© 2012 carnegie mellon university panel: growing the skills required for trustworthy software...
Post on 30-Mar-2015
217 Views
Preview:
TRANSCRIPT
© 2012 Carnegie Mellon University
Panel: Growing the Skills Required for Trustworthy Software
Software Engineering InstituteCarnegie Mellon UniversityPittsburgh, PA 15213
Carol Woody, Ph.D.Date 12/5/12
2© 2012 Carnegie Mellon University
Who Needs Training & Education
Builders•Designers•Engineers•Coders•Testers
Decision Makers•Program Management•Stakeholders•Executives
Acquirers
3© 2012 Carnegie Mellon University
Software Assurance (SwA) Curriculum Project
4© 2012 Carnegie Mellon University
SwA Curriculum Sponsorship and Goals
Sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD)
Goals•develop software assurance curricula•define transition strategies for future implementation
5© 2012 Carnegie Mellon University
SwA Curriculum Project Objectives
Improve the state of software assurance education
Develop a Master of Software Assurance Reference Curriculum (Volume I)Identify educational offerings at other levels
•Undergraduate (Volume II)•MSwA Syllabi (Volume III)•Community College (Volume IV)• Integration with IS Curricula (Technical Note)
6© 2012 Carnegie Mellon University
Purpose of MSwA Curriculum
Foundational material includes (but not limited to)•Software Assurance Curriculum Body of Knowledge
(SwACBK)•work done by the SEI in support of DHS Build Security In
(BSI) website•Graduate Software Engineering 2009 (GSwE 2009)
Curriculum Guidelines for Graduate Degree Programs in Software Engineering
VOLUME I
7© 2012 Carnegie Mellon University
Body of Knowledge (BoK)
Organization: BoK knowledge areas knowledge units knowledge topics, with associated Bloom cognitive levels
Assurance Process and Management
Assurance Across Life Cycles
Risk Management
Assurance Assessment
Assurance Management
Assurance Product and Technology
System Security Assurance
Assured Software Analytics
System Operational Assurance
8© 2012 Carnegie Mellon University
Architectural Structure of an MSwA2010 Degree Program
Preparatory Materials Computing FoundationsSoftware EngineeringSecurity Engineering
MSwA Core
Assurance Across Life CyclesRisk ManagementAssurance AssessmentAssurance ManagementSystem Security AssuranceAssured Software AnalyticsSystem Operational Assurance
ElectivesCourses Related to Assurance in Selected Domains
Capstone Experience Project
9© 2012 Carnegie Mellon University
Outcomes of MSwA Curriculum Work
Outcomes•specify the knowledge, skills, and capabilities that graduates of an MSwA
program can expect when they complete the program • represent the minimum capabilities that should be expected of professionals
in the area of software assurance when they complete a master’s degree program
•provide a model for curriculum content, organization, expected curriculum outcomes
•support those who assess software assurance programs
10© 2012 Carnegie Mellon University
Professional Society Recognition
IEEE RecognitionThe MSwA curriculum was recognized by the IEEE Computer Society. Its notification follows: At the meeting of the IEEE Computer Society Board of Governors it was passed:
MOVED, that the IEEE Computer Society Board of Governors recognizes the SEI CMU/SEI-2010-TR-005 Reference Curriculum as appropriate for a Masters Program in Software Assurance for a period of 5 years beginning in 1 August 2010.
Statement: The curriculum recommendation could contain a statement similar to “The IEEE Computer Society recognizes this curriculum recommendation as appropriate for a Masters Program in Software Assurance,” signifying that the Society considers it suitable for its stated purpose. If the curriculum recommendation is appropriate as a model for
similar efforts, the statement should indicate that designation.
IEEE published an article about its recognition of the MSwA curriculum at http://www.computer.org/portal/web/pressroom/20101213MSWA.
ACM RecognitionThe MSwA curriculum was also recognized by the Association for Computing Machinery (ACM) Education Board. This is identical to the IEEE recognition.
11© 2012 Carnegie Mellon University
SwA Undergraduate Course Outlines Background
Corollary activity to MSwA curriculum development.Course outlines include description, prerequisites, syllabus (list of topics and Bloom’s levels), course delivery features, suggestions on assessment, references.Background sources include SwACBK, MSwA Curriculum (Volume I).Other sources include the following:• CS2008 outlines• Carnegie Mellon University outlines• James Madison University outlines• University of California, Davis outlines• Purdue University outlines
VOLUME II
12© 2012 Carnegie Mellon University
SwA Undergraduate Courses
Computer Science I (with SwA emphasis)Computer Science II (with SwA emphasis)Introduction to Computer SecuritySoftware Security EngineeringSecure ProgrammingSpecial Topics in Information Assurance and SecuritySoftware Quality AssuranceSoftware Assurance AnalyticsSoftware Assurance Capstone Project
13© 2012 Carnegie Mellon University
MSwA Course Syllabi
Supports the development of a set of courses to be used in a master of software assurance curriculum.
Available at http://www.cert.org/mswa/
VOLUME III
14© 2012 Carnegie Mellon University
Community College Report
An ACM committee on two-year degree programs, led by Elizabeth Hawthorne, partnered with the SEI team. The report includes
•discussion of existing curricula related to software security that are suitable for community colleges
•target audience
•course outlines
•identification of resources
VOLUME IV
15© 2012 Carnegie Mellon University
Community College Courses
Target audience: Students planning to transfer to a four-year program, students with prior undergraduate technical degrees who wish to become more specialized in software assuranceCourses:•Computer Science I, II, and III• Introduction to Computer Security •Secure Coding• Introduction to Assured Software Engineering
16© 2012 Carnegie Mellon University
Executive Overview of Software Assurance
17© 2012 Carnegie Mellon University
Executive Course Description
Audience: PEOs, procurement officers, and others involved in software
acquisition.
Goal: Prepare executives to make informed decisions when acquiring
or overseeing development of a security-critical software system
Contents: Wide spectrum of pertinent issues to helps executives and
managers understand and address decisions related to security
impacts.
18© 2012 Carnegie Mellon University
Course Content Summary
Software Assurance in Acquisition
Assurance Management
Software Security Fundamentals
Security in Detail
Software Assurance Risk Management
Conclusion
19© 2012 Carnegie Mellon University
Software Assurance in Acquisition
Why Is this Important?•Risks and Threats•Critical System Compromises and
Failures•Concepts of Confidentiality, Integrity,
Availability, and Authentication•Principles of Software Assurance
In-House Versus Acquired•Pros and Cons
Cloud Component ConsiderationsSystem Evolution•Upgrades
Activity: Discuss case studies and examples showing issues related to upgrading systems. Emphasize emergent behaviors, compliance to policies, etc.
20© 2012 Carnegie Mellon University
Assurance Management
Ownership Issues•Own It, Rent It; Build vs. Buy•What Is Cloud?• Is Cloud Suitable for You?
Assurance Management•Making a Business Case for
Assurance•Compliance with Laws, Regulations,
Standards, Policies and Best Practices
•Case Studies•Decision Making Strategies
Activity: Use examples of software as service and present cost-benefit analyses in relation to risks associated with hosting the applications versus outsourcing them. Use case studies to have managers identify the areas of their business in which they could use Cloud services.Activity: Make the business case for assurance using ROI, risk analysis, etc. Use case studies to show how assurance practices can be integrated into regular acquisition activities. Present decision making strategies to satisfy the constraints the projects have to meet, including meeting standards and regulations.
21© 2012 Carnegie Mellon University
Software Security Fundamentals 1
Life-Cycle Models• Traditional Models, Such as Waterfall• Newer Models, Such as Agile and
Iterative Development
Security and Software Assurance Aspects of Software Development Activities• Software Requirements Engineering• Software Architecture and Design
Methods and Standards• Software Coding Methods and Standards• Testing Methods and Standards• Maintenance, Operation, and Retirement
Techiques/Strategies
Activity: Present some examples that show the fragile nature of software and the impracticality of having fault-free software. The failure of Ariane 5’s first test flight and the loss of the Mars Climate Orbiter are well documented cases.
22© 2012 Carnegie Mellon University
Software Security Fundamentals 2
Basic Concepts of Security• Confidentiality (C)• Integrity (I)• Availability (A)• Balancing the C–I–A Triangle• Authentication• Principles (Saltzer & Schroeder vs.
Software Assurance Principles Work)
Activity: Engage students in discussion. How will they address these basic concepts in their acquisition? Especially, how will they balance the CIA triangle. (It may be helpful to point out the relationship between availability and reliability.) When would multiple mechanisms for authentication be advisable?
23© 2012 Carnegie Mellon University
Security in Detail 1
Threats and Attack Vectors• Assets• Resources• Vulnerability of the Organization as a
Result of the Threat• Attack Scenarios
Security Policy and Its Importance• Access Control and Accountability• Awareness of Applicable Policies and
Standards
Security from an ROI Perspective• Business Case• Hard Business Decisions
Security Supply Chain• What Is It?• How to Build Security into the Supply
Chain
Activity: Use examples and case studies to emphasize the classification of assets and how to identify which ones would be more likely to be attacked. Provide examples of insider threats. This section will prepare users for compartmentalizing risks.
Activity: Expand on examples that an acquirer or those who oversee development should consider.
24© 2012 Carnegie Mellon University
Security in Detail 2
Security from an ROI Perspective• Business Case• Hard Business Decisions
Security Supply Chain• What Is It?• How to Build Security into the Supply
Chain• Linkage to the Supply Chain Course
Activity: Use case studies to show the impact of security-related technologies; include examples of compromised critical infrastructure.
Activity: Provide examples of how they would address the security supply chain as acquirers or as those overseeing development.
25© 2012 Carnegie Mellon University
Software Assurance Risk Management
Software Assurance Risk Management• Risk Management Concepts• Risk Management Process• Standards, Regulations, and Best
Practices• Government and Industry-Specific
Standards• Documented Organizational Policies and
Their Importance
Activity: Survey the concepts of risk management and process. Emphasize the existence of organizational policies that help to mitigate risks.
26© 2012 Carnegie Mellon University
Conclusion
Importance of Software Assurance for Acquirers•Build/Buy Decision•Business Case•Supply Chain Risk Management•Software Assurance Risk Management
The Way Forward
27© 2012 Carnegie Mellon University
Supply Chain Risk Management
28© 2012 Carnegie Mellon University
Supply Chain Risk Management (SCRM)
SCRM for ICT acquisitions considers two kinds of malicious actions.•Malicious supply chain events: counterfeits & tampering•Malicious system events: a system weakness provides access to sensitive
information, reduces the availability of an essential service, or affects data integrity.
Introductory Course available on FEDVTE September 2012SCRM Awareness Course under development
Sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD)
29© 2012 Carnegie Mellon University
Copyright 2012 Carnegie Mellon University.
This material is based upon work supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense.
NO WARRANTY
THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
This material has been approved for public release and unlimited distribution except as restricted below.
Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works.
External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu.
*These restrictions do not apply to U.S. government entities.
top related