Software Engineering and Information Security

Software Engineering and Information Security R&D Perspectives

Massimo Felici

1 Software Engineering and Information Security Massimo Felici © 2012

Overview

• Background and Experience

• Software Engineering and Information Security: Rationale • Complex Application Domain: Air Traffic Management

• Research Perspectives – Requirements

– Risk Analysis

– Design and Validation • Research Considerations

– Research Impact

• Future Research


Background and Experience


SOFTWARE ENGINEERING AND INFORMATION SECURITY

Rationale


Sony Security Cyber Attack • “Sony of Japan revealed that names, addresses, passwords

and possibly credit-card details of 77 million accounts were stolen when hackers gained access to the network it runs in 60 countries for its PlayStation online-gaming system”

[The Economist, Apr 28th 2011]

• “Sony warns of almost 25 million extra user detail theft” [BBC News, 3 May 2011]


Security Attacks Attacker Types and Techniques Attach Type, Time and Impact

6 Software Engineering and Information Security

[IBM Security Solutions, IBM X-Force® 2011 Mid-year Trend and Risk Report]

Massimo Felici © 2012

Vulnerability Disclosures

[IBM Security Solutions, IBM X-Force® 2011 Mid-year Trend and Risk Report]


Who should worry? • Security is a concern across different domains and countries

• “An investigation of targeted intrusions into more than 70 global companies, governments, and non-profit organizations during the last five years”

[McAfee, 2011]


AIR TRAFFIC MANAGEMENT Scenario


Complex Application Domain • Ongoing developments in the Air Traffic Management domain

• The SESAR (Single European Sky ATM Research) project is the European air traffic control infrastructure modernisation programme. SESAR aims at developing the new generation Air Traffic Management system capable of ensuring the safety and fluidity of air transport worldwide over the next 30 years

• Overall features

– Large-Scale... European (and beyond) wide systems

– Complex ICT – Stringent security requirements along side other key

Performance Indicators (e.g. Safety)

– Deployments of new ICT involving operational changes – Human factors, changes in ICT affecting work practices


Air Traffic Management

Today

[SESAR Release, SESAR Joint Undertaking 2011]

The SESAR ATM System


System Wide Information Management

SWIM Infrastructure System Security Design



Research


Socio-Technical Security Requirements


Ensuring Trustworthiness and Security in Service Composition

Problem: ensuring trustworthiness and security in service composition

Context: operational accounts of ATM practice highlight information exchange

Modelling and Validation: socio-technical security requirements


Requirements Evolution


• Avionics case study

• Safety-critical software

• Empirical analysis of requirements changes

• Functional analysis of requirements changes

• Architecture stability

• Quantitative accounts of requirements changes

• Requirements evolution modelling

[Felici, 2004]

Problem: understanding requirements changes, requirements evolution


Security Model-Driven Risk Analysis


Security Engineering for Lifelong Evolvable Systems

Problem: assessing impact of changes on critical security properties

Modelling: structured (CORAS) models elicited to perform risk analysis

Validation: shift of risk perceptions

[Felici et al., 2011]


Emerging Technological Risk • Provides a multidisciplinary

account of technology risk

• Reviews different case studies

• Identifies classes of socio-technical hazards

– how technological risk crosses organizational boundaries

– how technological trajectories and evolution develop

– how social behaviour shapes, and is shaped by, technology


S. Anderson, M. Felici Emerging Technological Risk Underpinning the Risk of Technology Innovation Springer, 2012

Interdisciplinary Research Collaboration in Dependability of Computer-Based Systems

Interdisciplinary Design and Evaluation of Dependability


Security & Dependability Patterns


System Engineering for Security & Dependability

Problem: Security & Dependability Patterns to design and implement ICT

Context: supporting organisational work practice to deal with emerging threats

Validation: Security & Dependability Patterns enabling resilient processes


Trust Observations

• Empirical analysis of an operational account of trust in validation exercises

• Trust observations highlight how different system configurations support work practices

[Felici et al., 2011]


Problem: validating new operational concepts and system configurations


Summary

• Information security is a real problem in different complex application domains

– Air Traffic Management • Research Perspectives

– Requirements problems: validation and evolution

– Socio-technical Risk Analysis: modelling and social perspectives of risk analysis

– Validation: Dependability, Resilience, Trust



Research Considerations


Research Remarks • Engineering software systems for security and trustworthiness

requires dealing with subtle complexities • It is necessary to combine diverse methodologies

throughout software development and deployment

• My research is concerned with supporting engineering software and understanding software complexities (e.g. in terms of critical features) in different development phases (e.g. validation) and application domains

– Multidisciplinary research

– Socio-technical systems

– Dependability, Risk, Trust


Research Impact: ATM Community • Exploited PhD on requirements evolution within the EU

SecureChange project

• Exploited Dependability, Risk and Trust studies to support SME in related EU ICT projects

• Conducted case studies drawn from the ATM domain

• Led Edinburgh University engagement in the INNOVATE (INNOvation through Validation for Air Transportation in Europe) consortium, Modelling Support to Validation, Associate Partners of SESAR JU

• Visibility: Work on Trust published, and also linked in SKYbrary (the online ATM reference collection for aviation safety knowledge)

• Visibility: Consulting Editor for the US FAA (Federal Aviation Administration) International Journal of Applied Aviation


Supporting European Commission • Co-organised a networking session, on Privacy, Identity Management

and Dependability in Emerging ICT-based Interaction Scenarios: Trustworthy Fulfillment of Requirements beyond purely Technological Innovation, at ICT 2008

• Appointed by the European Commission, Information Society and Media Directorate, Trust and Security, as Independent Expert/Reviewer for industry-led ICT projects

– PrimeLife, Privacy and Identity Management in Europe for Life

– WebSand, Server-driven Outbound Web-application Sandboxing


Another Application Domain: Healthcare Recently, started collaborating and extending research work in Healthcare domains

• Centre for Population Health Sciences, The University of Edinburgh

Anderson, S., Fairbrother, P., Felici, M., Hanley, J., McKinstry, B. Ure, J.: From Hazards to Resilience in Socio-Technical Healthcare Systems. In Hollnagel, E., Rigaud, E., Besnard, D. (Eds.), Proceedings of the fourth Resilience Engineering Symposium, pp.15-21 (2011)

• Warwick Medical School, The University of Warwick

Sujan, M.-A., Felici, M.: Combining Failure Mode and Functional Resonance Analyses in Healthcare Settings. In Proceedings of SAFECOMP 2012, the 31st International Conference on Computer Safety, Reliability and Security, LNCS, Springer-Verlag (to appear)


Supporting Research Communities • SAFECOMP, International Conference on Computer Safety, Reliability and Security

• DSN, IEEE/IFIP International Conference on Dependable Systems and Networks

• SERE, IEEE International Conference on Software Security and Reliability

• ISARCS, International ACM SigSoft Symposium on Architecting Critical Systems

...and many others


Future Research • Software Engineering Foundations

– Empirical investigation of software engineering models (e.g. requirements and design models)

– Further understanding evolution (e.g. requirements evolution)

– Modelling support to validation – INNOVATE (INNOvation through Validation for Air Transportation in Europe)

• Security and Trust Observations – Security and Trust as deployment strategies that offers a rich

range of trade-offs

– Empirical investigation and validation of different Security and Trust models

• Dependability Benchmarking and Risk Analysis – Socio-technical risk analysis

– Operational validation


THANK YOU


Software Engineering and Information Security

Technology

Transcript of Software Engineering and Information Security