© 2012 Carnegie Mellon University Panel: Growing the Skills Required for Trustworthy Software...

© 2012 Carnegie Mellon University

Panel: Growing the Skills Required for Trustworthy Software

Software Engineering InstituteCarnegie Mellon UniversityPittsburgh, PA 15213

Carol Woody, Ph.D.Date 12/5/12

2© 2012 Carnegie Mellon University

Who Needs Training & Education

Builders•Designers•Engineers•Coders•Testers

Decision Makers•Program Management•Stakeholders•Executives

Acquirers


Software Assurance (SwA) Curriculum Project


SwA Curriculum Sponsorship and Goals

Sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD)

Goals•develop software assurance curricula•define transition strategies for future implementation


SwA Curriculum Project Objectives

Improve the state of software assurance education

Develop a Master of Software Assurance Reference Curriculum (Volume I)Identify educational offerings at other levels

•Undergraduate (Volume II)•MSwA Syllabi (Volume III)•Community College (Volume IV)• Integration with IS Curricula (Technical Note)


Purpose of MSwA Curriculum

Foundational material includes (but not limited to)•Software Assurance Curriculum Body of Knowledge

(SwACBK)•work done by the SEI in support of DHS Build Security In

(BSI) website•Graduate Software Engineering 2009 (GSwE 2009)

Curriculum Guidelines for Graduate Degree Programs in Software Engineering

VOLUME I


Body of Knowledge (BoK)

Organization: BoK knowledge areas knowledge units knowledge topics, with associated Bloom cognitive levels

Assurance Process and Management

Assurance Across Life Cycles

Risk Management

Assurance Assessment

Assurance Management

Assurance Product and Technology

System Security Assurance

Assured Software Analytics

System Operational Assurance


Architectural Structure of an MSwA2010 Degree Program

Preparatory Materials Computing FoundationsSoftware EngineeringSecurity Engineering

MSwA Core

Assurance Across Life CyclesRisk ManagementAssurance AssessmentAssurance ManagementSystem Security AssuranceAssured Software AnalyticsSystem Operational Assurance

ElectivesCourses Related to Assurance in Selected Domains

Capstone Experience Project


Outcomes of MSwA Curriculum Work

Outcomes•specify the knowledge, skills, and capabilities that graduates of an MSwA

program can expect when they complete the program • represent the minimum capabilities that should be expected of professionals

in the area of software assurance when they complete a master’s degree program

•provide a model for curriculum content, organization, expected curriculum outcomes

•support those who assess software assurance programs


Professional Society Recognition

IEEE RecognitionThe MSwA curriculum was recognized by the IEEE Computer Society. Its notification follows: At the meeting of the IEEE Computer Society Board of Governors it was passed:

MOVED, that the IEEE Computer Society Board of Governors recognizes the SEI CMU/SEI-2010-TR-005 Reference Curriculum as appropriate for a Masters Program in Software Assurance for a period of 5 years beginning in 1 August 2010.

Statement: The curriculum recommendation could contain a statement similar to “The IEEE Computer Society recognizes this curriculum recommendation as appropriate for a Masters Program in Software Assurance,” signifying that the Society considers it suitable for its stated purpose. If the curriculum recommendation is appropriate as a model for

similar efforts, the statement should indicate that designation.

IEEE published an article about its recognition of the MSwA curriculum at http://www.computer.org/portal/web/pressroom/20101213MSWA.

ACM RecognitionThe MSwA curriculum was also recognized by the Association for Computing Machinery (ACM) Education Board. This is identical to the IEEE recognition.

http://www.computer.org/portal/web/pressroom/20101213MSWA


SwA Undergraduate Course Outlines Background

Corollary activity to MSwA curriculum development.Course outlines include description, prerequisites, syllabus (list of topics and Bloom’s levels), course delivery features, suggestions on assessment, references.Background sources include SwACBK, MSwA Curriculum (Volume I).Other sources include the following:• CS2008 outlines• Carnegie Mellon University outlines• James Madison University outlines• University of California, Davis outlines• Purdue University outlines

VOLUME II


SwA Undergraduate Courses

Computer Science I (with SwA emphasis)Computer Science II (with SwA emphasis)Introduction to Computer SecuritySoftware Security EngineeringSecure ProgrammingSpecial Topics in Information Assurance and SecuritySoftware Quality AssuranceSoftware Assurance AnalyticsSoftware Assurance Capstone Project


MSwA Course Syllabi

Supports the development of a set of courses to be used in a master of software assurance curriculum.

Available at http://www.cert.org/mswa/

VOLUME III


Community College Report

An ACM committee on two-year degree programs, led by Elizabeth Hawthorne, partnered with the SEI team. The report includes

•discussion of existing curricula related to software security that are suitable for community colleges

•target audience

•course outlines

•identification of resources

VOLUME IV


Community College Courses

Target audience: Students planning to transfer to a four-year program, students with prior undergraduate technical degrees who wish to become more specialized in software assuranceCourses:•Computer Science I, II, and III• Introduction to Computer Security •Secure Coding• Introduction to Assured Software Engineering


Executive Overview of Software Assurance


Executive Course Description

Audience: PEOs, procurement officers, and others involved in software

acquisition.

Goal: Prepare executives to make informed decisions when acquiring

or overseeing development of a security-critical software system

Contents: Wide spectrum of pertinent issues to helps executives and

managers understand and address decisions related to security

impacts.


Course Content Summary

Software Assurance in Acquisition


Software Security Fundamentals

Security in Detail

Software Assurance Risk Management

Conclusion


Software Assurance in Acquisition

Why Is this Important?•Risks and Threats•Critical System Compromises and

Failures•Concepts of Confidentiality, Integrity,

Availability, and Authentication•Principles of Software Assurance

In-House Versus Acquired•Pros and Cons

Cloud Component ConsiderationsSystem Evolution•Upgrades

Activity: Discuss case studies and examples showing issues related to upgrading systems. Emphasize emergent behaviors, compliance to policies, etc.



Ownership Issues•Own It, Rent It; Build vs. Buy•What Is Cloud?• Is Cloud Suitable for You?

Assurance Management•Making a Business Case for

Assurance•Compliance with Laws, Regulations,

Standards, Policies and Best Practices

•Case Studies•Decision Making Strategies

Activity: Use examples of software as service and present cost-benefit analyses in relation to risks associated with hosting the applications versus outsourcing them. Use case studies to have managers identify the areas of their business in which they could use Cloud services.Activity: Make the business case for assurance using ROI, risk analysis, etc. Use case studies to show how assurance practices can be integrated into regular acquisition activities. Present decision making strategies to satisfy the constraints the projects have to meet, including meeting standards and regulations.


Software Security Fundamentals 1

Life-Cycle Models• Traditional Models, Such as Waterfall• Newer Models, Such as Agile and

Iterative Development

Security and Software Assurance Aspects of Software Development Activities• Software Requirements Engineering• Software Architecture and Design

Methods and Standards• Software Coding Methods and Standards• Testing Methods and Standards• Maintenance, Operation, and Retirement

Techiques/Strategies

Activity: Present some examples that show the fragile nature of software and the impracticality of having fault-free software. The failure of Ariane 5’s first test flight and the loss of the Mars Climate Orbiter are well documented cases.


Software Security Fundamentals 2

Basic Concepts of Security• Confidentiality (C)• Integrity (I)• Availability (A)• Balancing the C–I–A Triangle• Authentication• Principles (Saltzer & Schroeder vs.

Software Assurance Principles Work)

Activity: Engage students in discussion. How will they address these basic concepts in their acquisition? Especially, how will they balance the CIA triangle. (It may be helpful to point out the relationship between availability and reliability.) When would multiple mechanisms for authentication be advisable?


Security in Detail 1

Threats and Attack Vectors• Assets• Resources• Vulnerability of the Organization as a

Result of the Threat• Attack Scenarios

Security Policy and Its Importance• Access Control and Accountability• Awareness of Applicable Policies and

Standards

Security from an ROI Perspective• Business Case• Hard Business Decisions

Security Supply Chain• What Is It?• How to Build Security into the Supply

Chain

Activity: Use examples and case studies to emphasize the classification of assets and how to identify which ones would be more likely to be attacked. Provide examples of insider threats. This section will prepare users for compartmentalizing risks.

Activity: Expand on examples that an acquirer or those who oversee development should consider.


Security in Detail 2

Security from an ROI Perspective• Business Case• Hard Business Decisions

Security Supply Chain• What Is It?• How to Build Security into the Supply

Chain• Linkage to the Supply Chain Course

Activity: Use case studies to show the impact of security-related technologies; include examples of compromised critical infrastructure.

Activity: Provide examples of how they would address the security supply chain as acquirers or as those overseeing development.


Software Assurance Risk Management

Software Assurance Risk Management• Risk Management Concepts• Risk Management Process• Standards, Regulations, and Best

Practices• Government and Industry-Specific

Standards• Documented Organizational Policies and

Their Importance

Activity: Survey the concepts of risk management and process. Emphasize the existence of organizational policies that help to mitigate risks.


Conclusion

Importance of Software Assurance for Acquirers•Build/Buy Decision•Business Case•Supply Chain Risk Management•Software Assurance Risk Management

The Way Forward


Supply Chain Risk Management


Supply Chain Risk Management (SCRM)

SCRM for ICT acquisitions considers two kinds of malicious actions.•Malicious supply chain events: counterfeits & tampering•Malicious system events: a system weakness provides access to sensitive

information, reduces the availability of an essential service, or affects data integrity.

Introductory Course available on FEDVTE September 2012SCRM Awareness Course under development

Sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD)


Copyright 2012 Carnegie Mellon University.

This material is based upon work supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center.

Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense.

NO WARRANTY

THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This material has been approved for public release and unlimited distribution except as restricted below.

Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works.

External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at [email protected].

*These restrictions do not apply to U.S. government entities.

mailto:[email protected]

© 2012 Carnegie Mellon University Panel: Growing the Skills Required for Trustworthy Software...

Documents

Transcript of © 2012 Carnegie Mellon University Panel: Growing the Skills Required for Trustworthy Software...