 14 Security Engineering 36
  • 37. Deployment support 2  Localize configuration settings  When setting up a system, all information that is relevant to the same part or component of a system should be localized so that it is all set up at once. Otherwise, it is easy to forget to set up related security features.  Provide easy ways to fix security vulnerabilities  When problems are detected, provide easy ways, such as auto- updating, to repair security vulnerabilities in the deployed systems. Chapter 14 Security Engineering 37
  • 38. System survivability  Survivability is an emergent system property that reflects the systems ability to deliver essential services whilst it is under attack or after part of the system has been damaged  Survivability analysis and design should be part of the security engineering process Chapter 14 Security Engineering 38
  • 39. Importance of survivability  Our economic and social lives are dependent on computer systems  Critical infrastructure – electricity, gas, telecommunications, transport  Healthcare  Government  Loss of business systems for even a short time can have very severe economic effects  Airline reservation systems  E-commerce systems  Payment systems Chapter 14 Security Engineering 39
  • 40. Service availability  Which system services are the most critical for a business?  How might these services be compromised?  What is the minimal quality of service that must be maintained?  How can these services be protected?  If a service becomes unavailable, how quickly can it be recovered? Chapter 14 Security Engineering 40
  • 41. Survivability strategies  Resistance  Avoiding problems by building capabilities into the system to resist attacks  Recognition  Detecting problems by building capabilities into the system to detect attacks and failures and assess the resultant damage  Recovery  Tolerating problems by building capabilities into the system to deliver services whilst under attack Chapter 14 Security Engineering 41
  • 42. Stages in survivability analysis Chapter 14 Security Engineering 42
  • 43. Key activities  System understanding  Review golas, requirements and architecture  Critical service identification  Identify services that must be maintained  Attack simulation  Devise attack scenarios and identify components affected  Survivability analysis  Identify survivability strategies to be applied Chapter 14 Security Engineering 43
  • 44. Trading system survivability  User accounts and equity prices replicated across servers so some provision for survivability made  Key capability to be maintained is the ability to place orders for stock  Orders must be accurate and reflect the actual sales/purchases made by a trader Chapter 14 Security Engineering 44
  • 45. Survivable ordering service  The critical service that must survive is the ability for authorized users to place orders for stock  This requires 3 components of the system to be available and operating reliability:  User authentication, allowing authorized users to log on to the system  Price quotation, allowing buying and selling prices to be quoted  Order placement, allowing buy and sell orders to be made Chapter 14 Security Engineering 45
  • 46. Possible attacks  Malicious user masquerades as a legitimate user and places malicious orders for stock, with the aim of causing problems for the legitimate user  An unauthorized user corrupts the database of transactions thus making reconciliation of sales and purchases impossible Chapter 14 Security Engineering 46
  • 47. Survivability analysis in an equity trading system Attack Resistance Recognition Recovery Unauthorized user places malicious orders Require a dealing password that is different from the login password to place orders. Send copy of order by e- mail to authorized user with contact phone number (so that they can detect malicious orders). Maintain user’s order history and check for unusual trading patterns. Provide mechanism to automatically ‘undo’ trades and restore user accounts. Refund users for losses that are due to malicious trading. Insure against consequential losses. Corruption of transactions database Require privileged users to be authorized using a stronger authentication mechanism, such as digital certificates. Maintain read-only copies of transactions for an office on an international server. Periodically compare transactions to check for corruption. Maintain cryptographic checksum with all transaction records to detect corruption. Recover database from backup copies. Provide a mechanism to replay trades from a specified time to re-create the transactions database. 47
  • 48. Key points  General security guidelines sensitize designers to security issues and serve as review checklists  Configuration visualization, setting localization, and minimization of default privileges help reduce deployment errors  System survivability reflects the ability of a system to deliver services whilst under attack or after part of the system has been damaged. Chapter 14 Security Engineering 48