Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.

of 28/28
Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319
  • date post

    17-Jan-2016
  • Category

    Documents

  • view

    212
  • download

    0

Embed Size (px)

Transcript of Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.

PowerPoint Presentation

Security Architecture and DesignChapter 4Part 1Pages 297 to 319

Bugs and FlawsSecurity BugVulnerability in the softwareSecurity FlawVulnerability in the architecture or designAbout 50%-50%Todays EnvironmentSecurity bug and flaws account for the majority of compromisesWe are better at protecting the perimeter with Firewalls, IPS, etc.More demands for functionality has made software more complexAs complexity increases security decreasesApproachesBake Security In from the startFrom Architecture to Design to Implementation to TestingCorrect approachBolt Security on at the endOften not enough timeMuch harder to doSecurityThe security that a product provides must be evaluated based upon the availability, integrity, and confidentiality that it claims to provide.Need to really understand how technology works to determine the proper level of security that is truly in place.Waterfall ModelArchitect the systemWrite Specification RequirementsDesignImplement = codeTestDeploySystem ArchitectureConceptually understand the system structure and behavior and its relationship to its environmentOutline the main goals the system must achieveBig picture

System ArchitectureArchitectural Description for a software intensive systemISO/IEC/IEEEE 42010Security needs to be considered while architecting the system

StakeholderStakeholder Individual, team, or organization with interest in the systemView representation of the system from a particular perspectiveThe architect needs to capture the goals that the system is supposed to accomplish for each stakeholder.

Computer ArchitectureComputer hardwareOperating systemNetworkComputers

BusesMost systems today have 64-bit address and data busesCPU

RegistersPC (Program Counter) address of next instructionGeneral Registers Hold dataSpecial RegistersSP (Stack pointer)PSW (Program Status Word)Bit of negative result Bit for Zero resultPSWBit for modeUser mode (where applications run)Privileged (Kernel, Supervisor) mode for Operating SystemI/OStack PointerLocal VariablesReturn AddressParametersLocal VariableReturn AddressParameters

Multicore Processor

Multiprocessing (See page 311)

ProcessProgram loaded in memoryMultiprogramming OS more than one process (program) can be loaded in memory (See page 319)Preemptive multitasking time sharingFigure 4-6 on Page 314

Process Table

InterruptsTimerDevice When a device needs to communicate with the CPU Disk completed I/O operationInterrupts

ThreadsInstructions generated by a process when it has a specific activity that needs to be carried out by the operating system.Microsoft WordOpen a filePrint a documentSave a fileMulithreading

Code Injection AttackAttacker injects instructions into a running process.Keylogger, send out malware, If running at privilege modeOWASP Top Tenhttps://www.owasp.org/index.php/Top_10_2013-Top_10A9 Using Components with Known VulnerabilitiesProcess SchedulingResponsibility of the operating systemProcess prioritiesLow priority background processHigh priority process hogging the system resourcesDenial of Services attackSoftware DeadlockA has resources 1 and requests 2B has resource 2 and requests 1