Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.

Chapter 12 Dependability and Security Specification

1

S

Chapter 14 – Security

Engineering1


2

Threat Types

Interception May be hard to detect

Interruption Denial of service

Modification

Fabrication


3

Levels of Attack

Levels Application Infrastructure

OS Database Web server Network GUI

Attack on infrastructure may be more likely Better known vulnerabilities


4

Design Guidelines

#1 Base security decisions on an explicit security policy Stated, overall goal (what, not how) Examples

Only physicians registered with system can view data Only creator of a record can modify it All transactions must be logged


5

Design Guidelines

#2 Avoid single point of failure Single Point of Failure: One aspect of a system that if it

were to fail, the entire system would be fail. Examples / solutions

Database (if only one server) – mirrored site Web server (if only one server) – redundant server Data records loss – keep log so that data can be recreated

Layered protection (“defense in depth”0 Like multiple protections of a house Passwords: login, password, IP, biometrics,…


6

Design Guidelines

#3 Fail securely – If there is a failure, resulting condition should not be less secure

Example: Failure to find a file in a web directory - you need to

block browsing of web directories Reboot OS in “safe mode” – you still need to require

logon to access data, functionality


7

Design Guidelines

#4 Balance security and usability

Example: Excessively difficult password systems will force

users to document them (on sticky notes, text files…)


8

Design Guidelines

#5 Log user actions

Example: Track logon attempts, including passwords, IP

address – if analyzed can lead to attacker Track who attempts to change data (but is denied)


9

Design Guidelines

#6 Use redundancy and diversity to reduce risk

Example: Redundancy – second copy of web site, database, Diversity – different version of software


10

Design Guidelines

#7 Validate all inputs

SQL Injection – response to a form field that, when inserted into an SQL command can cause undesired actions in the database Command:

Select * from Users where id=‘xxxx’ Field:

1’ ; DROP TABLE users; select ‘a Solution: escape string


11

Design Guidelines

#8 Compartmentalize assets

Example: Voter targeting stem:

All clients could have accessed same database, tables. This was separated into separate database per

customer


12

Design Guidelines

#9 Design for deployment – plan for clear configuration

Example: Software inside of a wireless router (Airport Express)

Default security mode Default DHCP ranges Default network names


13

Design Guidelines

#10 Design for recoverability

Steps Features to view all configuration Minimize default privileges

Require intentional setting Localize configuration settings

(Not everywhere in system) Provide easy ways to fix vulnerabilities

Software update mechanisms Auto check for updates


14

Design Guidelines

#11 – Limit menus, options to only what user has permissions for


15

Survivability

Ability to continue to deliver service even if under attack


16

Survivability Strategies

Resistance

Recognition

Recovery


17

Activity

Discuss what you would do to address the guidelines discussed tonight

Systems Facebook Healthcare management system School grade records system


18

Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.

Documents

Transcript of Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.