software security requirementseprints.leedsbeckett.ac.uk/6416/6/keynoteon...should be build security...
TRANSCRIPT
![Page 1: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/1.jpg)
Citation:Ramachandran, M (2015) Keynote on Software Security Requirements Engineering : State of theArt. In: 10th International Conference on Global Security, Safety & Sustainability, 15 September - 17September 2015, London. (Unpublished)
Link to Leeds Beckett Repository record:http://eprints.leedsbeckett.ac.uk/6416/
Document Version:Conference or Workshop Item
The aim of the Leeds Beckett Repository is to provide open access to our research, as required byfunder policies and permitted by publishers and copyright law.
The Leeds Beckett repository holds a wide range of publications, each of which has beenchecked for copyright and the relevant embargo period has been applied by the Research Servicesteam.
We operate on a standard take-down policy. If you are the author or publisher of an outputand you would like it removed from the repository, please contact us and we will investigate on acase-by-case basis.
Each thesis in the repository has been cleared where necessary by the author for third partycopyright. If you would like a thesis to be removed from the repository or believe there is an issuewith copyright, please contact us on [email protected] and we will investigate on acase-by-case basis.
![Page 2: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/2.jpg)
Software Security Requirements Engineering: State of the Art
Principal LecturerHead of Software Engineering Research
School of Computing, Creative Technologies and EngineeringLeeds Beckett University
Leeds LS6 3QS UKEmail: [email protected]
www.leedsbeckett.ac.ukResearch Projects
www.soft-research.com
Muthu Ramachandran MSc MTech PhD FBCS SFHEA MIEEE MACM
Keynote Talk 16th September 2015 ICGS3, London
![Page 3: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/3.jpg)
∗Why Software Security Engineering?∗ Software Security RE: Concepts, Definitions &
Perspectives∗Design For Software Security: A Unique
Chapter in My book∗ SSRE Processes∗ Software Security Requirements Process
Simulation with OPNET & BPMN∗ Conclusion & Questions
21/05/20152
Outline
![Page 4: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/4.jpg)
21/05/20153
![Page 5: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/5.jpg)
21/05/20154
![Page 6: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/6.jpg)
21/05/20155
Committing to secure SDLC way of showing our gratitude and thankfulness to our consumers
![Page 7: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/7.jpg)
21/05/20156
Personal details of up to 2.4 million CarphoneWarehouse customers may have been accessed in a cyber-attack, the mobile phone retailer says.
http://www.bbc.co.uk/news/uk-33835185
Cyber-attack on 8th August 2015
![Page 8: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/8.jpg)
Why Research into Software Security?
21/05/20157
NASA link to Avvaiyar from 4th Century
What we have discovered is only a handful on cyber-attacks and software vulnerabilities
My Personal Moto Learned from childhood : As Avvaiyar (a Tamil Lady poet from 1st-2nd Century of C.E (roughly 2000 years ago Common Era or A.D) wrote (wikipedia ):
"Katrathu Kai Mann Alavu, Kallathathu Ulagalavu"
meaning roughly "What you have learned is only a handful; What you haven't learned is the size of the world"
79.1
71.165.1
58.1
Annual Spending on Information Security in Billion
Dollars Worldwide
2015201420132012
http://www.gartner.com/newsroom/id/2828722
![Page 9: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/9.jpg)
Known Vulnerabilities: A History of Knowledge
21/05/20158
0
200
400
600
800
1000
1200
1400
1600
Firefox Chrome Internet Explorer
Num
ber o
f vul
nera
biite
s
Browers
Total number of vulnerabilities in browsers
Firefox
Chrome
Internet Explorer
![Page 10: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/10.jpg)
21/05/20159
![Page 11: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/11.jpg)
21/05/201510
![Page 12: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/12.jpg)
21/05/201511
![Page 13: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/13.jpg)
What is Security?
21/05/201512
![Page 14: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/14.jpg)
Classical Security Triangle
21/05/201513
We need include socio-technical perspective and trust in the current and emerging technologies
![Page 15: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/15.jpg)
Software Security vs Computer Security vsInformation Security
21/05/201514
• Software Engineering has established techniques, methods and technology over two decades.
• However, due to the lack of understanding of software security vulnerabilities, we have not been so successful in applying software engineering principles when developing secure software systems.
• Security can’t be just added later to a delivered product
![Page 16: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/16.jpg)
Why Security RE?
21/05/201515
Distinction between functional and service requirements vs quality requirements such as Security
![Page 17: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/17.jpg)
Trust and resiliency model for software security
21/05/201516
Techniques Knowledge Verification
TRUST
Experience & continuity
Software security Software safety Availability
ReliabilityUsabilityPrivacy
Wee need to include trust modelling (relationships and agreements) and resilient computing (survivability modelling)
![Page 18: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/18.jpg)
21/05/201517
![Page 19: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/19.jpg)
Design For Software Security
21/05/201518
Security RE & architecturalproperties and features
Design properties:CorrectnessPredictabilityReliabilitySafetyDependability
Attack
Patterns
Software security properties:
IntegrityAvailabilityAccountabilityNon-repudiationConfidentiality
Secured Software Systems
Build Security In (BSI) Software components, interfaces, exception handlers for software security attack patterns
![Page 20: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/20.jpg)
Build Security In (BSI) Component Model: Independent and Pluggable to Any Applications
21/05/201519
cmp
IAuthenticationIAuthorization
IEncryptionISignature IKeyManagement
IUserManagement
ITLS
ILogService
IInteroperablity
Security Serv ices
IAuthenticationIAuthorization
IEncryptionISignature IKeyManagement
IUserManagement
ITLS
ILogService
IInteroperablity
An example of design for software security
![Page 21: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/21.jpg)
Automated Secure Code Improvement
21/05/201520
Language-Specific security Assessor
Code/Components/Systems
Language and best practice coding knowledge
Domain-specific knowledge
Domain Classifier
Security Improvement
Software Engineer & Software security experts
Software Security analysis
Software Security advice
![Page 22: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/22.jpg)
21/05/201521
![Page 23: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/23.jpg)
Traditional RE Process
21/05/201522
![Page 24: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/24.jpg)
Requirements Classification
21/05/201523
B2B, B2C, C2CService requirementsGovernance Requirements
Industry strategiesOpportunities
Competitors
Application systemsDynamic scalingInfrastructure service security
Business Assets
Service Security, availability, resiliency
Enterprise Requirements Frameworkguidelines
Customer Requirements
Investment Analysis
Market Analysis
![Page 25: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/25.jpg)
∗ Eliciting and extracting requirements for software security explicitly with visual notations
∗ Prioritising software security requirements∗ Risk assessment and mitigation for software security
requirements∗ Use security modelling techniques Tropos, MS Threat
Modelling, Attack Tree, Attack Patterns∗ Design and implement software security requirements∗ Providing SDLC life-cycle support
21/05/201524
Best Practices SSRE
![Page 26: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/26.jpg)
Secure SDLC Touchpoints
21/05/201525
SDLC security touchpoints (Allen et al 2008, p248)
UMLsecAttack Tree
Thread Model
Tropos
![Page 27: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/27.jpg)
Threat Modelling Process
21/05/201526
Identify and list all critical assets
Identify existing safeguardsUnderstand the systemInterview stakeholders
Identify possible points of attack
Decompose the system to be assessed
Use any modellingtool to decompose the system
Identify critical assets
Information gathering
Categorise& prioritisethreats
Identify attack points and designate trust boundaries
Identify threats
Identify actions to be taken & implement
Mitigate
Identify threats in each attack points & also identify conditions that must exist for an attack to be successful. Use prioritisation matrix
![Page 28: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/28.jpg)
Software Security RE Process
21/05/201527
Requirements Elicitation
Business requirements
Systems Requirements
Functional vs Non-Functional
Requirements
Security & privacy
requirements
Software Security Requirements
Vulnerability Analysis
Assessment
![Page 29: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/29.jpg)
Integrated SSRE Process Validation Tools
21/05/201528
Distributed Systems Security
requirements Elicitation and
Validation
OPNET Simulation
Software Security Requirements
Elicitation & Validation
Allows to validate security requirements
![Page 30: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/30.jpg)
Threat Modeling Framework
Characterizing the
architectureUse
Scenarios, Data Flows,
Trust Boundaries
Identifying Assets
according to their
sensitivity
Threat Enumeration
STRIDE approach,
Attack trees
Mitigation (cost)
Accept risk, redesign, use
unique or standard
mitigation
Validating the Threat
Model
Risk Reduction
Policy
Threatclassification:
Impact assessement,
DREAD, Sample FailureMode Analysis
Matrix
![Page 31: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/31.jpg)
Amazon EC2 Architectural Simulation
1
4
3 2
![Page 32: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/32.jpg)
Results and Analysis
Performance Simulation: Network Load
Queuing Delay DDoS Attck
Scenario Simulation
EC2 Server UtilizationSimulation
![Page 33: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/33.jpg)
21/05/201532
![Page 34: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/34.jpg)
Cloud service security development process with build in security – Our Systematic Approach to adopt BSI as part of
CCAF
RequirementsEngineering forcloudapplications(services &security)
ConductBPM
IdentifySLAs
Designservicecomponents
Test &Deploy
Cloud servicesecurityrequirements
Cloud businessprocess securityvulnerabilities
SLAssecurityrules andrisks
Cloud servicesecurityspecificcomponents &interfaces
Cloudservicesecuritytesting
Build Cloud Security In – Cloud service development with build-in security
Cloud service development
![Page 35: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/35.jpg)
BPMN Simulation Process
BPMN simulation process consists of a number of cyclic phases as shown in this illustration. BPMN starts with an actor called Client with a small circle notation which sends a message to a process (Data Request with rounded square) which task has been devoted to take action based the request and therefore send a message to the cloud (finishing circle). The second phase is to annotate each element in the process and thirdly to create tasks, assign simulation variables (different types of requests both valid and invalid) to process and tasks with that process. Finally, create messages between elements in the process and run a number of simulations.
![Page 36: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/36.jpg)
Amazon EC2: Large Scale Case Study: Cloud Data Security
![Page 37: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/37.jpg)
Security measures impacts on execution time
The implications of this result show that data security instances execution time can be high when data was constantly in use. On the other hand, the execution time was less than 2 hours if data was not in use.
![Page 38: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/38.jpg)
Integrated secure software development engineering life cycle (IS-SDLC)
21/05/201537
![Page 39: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/39.jpg)
Stakeholders in SSE
21/05/201538
IS-SDLC
Business leaders B2B
Managers
B2C Managers
System engineers
IT Managers
Network and
Internet Specialits
Software Defined Security (SDN) experts
Enterprise security specialist
Software Requirem
ents Engineers
Software Architect
Security Specialits
Software Engineers
Marketing managers
![Page 40: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/40.jpg)
∗ Ramachandran, M (2012) Software Security Engineering: Design and Applications, Nova Science Publishers, New York, USA, 2011, ISBN: 978-1-61470-128-6, https://www.novapublishers.com/catalog/product_info.php?products_id=26331
∗ Ramachandran, M (2014) Advances in Cloud Computing Research, Nova, 2014∗ Ramachandran, M (2013) Business Requirements Engineering for Developing
Cloud Computing Services, Springer, Software Engineering Frameworks for Cloud Computing Paradigm, Mahmood, Z and Saeed, S (eds.), http://www.springer.com/computer/communication+networks/book/978-1-4471-5030-5
∗ Ramachandran, M (2011) Software components for cloud computing architectures and applications, Springer, Mahmmood, Z and Hill, R (eds.).
∗ Ramachandran, M (2014) Enterprise Security Framework for Cloud Data Security, Book chapter "Delivery and Adoption of Cloud Computing Services in Contemporary Organizations, Chang, V (ed.) IGI Global
∗ Ramachandran, M (2008) Software Components: Guidelines and Applications, Nova Science Publishers, New York, USA. ISBN: 978-1-60456-870-7, October/November 2008, https://www.novapublishers.com/catalog/product_info.php?products_id=7577 Pages 410
∗ Ramachandran, M (2011) Knowledge Engineering for Software Development Life Cycles: Support Technologies and Applications, http://www.igi-global.com/bookstore/titledetails.aspx?titleid=46170&detailstype=description
21/05/201539
References
![Page 41: Software Security Requirementseprints.leedsbeckett.ac.uk/6416/6/KeynoteOn...should be Build Security In (BSI) ∗Secure software should continue to operate correctly even under attack](https://reader035.vdocuments.mx/reader035/viewer/2022063009/5fc17ab28634ae15323e95e9/html5/thumbnails/41.jpg)
∗ Security can’t just be added after release instead it should be Build Security In (BSI)
∗ Secure software should continue to operate correctly even under attack
∗ Secure software can recognize attack patterns and avoid or withstand recognized attacks
∗ Secure software must be built-in with known vulnerabilities
∗ Build-In Trust and Resiliency remain a challenge for researchers
Conclusion , Questions & Thank You
21/05/201540