reducing software security risk through an integrated approach
TRANSCRIPT
![Page 1: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/1.jpg)
Reducing Software Security Risk (RSSR)
David Gilliam, John PowellCalifornia Institute of Technology,Jet Propulsion Laboratory
Matt Bishop University of California at Davis
California Institute of Technology, Jet Propulsion Lab
![Page 2: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/2.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 2
Software Security Checklist (SSC)
NOTE: This research was carried out at the Jet
Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration
The work was sponsored by the NASA Office of Safety and Mission Assurance under the Software Assurance Research Program lead by the NASA Software IV&V Facility
This activity is managed locally at JPL through the Assurance and Technology Program Office
![Page 3: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/3.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 3
Agenda
Collaborators Goal Problem Software Security Assessment
Instrument (SSAI) Model Checking: Flexible Modeling
Framework Software Security Checklist (SSC)
![Page 4: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/4.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 4
Current Collaborators
David Gilliam – Principle Investigator, JPL John Powell Tom Wolfe Matt Bishop – Associate Professor of
Computer Science, University of California at Davis
http://rssr.jpl.nasa.gov
![Page 5: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/5.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 5
Agenda
Collaborators Goal Problem Software Security Assessment
Instrument (SSAI) Model Checking: Flexible Modeling
Framework Software Security Checklist (SSC)
![Page 6: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/6.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 6
Goal
Reduce security risk to the computing environment by mitigating vulnerabilities in the software development and maintenance life cycles
Provide an instrument and tools to help avoid vulnerabilities and exposures in software
To aid in complying with security requirements and best practices
![Page 7: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/7.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 7
Agenda
Collaborators Goal Problem Software Security Assessment
Instrument (SSAI) Model Checking: Flexible Modeling
Framework Software Security Checklist (SSC)
![Page 8: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/8.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 8
Problem
Lack of Experts: Brooks – “No Silver Bullet” is still valid (IEEE Software Engineering, 1987)
Poor Security Requirements Poor System Engineering
Leads to poor design, coding, and testing Cycle of Penetrate and Patch Piecemeal Approach to Security
Assurance
![Page 9: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/9.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 9
Agenda
Collaborators Goal Problem Software Security Assessment
Instrument (SSAI) Model Checking: Flexible Modeling
Framework Software Security Checklist (SSC)
![Page 10: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/10.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 10
Software Security Assessment Instrument (SSAI)
Software Security Checklist (SSC)Software Life CycleExternal Release of Software
Vulnerability Matrix (VMatrix)List and Ranking of VulnerabilitiesVulnerability PropertiesClassification of Types of VulnerabilitiesList Maintained by UC Davis
![Page 11: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/11.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 11
SSAI (Cont.)
Model-Based Verification (MBV) and a Flexible Modeling Framework (FMF)SPIN Model Checker and PromelaFMF Developed to Address State Space
Property-Based Tester (PBT)Tests Source Code for JAVA, C, and C++Verifier to ensure security property violations
have not been re-introduced in coding
![Page 12: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/12.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 12
SSAI (Cont.)
Security Assessment Tool’s (SAT’s)List of Tools and Purpose of EachAlternate Tools and Sites to Obtain Them
![Page 13: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/13.jpg)
Reducing Software Security Risk Through an Integrated Approach
Software Component Relationships
C 1 C 2 C 3 C 4
And_1 And_2
Safe Unsafe
Vmatrix
PBT
MC
Attacks not in the wild
D iscovered a ttacks not been seen in the wild Known attacks for Vmatrix / PBT Libaries
Technology Integration
• Software Vulnerabilities Expose IT Systems and Infrastructure to Security Risks
• Goal: Reduce Security Risk in Software and Protect IT Systems, Data, and Infrastructure
•Security Training for System Engineers and Developers
•Software Security Checklist for end-to-end life cycle
•Software Security Assessment Instrument (SSAI)
•Security Instrument Includes:
•Security Checklist
•Vulnerability Matrix
•Property-Based Testing
•Model-Based Verification
•Collection of security tools
NASA
![Page 14: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/14.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 14
Agenda
Collaborators Goal Problem Software Security Assessment
Instrument (SSAI) Model Checking: Flexible Modeling
Framework Software Security Checklist (SSC)
![Page 15: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/15.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 15
Model Checking: Flexible Modeling Framework (cont.)
MC with FMF Benefits Software Early in its LifecycleEarlier Discovery of Software ErrorsCorrection is easier / better / less expensive
FMF must adapt to early lifecycle eventsRapidly changing requirements and designsVarying / Increasing levels of detail defined
for different parts of the system
![Page 16: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/16.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 16
Model Checking: Flexible Modeling FrameworkCollection of
Model Components
Model Checker
Component Combiner
Each Individual Component
Uni
que
Com
pone
nt
Com
bina
tion
s
If Combination State Space is
too Large
NoYes
MCCT
Implicit Explicit
Heuristic Propagation of Results
Updated Component
Com
bin
ations C
ontain
ing
![Page 17: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/17.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 17
Agenda
Collaborators Goal Problem Security & the Software Life Cycle Software Security Assessment
Instrument (SSAI) Software Security Checklist (SSC) Final Notes
![Page 18: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/18.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 18
Software Security Checklist (SSC)
Two PhasesPhase 1:
Provide instrument to integrate security as a formal approach to the software life cycle
Requirements Driven
Phase 2: External Release of Software Release Process
![Page 19: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/19.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 19
SSC (Cont.)
Phase 1:Pre-Requirements
Understand the Problem and ScopeRequirements Gathering and Elicitation
Be Aware of Applicable Requirements Documents
Provide Trace to External Requirements DocsSecurity Risk Assessment
NPG 7120.5B – Project Life Cycle document Potential Integration with DDP Tool
V&V Tools Available for Software Life Cycle
![Page 20: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/20.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 20
SSC (Cont.)
Phase 2:Release of Software
Areas for Protection: Protect People Protect ITAR and EAR Protect Trade Secrets – Patents Protect Organizational Resources
Considerations Insecure Subsystem Calls Embedded IP Addresses or Phone Numbers
Delivered to Code R Draft Checklist
![Page 21: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/21.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 21
SSC (Cont.) Project Life Cycle Approach
Security Requirements Stakeholders Federal, State, Local Requirements NASA Requirements and Guidelines
Design, Development, TestMaintenance and DecommissioningTools and InstrumentsExpert Center (IV&V) and People to AssistTraining
![Page 22: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/22.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 22
SSC Tools
Review Source Code Review File Calls Review Library Calls Check Subroutine Calls in Binaries
Provided Perl ScriptsSystem and Programming Tools
![Page 23: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/23.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 23
Agenda
Collaborators Goal Problem Security & the Software Life Cycle Software Security Assessment
Instrument (SSAI) Software Security Checklist (SSC) Final Notes
![Page 24: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/24.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 24
Final Notes
Womb-to-Tomb ProcessMust Coincide with Organizational Polices
and RequirementsNotification to Users and Functional Areas
when Software or Systems De-Commissioned
Regression Test on Decommissioning Re-Verify Security on Decommissioning
![Page 25: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/25.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 25
Final Notes (Cont.)
Return on Investment (ROI)Enhanced or Non-Loss of NASA ImageMaintenance Costs Decrease
![Page 26: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/26.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 26
Note on Future Work
Training Course for SSC and Use of Security Assessment Tools
Experts and Expert Center Available to Assist with the Instrument and Tools
Integrate with Deep Space Mission Systems (DSMS) Verifying SSL Potential to Verify Space Link Extension (SLE)
Protocol Developing an Approach to Project Life Cycle
Security Risk Assessment at JPL
![Page 27: Reducing Software Security Risk Through an Integrated Approach](https://reader033.vdocuments.mx/reader033/viewer/2022052900/5561a4b8d8b42ae9708b4aec/html5/thumbnails/27.jpg)
June 8, 2003 David Gilliam & John Powell - JPL, Caltech. 27
David Gilliam
JPL
400 Oak Grove Dr., MS 144-210
Pasadena, CA 91109
Phone: (818) 354-0900 FAX: (818) 393-1377
Email: [email protected]
John Powell
MS 125-233
Phone: (818) 393-1377
Email: [email protected]
Website: http://rssr.jpl.nasa.gov/
FOR MORE INFO...