SEG4110 - Advanced Software Design and Reengineering TOPIC M Secure Software Development Security: A combination of factors Dependability The software runs as intended under all circumstances, even when under attack Trustworthiness The software contains no vulnerabilities that can be exploited by an attacker Survivability Resists attacks (protects itself from them actively) Tolerates attacks (continues to provide service while being attacked)
Recovers from attacks, that it wasnt able to resist or tolerate, as quickly as possible and with as little damage as possible SEG4110 - Topic M - Secure Software Development 2 General types of attacks Unauthorized access or interception E.g. to steal data, identity or money, modify data, etc. Overstepping authority (accidental or on purpose) A legitimate user does things they shouldnt Adding a payload Inserting viruses, spyware, bots, etc. Vandalism and corruption Making a system not appear or behave as it should Spoofing
Redirecting legitimate users to an illegitimate place Denial of service Overloading network or computational resources so legitimate users cant use the system SEG4110 - Topic M - Secure Software Development 3 Motivations of attackers Financial gain E.g. cracking into bank accounts E.g. theft of identities that can be sold Achieving personal objectives E.g. granting oneself a pilots license E.g. Building a collection of pirated movies Fun, entertainment, challenge or bragging rights Revenge / anger / hatred
Political / military private, radical group or state sponsored SEG4110 - Topic M - Secure Software Development 4 Some thoughts on attack frequency A significant proportion of successful attacks are by insiders E.g. employees committing fraud Physical security can be breached Watching password entry over-the-shoulder, reading written passwords, accessing the physical disk or RAM, bypassing the network Much attacking today is automated: Botnets Attackers may try millions of random attacks until they find a weak link
They will only keep attacking one target if is is extremely valuable SEG4110 - Topic M - Secure Software Development 5 Systems thinking A system is only as secure as its weakest link Often this is the Operating system Reused components Network Human Paper records Hardware So analyse every possible aspect of the system for its impact on security
SEG4110 - Topic M - Secure Software Development 6 Cryptography as one key to security Beware: cryptography is only one tool in security Some people assume it is the only or main tool Private key cryptography Sender and recipient know the secret key and algorithm Public key cryptography You encrypt using the public key published by the recipient The result can only be decrypted using a mathematically related private key Cracking relies on factoring extraordinarily large numbers Infeasible to to this quickly, although often can be done The more bits in the key, the more computer power needed SEG4110 - Topic M - Secure Software Development
7 Attacks on cryptographically protected systems - 1 On-line If the key is related to a human-created non-random password, then try common password choices Dictionary words (dictionary attacks) Passwords the user has used on other systems Off-line Getting a sample of the data and using a dedicated computer to algorithmically try combinations For a random password and good algorithms, an attack has to be exhaustive, making it very hard SEG4110 - Topic M - Secure Software Development
8 Attacks on cryptographically protected systems - 2 Social engineering Tricking someone to reveal a key (e.g. phishing) Weak password-resetting protocols Man-in-the-middle Inserting software that will relay cryptographic keys before they are used Keystroke logging SEG4110 - Topic M - Secure Software Development 9 Attacks on cryptographically protected
systems - 3 There are many hackers tools available on the Internet E.g. for doing dictionary attacks Try these against your own system to see how secure it will be SEG4110 - Topic M - Secure Software Development 10 Secure passwords - 1 Note that a password is rarely as secure as the number of bits in a cryptographic key Not as long Not as random Nevertheless encourage / require users to use Longer passwords (8+ characters)
Combination of character types Lower/upper case, numbers, special characters Minimal duplicate characters No password similar to a recently used password Not containing dictionary words Password managers should be allowed SEG4110 - Topic M - Secure Software Development 11 Secure passwords - 2 Back up password protection with other schemes Two-factor authentication Slow then block access after multiple failed attempts Detect and prevent automated entry e.g. very quick response to prompt Add extra checks when access comes from unexpected
place or time Non-normal IP address range Late at night Check ability to answer pre-saved questions But beware of those that reveal personal information CAPTCHAS SEG4110 - Topic M - Secure Software Development 12 Biometrics Various types based on recognition of Fingerprints Irises Palm pattern Face Voice
Signature All have some risk of false positive and false negative Should be backed up by other schemes for critical applications SEG4110 - Topic M - Secure Software Development 13 Hardware devices: The good and the bad Devices to increase security Devices with smart chips such as smart cards or USB dongles Physical presence of device lends credence to authenticity But they can be stolen, so they should not be fully relied on Risks from devices
E.g. USB keys or disks that harbor viruses SEG4110 - Topic M - Secure Software Development 14 Principles to increase security - 1 Understand the motivations and methods of attackers Avoid the most common design and coding mistakes Discussed later The more benefit for the attacker, the more capable an attacker to expect So invest more in security when stakes are higher Increase the expense of attacking E.g. ensure it take more time by using more bits in cryptographic keys SEG4110 - Topic M - Secure Software Development
15 Principles to increase security - 2 Increase attacker uncertainty Hide and randomize names and locations of resources Obfuscation Avoid clear feedback that could give clues to an attacker about whether they are succeeding or not Use honeypots Targets that take work to attack, look as though they have valuables, but are fake Isolate from network if possible, or make invisible on network SEG4110 - Topic M - Secure Software Development 16
Principles to increase security - 3 Incorporate adequate monitoring and logging so attacks can be detected, tracked and forensically analysed Limit and control the number of legitimate users as long as this doesnt impact ability to do business Grant only needed privileges to users Principle of least privilege Information access on need to know basis Have unused privileges expire Ensure users know acceptable and unacceptable practice SEG4110 - Topic M - Secure Software Development 17 Principles to increase security - 4 Make secure practices usable
Balance requirements and risks Requirement to use strong passwords Requirement to change passwords Requirement to use different passwords on each system vs Risk that people will write down passwords Automatically dispose of data that is no longer needed The more retained data, the more loss in case of a breach and the more attractive to attackers SEG4110 - Topic M - Secure Software Development 18 Principles to increase security - 5 Secure both software and IT infrastructure
Examples of securing IT infrastructure Require laptops (or all computers) to have data on board encrypted at all times Use call home tools to track stolen computers Force maximum use of anti-virus software and firewalls For guest use of wireless network, have time-limited individual accounts on a separate subnet Disallow arbitrary software installation For critical equipment, disallowattachment of removable media Automatically patch all machines SEG4110 - Topic M - Secure Software Development 19 Principles to increase security - 6 Close unneeded TCP ports
- (but ensure needs are understood) Deploy a VPN for access to network Back up vigorously, but secure the backups Update cryptographic and other techniques as vulnerabilities are revealed - E.g. avoid WEP on a wireless network Force new systems to have the securest settings enabled Use sandboxes and virtualization to contain security breaches Securely erase / destroy old systems Constantly monitor for intrusion Employ an IT security officer SEG4110 - Topic M - Secure Software Development 20
OWASP Top 10 https://www.owasp.org/index.php/Top_10_2013-Top_10 Updated every 3 years Injection flaws Broken authentication
Cross-site scripting Direct object references (making internal implementation visible) Security misconfiguration Sensitive data exposure Missing server-level access control Cross-site request forgery Components with known vulnerabilities Improper redirection SEG4110 - Topic M - Secure Software Development 21 Similar: The CWE/SANS Most Dangerous Programming Errors Reference: http://www.sans.org/top25errors/ CATEGORY: Insecure Interaction Between Components Improper Input Validation
E.g. allowing arbitrary html to be entered E.g. allowing violation of input constraints Improper Encoding or Escaping of Output E.g. hackers may be able to get one system to output a command that will be executed by another Failure to Preserve SQL Query Structure (aka 'SQL Injection') E.g. a data string that ends an insert, followed by Delete table Failure to Preserve Web Page Structure (aka 'Cross-site Scripting') E.g. Allowing a script from an arbitrary linked site to change contents from your site SEG4110 - Topic M - Secure Software Development 22 The Most Dangerous Programming Errors 2 Failure to Preserve OS Command Structure 'OS Command Injection
Cleartext Transmission of Sensitive Information Cross-Site Request Forgery (CSRF) It looks to a server that the request is coming from a page it served Race Condition Applications behave unpredictably, giving hackers information Error Message Information Leak SEG4110 - Topic M - Secure Software Development 23 The Most Dangerous Programming Errors 3 CATEGORY: Risky Resource Management Failure to Constrain Operations within the Bounds of a Memory Buffer
AKA Buffer Overflow Errors External Control of Critical State Data E.g. cookies, files, etc. that can be manipulated by a hacker External Control of File Name or Path E.g. If the hacker gets to choose a file name he can type ../ to walk up the directory hierarchy Untrusted Search Path The application goes to a location of the hackers choosing instead of where intended SEG4110 - Topic M - Secure Software Development 24 The Most Dangerous Programming Errors 4 Failure to Control Generation of Code 'Code Injection'
Many apps generate & execute their own code Download of Code Without Integrity Check The hackers code gets downloaded instead Improper Resource Shutdown or Release E.g. a file is left open, then accessed by a hacker Improper Initialization A hacker may be able to initialize for you, or see data from a previous use Incorrect Calculation Hackers take control of inputs used in numeric calculation SEG4110 - Topic M - Secure Software Development 25 The Most Dangerous Programming Errors 5 CATEGORY: Porous Defenses
Improper Access Control (Authorization) Use of a Broken or Risky Cryptographic Algorithm E.g. WEP Hard-Coded Password Insecure Permission Assignment for Critical Resource Use of Insufficiently Random Values Execution with Unnecessary Privileges Client-Side Enforcement of Server-Side Security SEG4110 - Topic M - Secure Software Development 26 Security in the software lifecycle Requirements Ensure security needs are identified and quantified Threat and risk analysis
Formal specification of security properties Design Follow proper design practices Testing and quality assurance Rigorously inspect and test all security mechanisms Employ people to act as hackers to try to break system Deployment Ensure safeguards are properly installed and put into use Evolution Adapt as new threats become known SEG4110 - Topic M - Secure Software Development 27 Privacy: A related but distinct issue To protect privacy
Secure personal information about customers, users, employees, etc. Identification data, phone numbers, addresses, account numbers, data of birth, etc. Only gather the minimal information needed Also important for security Delete the information when not needed Also important for security Ensure the user has a right to Know what information is gathered Know what use it is to be put to Review it, change it and delete it as needed Only use the information for the stated purpose Follow all privacy laws, e.g. PIPEDA SEG4110 - Topic M - Secure Software Development 28
A useful web site on security From the US government: Build security in https://buildsecurityin.us-cert.gov/daisy/bsi/547-BSI .html SEG4110 - Topic M - Secure Software Development 29
Richard Chung, M.D., VP for Care Management, Medical Director for Care Management. [email protected] 808-948-5672. Stacy Breidenstein Director of Provider Relations & Professional Contracting Peggy Reineking, Manager of Provider Analysis & Performance-based Programs. [email protected][email protected]
TEAMWORK, MOTIVATION, AND LEADERSHIP Author: Megan Tighe Last modified by ... Wingdings Tahoma 1_Template Eclipse Chapter 11 Slide 2 OBJECTIVES MOTIVATION TALK IT OUT Slide 6 MOTIVATION MOTIVATION LEADERSHIP LEADERSHIP TALK IT OUT LEADERSHIP BECOMING A LEADER TEAMS AND PERFORMANCE...
Site Web sur l'AQ de l'AUCC Comme il est nécessaire de diffuser de façon proactive de l'information sur l'approche canadienne en matière d'assurance de la qualité (AQ), l'AUCC a mis sur pied un groupe de travail dont le mandat consiste...
to recrystallize into a new mineral. Hydrothermal Solutions. Water solutions that surround mineral grains aid in recrystallization by making it easier for ions to move. Hot, watery solution that escapes from a mass of magma during the later stages of...
COGNITIVE SCIENCE 17 The Electric Brain Part 1 Jaime A. Pineda, Ph.D. Other important factors Specific protein channels Na+, K+, Cl-, Ca++ Selective permeability of channels leaky channels K+ > Cl- > Na+ Sodium-potassium pump Graded Potentials Depolarization (EPSP) Vm...
Ready to download the document? Go ahead and hit continue!