lecture on swec and computer security
TRANSCRIPT
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 1/26
1
Summer 2011
Lesson ² 5
Software Engineering Concepts
and Computer Security
CSE 101
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 2/26
2
What is the difference between software
engineering and computer science?
Computer Science Software Engineering
is concerned with
System Engineering is concerned with all aspects of computer-based
systems development including hardware, sof tware and process engineering.
theory
fundamentals
the practicalities of developing
delivering useful software
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 3/26
3
What is a software process?
� A set of activities whose goal is the development or evolution of software.
� Generic activities in all software processes are:
± Specification - what the system should do and its development constraints
± Development - production of the software system
± Validation - checking that the software is what the customer wants
± Evolution - changing the software in response to changing demands.
� Upper-CASE
± Tools to support the early process activities of requirements and design� Lower-CASE
± Tools to support later activities such as programming, debugging and
testing
CASE (Computer-Aided Sof tware Engineering) :Software systems which areintended to provide automated support for software process activities, such asrequirements analysis, system modelling, debugging and testing
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 4/26
4
What are the attributes of good software?
� The sof tware should deliver the required f unctionality andperformance to the user and should be maintainable, dependableand acceptable.
� Maintainability± Sof tware must evolve to meet changing needs (scalable);
� Dependability± Sof tware must be trustworthy (reliable, secured and safe);
� Eff iciency± Sof tware should not make wastef ul use of system resources;
� Acceptability± Sof tware must accepted by the users for which it was designed. This
means it must be understandable, usable and compatible with othersystems.
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 5/26
5
What are the key challenges facing
Software Engineering?
� Heterogeneity
± Developing techniques for building sof tware that can cope with heterogeneous platforms and execution environments;
� Delivery
± Developing techniques that lead to faster delivery of sof tware;
� Trust
± Developing techniques that demonstrate that sof tware can betrusted by its users.
± Reliable, Secured and Safe.
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 6/26
6
Generic Software Process Models
� A simplified representation of a software process,presented from a specif ic perspective
� Examples of process perspectives:
± Workflow perspective represents inputs, outputs and
dependencies ± Data-flow perspective represents data transformation activities
± Role/action perspective represents the roles/activities of thepeople involved in sof tware process
� Generic process models
± Waterfall
± Evolutionary development
± Formal transformation
± Integration from reusable components
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 7/26
7
Engineering Example
Building a house:
�Land and finances
�garden, garage, you are used to age wine,
enjoy to sit by the fireplace, lots of storage,
don¶t like Bauhaus
�Architect will define number of floors and
rooms, orientation of the driveway, size of the
garage «
�type of bricks, color of the walls,«
�Construction
�Entering
�Living in the house
�Fixing minor problems, leaking in the roof «
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 8/26
8
The Waterfall Model
System Feasibility Validation
Plans +
RequirementsValidation
Product Design Verification
Detailed Design Verification
Code Unit Test
Integration ProductVerification
Integration System Test
Operation +
MaintenanceRevalidation
Waterfall Weakness�High risk for new systems because of specif icationand design problems.
�Low risk for well-understood developments usingfamiliar technology.
�Usually requirements change, are incomplete or
even not known ( Result: µThat¶s not what I meant !¶ (
go back to last step )
�WF-Model reacts very statically: Each stage must
be completed before next one starts
�Too expensive
�Doesn¶t force to discipline
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 9/26
9
ValidationFinalversion
Development Intermediateversions
SpecificationInitialversion
Outlinedescription
Concurrentactivities
Evolutionary Process Model
Process Model Weakness:
PrototypingLow risk for new applications because specif ication and program stay in step.High risk because of lack of process visibility.
TransformationalHigh risk because of need for advanced technology and staff skills.
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 10/26
10
Risk analysis
Risk
analysis
Risk analysis
Risk
analysis Proto-type 1
Prototype 2
Prototype 3Opera-tionalprotoype
Concept of Operation
Simulations, models, benchmarks
S/Wrequirements
Requirement
validation
DesignV&V
Productdesign Detailed
design
Code
Unit test
Integration
testAcceptance
testService Develop, verify
next-level product
Evaluate alternativesidentify, resolve risks
Determine objectivesalternatives and
constraints
Plan next phase
Integrationand test plan
Development
plan
Requirements planLife-cycle plan
REVIEW
Spiral Process Model
Focuses attention on reuse options.Focuses attention on early error elimination.Puts quality objectives up front.Integrates development and maintenance.Provides a framework for hardware /sof twaredevelopment.Contractual development of ten specif ies process model and deliverables in advance.
Requires risk assessment expertise.
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 11/26
11
Professional and ethical responsibility
Sof tware engineering involves wider responsibilities than simply the application of technical skills. Sof tware engineers must behave in an honest and ethicallyresponsible way if they are to be respected as professionals. Ethical behaviour is morethan simply upholding the law.
Conf identiality
± Engineers should normally respect the conf identiality of their employers or clients
irrespective of whether or not a formal conf identiality agreement has beensigned.
Competence
± Engineers should not misrepresent their level of competence.
± They should not knowingly accept work which is outside their competence.
Intellectual property rights
± Engineers should be aware of local laws governing the use of intellectual property
such as patents, copyright, etc.± They should be caref ul to ensure that the intellectual property of employers and
clients is protected.
Computer misuse
± Sof tware engineers should not use their technical skills to misuse other people¶ scomputers.
± Computer misuse ranges from relatively trivial (game playing on an employer¶ smachine, say) to extremely serious (dissemination of viruses).
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 12/26
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 13/26
13
Code of ethics - principles
� PUBLIC± Sof tware engineers shall act consistently with the public interest.
� CLIENT AND EMPLOYER
± Sof tware engineers shall act in a manner that is in the best interests of their client and employerconsistent with the public interest.
� PRODUCT
± Sof tware engineers shall ensure that their products and related modif ications meet the highest professional standards possible.
� JUDGMENT
± Sof tware engineers shall maintain integrity and independence in their professional judgment.
� MANAGEMENT
± Sof tware engineering managers and leaders shall subscribe to and promote an ethical approach tothe management of sof tware development and maintenance.
� PROFESSION
± Sof tware engineers shall advance the integrity and reputation of the profession consistent with the
public interest.
� COLLEAGUES
± Sof tware engineers shall be fair to and supportive of their colleagues.
� SELF
± Sof tware engineers shall participate in lifelong learning regarding the practice of their professionand shall promote an ethical approach to the practice of the profession.
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 14/26
14
Computer Crime ² Software Piracy
� Sof tware piracy ± the illegal copying of sof tware programs ± is the biggest legalissue affecting the computer industry.
� Piracy is of greatest concern to developers of commercial sof tware, orprograms that must be purchased before using.
� Piracy is less of a concern for shareware makers, whose programs must be
registered but not always purchased.
� Piracy is not a concern for freeware, which is sof tware that can be freely distributed by anyone.
Various forms of copy protection have been used to discourage piracy,including:
� Installation diskettes that record the number of times the sof tware is installed.
� Hardware locks, without which the program cannot f unction.
� Passwords, serial numbers, or other codes required for installation.
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 15/26
15
Computer Viruses ² Categories of Viruses
Boot sector viruses Self-encrypting viruses
Cluster viruses Self-changing viruses
File-infecting viruses Stealth viruses
Worms Macro viruses
Bombs Joke programs
Trojan Horses Bimodal virusesPolymorphic viruses Bipartite viruses
Self-garbling viruses Multipartite viruses
E-mail viruses Macro viruses
A virus is a parasitic program that infects another program (the host). Most viruses fall into thefollowing categories:
Viruses are spread in several ways. The most common are:
�R eceiving an infected disk.
�Downloading an infected executable file from a network or the Internet.�Copying a document file that is infected with a macro virus.
To avoid viruses, you should:
�Treat all disks as though they are infected.
�Install an antivirus program and keep its virus definitions (database of virus information) up to date.
�R un your antivirus program regularly.
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 16/26
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 17/26
17
Network Security
� Classic properties of secure systems:± Conf identiality
± Encrypt message so only sender and receiver can understand it.
± Authentication± Both sender and receiver need to verif y the identity of the other party in a
communication: are you really who you claim to be?± Authorization
± Does a party with a verif ied identity have permission to access (r /w /x /«)information? Gets into access control policies.
± Integrity± During a communication, can both sender and receiver detect whether a
message has been altered?± Non-Repudiation
± Originator of a communication can¶ t deny later that the communicationnever took place
± Availability± Guaranteeing access to legitimate users. Prevention of Denial-of-Service(DOS) attacks.
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 18/26
18
Cryptography
� Encryption algorithm also called a cipher
� Cryptography has evolved so that modernencryption and decryption use secret keys� Only have to protect the keys! => Key distribution
problem� Cryptographic algorithms can be openly published
Encryption Decryption plaintext ciphertext plaintext
Encryption Decryption plaintext ciphertext plaintext
Key K A
Key K B
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 19/26
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 20/26
20
Cryptography
� Cryptanalysis ± Type of attacks:± Brute force: try every key
± Ciphertext-only attack:
± Attacker knows ciphertext of several messages encrypted with same key (but doesn¶ t know plaintext).
± Possible to recover plaintext (also possible to deduce key) by looking at frequency of ciphertext letters
± Known-plaintext attack:
± Attacker observes pairs of plaintext/ciphertext encrypted with same key.
± Possible to deduce key and /or devise algorithm to decrypt ciphertext.
± Chosen-plaintext attack:
± Attacker can choose the plaintext and look at the paired ciphertext.
± Attacker has more control than known-plaintext attack and may be able to gain more infoabout key
± Adaptive Chosen-Plaintext attack:
± Attacker chooses a series of plaintexts, basing the next plaintext on the result of previous encryption
± Differential cryptanalysis ± very powerf ul attacking tool But DES is resistant to it
� Cryptanalysis attacks of ten exploit the redundancy of natural language
± Lossless compression before encryption removes redundancy
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 21/26
21
Principle of Confusion and Diffusion
� Terms courtesy of Claude Shannon, father ofInformation Theory
� ´Confusionµ = Substitution� a -> b� Caesar cipher
� ´Diffusionµ = Transposition or Permutation� abcd -> dacb� DES
Encryption Decryption plaintext ciphertext plaintext
Key K A Key K B
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 22/26
22
Principle of Confusion and Diffusion
� Modern substitution ciphers take in N bits andsubstitute N bits using lookup table: called S-
Boxes
� ´Confusionµ : a classical Substitution Cipher
� Cryptographers often think in terms of theplaintext alphabet as being the alphabet used towrite the original message, and the cipher text
alphabet as being the letters that are substituted inplace of the plain letters. A cipher is the name givento any form of cryptographic substitution, in whicheach letter is replaced by another letter or symbol.
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 23/26
23
Caesar Cipher
According to Suetonius, Caesar simply replaced each letter in a message withthe letter that is three places further down the alphabet.
As shown below, it is clear to see that the cipher text alphabet has beenshifted by three places. Hence this form of substitution is often called theCaesar Shift Cipher.
Courtesy:
Andreas
Steffen
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 24/26
24
Pigpen Cipher
Plain
Text : I Love
Computer Science
Cipher text :
The Pigpen Cipher was used by Freemasons in the 18th Century to keep theirrecords private. The cipher does not substitute one letter for another; ratherit substitutes each letter for a symbol. The alphabet is written in the grids shown, and then each letter is enciphered by replacing it with a symbol that corresponds to the portion of the pigpen grid that contains the letter. Forexample:
8/6/2019 Lecture on SWEC and Computer Security
http://slidepdf.com/reader/full/lecture-on-swec-and-computer-security 25/26
25
Principle of Confusion and Diffusion
� ´Diffusionµ : a classical Transposition cipher
� modern Transposition ciphers take in N bits andpermute using lookup table : called P-Boxes
Courtesy:
AndreasSteffen