CS 5380 Software Engineering Chapter 11 Dependability and Security.
Software Engineering and Information Security
-
Upload
massimo-felici -
Category
Technology
-
view
701 -
download
1
description
Transcript of Software Engineering and Information Security
Software Engineering and Information Security R&D Perspectives
Massimo Felici
1 Software Engineering and Information Security Massimo Felici © 2012
Overview
• Background and Experience
• Software Engineering and Information Security: Rationale • Complex Application Domain: Air Traffic Management
• Research Perspectives – Requirements
– Risk Analysis
– Design and Validation • Research Considerations
– Research Impact
• Future Research
2 Software Engineering and Information Security Massimo Felici © 2012
Background and Experience
3 Software Engineering and Information Security Massimo Felici © 2012
SOFTWARE ENGINEERING AND INFORMATION SECURITY
Rationale
4 Software Engineering and Information Security Massimo Felici © 2012
Sony Security Cyber Attack • “Sony of Japan revealed that names, addresses, passwords
and possibly credit-card details of 77 million accounts were stolen when hackers gained access to the network it runs in 60 countries for its PlayStation online-gaming system”
[The Economist, Apr 28th 2011]
• “Sony warns of almost 25 million extra user detail theft” [BBC News, 3 May 2011]
5 Software Engineering and Information Security Massimo Felici © 2012
Security Attacks Attacker Types and Techniques Attach Type, Time and Impact
6 Software Engineering and Information Security
[IBM Security Solutions, IBM X-Force® 2011 Mid-year Trend and Risk Report]
Massimo Felici © 2012
Vulnerability Disclosures
[IBM Security Solutions, IBM X-Force® 2011 Mid-year Trend and Risk Report]
7 Software Engineering and Information Security Massimo Felici © 2012
Who should worry? • Security is a concern across different domains and countries
• “An investigation of targeted intrusions into more than 70 global companies, governments, and non-profit organizations during the last five years”
[McAfee, 2011]
8 Software Engineering and Information Security Massimo Felici © 2012
AIR TRAFFIC MANAGEMENT Scenario
9 Software Engineering and Information Security Massimo Felici © 2012
Complex Application Domain • Ongoing developments in the Air Traffic Management domain
• The SESAR (Single European Sky ATM Research) project is the European air traffic control infrastructure modernisation programme. SESAR aims at developing the new generation Air Traffic Management system capable of ensuring the safety and fluidity of air transport worldwide over the next 30 years
• Overall features
– Large-Scale... European (and beyond) wide systems
– Complex ICT – Stringent security requirements along side other key
Performance Indicators (e.g. Safety)
– Deployments of new ICT involving operational changes – Human factors, changes in ICT affecting work practices
10 Software Engineering and Information Security Massimo Felici © 2012
Air Traffic Management
Today
[SESAR Release, SESAR Joint Undertaking 2011]
The SESAR ATM System
11 Software Engineering and Information Security Massimo Felici © 2012
System Wide Information Management
SWIM Infrastructure System Security Design
12 Software Engineering and Information Security Massimo Felici © 2012
SOFTWARE ENGINEERING AND INFORMATION SECURITY
Research
13 Software Engineering and Information Security Massimo Felici © 2012
Socio-Technical Security Requirements
14 Software Engineering and Information Security
Ensuring Trustworthiness and Security in Service Composition
Problem: ensuring trustworthiness and security in service composition
Context: operational accounts of ATM practice highlight information exchange
Modelling and Validation: socio-technical security requirements
Massimo Felici © 2012
Requirements Evolution
15 Software Engineering and Information Security
• Avionics case study
• Safety-critical software
• Empirical analysis of requirements changes
• Functional analysis of requirements changes
• Architecture stability
• Quantitative accounts of requirements changes
• Requirements evolution modelling
[Felici, 2004]
Problem: understanding requirements changes, requirements evolution
Massimo Felici © 2012
Security Model-Driven Risk Analysis
16 Software Engineering and Information Security
Security Engineering for Lifelong Evolvable Systems
Problem: assessing impact of changes on critical security properties
Modelling: structured (CORAS) models elicited to perform risk analysis
Validation: shift of risk perceptions
[Felici et al., 2011]
Massimo Felici © 2012
Emerging Technological Risk • Provides a multidisciplinary
account of technology risk
• Reviews different case studies
• Identifies classes of socio-technical hazards
– how technological risk crosses organizational boundaries
– how technological trajectories and evolution develop
– how social behaviour shapes, and is shaped by, technology
17 Software Engineering and Information Security
S. Anderson, M. Felici Emerging Technological Risk Underpinning the Risk of Technology Innovation Springer, 2012
Interdisciplinary Research Collaboration in Dependability of Computer-Based Systems
Interdisciplinary Design and Evaluation of Dependability
Massimo Felici © 2012
Security & Dependability Patterns
18 Software Engineering and Information Security
System Engineering for Security & Dependability
Problem: Security & Dependability Patterns to design and implement ICT
Context: supporting organisational work practice to deal with emerging threats
Validation: Security & Dependability Patterns enabling resilient processes
Massimo Felici © 2012
Trust Observations
• Empirical analysis of an operational account of trust in validation exercises
• Trust observations highlight how different system configurations support work practices
[Felici et al., 2011]
19 Software Engineering and Information Security
Problem: validating new operational concepts and system configurations
Massimo Felici © 2012
Summary
• Information security is a real problem in different complex application domains
– Air Traffic Management • Research Perspectives
– Requirements problems: validation and evolution
– Socio-technical Risk Analysis: modelling and social perspectives of risk analysis
– Validation: Dependability, Resilience, Trust
20 Software Engineering and Information Security Massimo Felici © 2012
SOFTWARE ENGINEERING AND INFORMATION SECURITY
Research Considerations
21 Software Engineering and Information Security Massimo Felici © 2012
Research Remarks • Engineering software systems for security and trustworthiness
requires dealing with subtle complexities • It is necessary to combine diverse methodologies
throughout software development and deployment
• My research is concerned with supporting engineering software and understanding software complexities (e.g. in terms of critical features) in different development phases (e.g. validation) and application domains
– Multidisciplinary research
– Socio-technical systems
– Dependability, Risk, Trust
22 Software Engineering and Information Security Massimo Felici © 2012
Research Impact: ATM Community • Exploited PhD on requirements evolution within the EU
SecureChange project
• Exploited Dependability, Risk and Trust studies to support SME in related EU ICT projects
• Conducted case studies drawn from the ATM domain
• Led Edinburgh University engagement in the INNOVATE (INNOvation through Validation for Air Transportation in Europe) consortium, Modelling Support to Validation, Associate Partners of SESAR JU
• Visibility: Work on Trust published, and also linked in SKYbrary (the online ATM reference collection for aviation safety knowledge)
• Visibility: Consulting Editor for the US FAA (Federal Aviation Administration) International Journal of Applied Aviation
23 Software Engineering and Information Security Massimo Felici © 2012
Supporting European Commission • Co-organised a networking session, on Privacy, Identity Management
and Dependability in Emerging ICT-based Interaction Scenarios: Trustworthy Fulfillment of Requirements beyond purely Technological Innovation, at ICT 2008
• Appointed by the European Commission, Information Society and Media Directorate, Trust and Security, as Independent Expert/Reviewer for industry-led ICT projects
– PrimeLife, Privacy and Identity Management in Europe for Life
– WebSand, Server-driven Outbound Web-application Sandboxing
24 Software Engineering and Information Security Massimo Felici © 2012
Another Application Domain: Healthcare Recently, started collaborating and extending research work in Healthcare domains
• Centre for Population Health Sciences, The University of Edinburgh
Anderson, S., Fairbrother, P., Felici, M., Hanley, J., McKinstry, B. Ure, J.: From Hazards to Resilience in Socio-Technical Healthcare Systems. In Hollnagel, E., Rigaud, E., Besnard, D. (Eds.), Proceedings of the fourth Resilience Engineering Symposium, pp.15-21 (2011)
• Warwick Medical School, The University of Warwick
Sujan, M.-A., Felici, M.: Combining Failure Mode and Functional Resonance Analyses in Healthcare Settings. In Proceedings of SAFECOMP 2012, the 31st International Conference on Computer Safety, Reliability and Security, LNCS, Springer-Verlag (to appear)
25 Software Engineering and Information Security Massimo Felici © 2012
Supporting Research Communities • SAFECOMP, International Conference on Computer Safety, Reliability and Security
• DSN, IEEE/IFIP International Conference on Dependable Systems and Networks
• SERE, IEEE International Conference on Software Security and Reliability
• ISARCS, International ACM SigSoft Symposium on Architecting Critical Systems
...and many others
26 Software Engineering and Information Security Massimo Felici © 2012
Future Research • Software Engineering Foundations
– Empirical investigation of software engineering models (e.g. requirements and design models)
– Further understanding evolution (e.g. requirements evolution)
– Modelling support to validation – INNOVATE (INNOvation through Validation for Air Transportation in Europe)
• Security and Trust Observations – Security and Trust as deployment strategies that offers a rich
range of trade-offs
– Empirical investigation and validation of different Security and Trust models
• Dependability Benchmarking and Risk Analysis – Socio-technical risk analysis
– Operational validation
27 Software Engineering and Information Security Massimo Felici © 2012
THANK YOU
28 Software Engineering and Information Security Massimo Felici © 2012