Gilliam Reducing Software Security Risk
of 27
-
Upload
mohammad-ghiasi -
Category
Documents
-
view
21 -
download
0
description
Software Security Risk
Transcript of Gilliam Reducing Software Security Risk
-
Reducing Software Security Risk (RSSR)David Gilliam, John PowellCalifornia Institute of Technology,Jet Propulsion Laboratory
Matt Bishop University of California at Davis
California Institute of Technology, Jet Propulsion Lab
* David Gilliam & John Powell - JPL, Caltech.*
Software Security Checklist (SSC)NOTE: This research was carried out at the Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space AdministrationThe work was sponsored by the NASA Office of Safety and Mission Assurance under the Software Assurance Research Program lead by the NASA Software IV&V FacilityThis activity is managed locally at JPL through the Assurance and Technology Program Office
* David Gilliam & John Powell - JPL, Caltech.*
AgendaCollaboratorsGoalProblemSoftware Security Assessment Instrument (SSAI)Model Checking: Flexible Modeling FrameworkSoftware Security Checklist (SSC)
* David Gilliam & John Powell - JPL, Caltech.*
Current CollaboratorsDavid Gilliam Principle Investigator, JPLJohn PowellTom WolfeMatt Bishop Associate Professor of Computer Science, University of California at Davishttp://rssr.jpl.nasa.gov
* David Gilliam & John Powell - JPL, Caltech.*
AgendaCollaboratorsGoalProblemSoftware Security Assessment Instrument (SSAI)Model Checking: Flexible Modeling FrameworkSoftware Security Checklist (SSC)
* David Gilliam & John Powell - JPL, Caltech.*
GoalReduce security risk to the computing environment by mitigating vulnerabilities in the software development and maintenance life cycles
Provide an instrument and tools to help avoid vulnerabilities and exposures in software
To aid in complying with security requirements and best practices
* David Gilliam & John Powell - JPL, Caltech.*
AgendaCollaboratorsGoalProblemSoftware Security Assessment Instrument (SSAI)Model Checking: Flexible Modeling FrameworkSoftware Security Checklist (SSC)
* David Gilliam & John Powell - JPL, Caltech.*
ProblemLack of Experts: Brooks No Silver Bullet is still valid (IEEE Software Engineering, 1987)Poor Security RequirementsPoor System EngineeringLeads to poor design, coding, and testingCycle of Penetrate and PatchPiecemeal Approach to Security Assurance
* David Gilliam & John Powell - JPL, Caltech.*
AgendaCollaboratorsGoalProblemSoftware Security Assessment Instrument (SSAI)Model Checking: Flexible Modeling FrameworkSoftware Security Checklist (SSC)
* David Gilliam & John Powell - JPL, Caltech.*
Software Security Assessment Instrument (SSAI)Software Security Checklist (SSC)Software Life CycleExternal Release of SoftwareVulnerability Matrix (VMatrix)List and Ranking of VulnerabilitiesVulnerability PropertiesClassification of Types of VulnerabilitiesList Maintained by UC Davis
* David Gilliam & John Powell - JPL, Caltech.*
SSAI (Cont.)Model-Based Verification (MBV) and a Flexible Modeling Framework (FMF)SPIN Model Checker and PromelaFMF Developed to Address State SpaceProperty-Based Tester (PBT)Tests Source Code for JAVA, C, and C++Verifier to ensure security property violations have not been re-introduced in coding
* David Gilliam & John Powell - JPL, Caltech.*
SSAI (Cont.)Security Assessment Tools (SATs)List of Tools and Purpose of EachAlternate Tools and Sites to Obtain Them
-
Reducing Software Security Risk Through an Integrated ApproachSoftware Vulnerabilities Expose IT Systems and Infrastructure to Security RisksGoal: Reduce Security Risk in Software and Protect IT Systems, Data, and InfrastructureSecurity Training for System Engineers and DevelopersSoftware Security Checklist for end-to-end life cycleSoftware Security Assessment Instrument (SSAI)Security Instrument Includes:Security ChecklistVulnerability MatrixProperty-Based TestingModel-Based VerificationCollection of security toolsNASA
Software Component Relationships
C
1
C
2
C
3
C
4
And_1
And_2
Safe
Unsafe
Vmatrix
PBT
MC
Attacks not in the wild
D
iscovered
a
ttacks
not been seen in the wild
Known attacks for Vmatrix / PBT Libaries
Technology Integration
* David Gilliam & John Powell - JPL, Caltech.*
AgendaCollaboratorsGoalProblemSoftware Security Assessment Instrument (SSAI)Model Checking: Flexible Modeling FrameworkSoftware Security Checklist (SSC)
* David Gilliam & John Powell - JPL, Caltech.*
Model Checking: Flexible Modeling Framework (cont.)MC with FMF Benefits Software Early in its LifecycleEarlier Discovery of Software ErrorsCorrection is easier / better / less expensiveFMF must adapt to early lifecycle eventsRapidly changing requirements and designsVarying / Increasing levels of detail defined for different parts of the system
* David Gilliam & John Powell - JPL, Caltech.*
Model Checking: Flexible Modeling FrameworkCollection of Model Components Model Checker
Component Combiner Each Individual ComponentUnique Component CombinationsIf Combination State Space is too LargeNoYesMCCTImplicitExplicitHeuristic Propagation of Results Updated Component Combinations Containing
* David Gilliam & John Powell - JPL, Caltech.*
AgendaCollaboratorsGoalProblemSecurity & the Software Life CycleSoftware Security Assessment Instrument (SSAI)Software Security Checklist (SSC)Final Notes
* David Gilliam & John Powell - JPL, Caltech.*
Software Security Checklist (SSC)Two PhasesPhase 1:Provide instrument to integrate security as a formal approach to the software life cycleRequirements DrivenPhase 2: External Release of SoftwareRelease Process
* David Gilliam & John Powell - JPL, Caltech.*
SSC (Cont.)Phase 1:Pre-RequirementsUnderstand the Problem and ScopeRequirements Gathering and ElicitationBe Aware of Applicable Requirements DocumentsProvide Trace to External Requirements DocsSecurity Risk AssessmentNPG 7120.5B Project Life Cycle documentPotential Integration with DDP ToolV&V Tools Available for Software Life Cycle
* David Gilliam & John Powell - JPL, Caltech.*
SSC (Cont.)Phase 2:Release of SoftwareAreas for Protection: Protect People Protect ITAR and EARProtect Trade Secrets PatentsProtect Organizational ResourcesConsiderationsInsecure Subsystem CallsEmbedded IP Addresses or Phone NumbersDelivered to Code R Draft Checklist
* David Gilliam & John Powell - JPL, Caltech.*
SSC (Cont.)Project Life Cycle ApproachSecurity RequirementsStakeholdersFederal, State, Local RequirementsNASA Requirements and GuidelinesDesign, Development, TestMaintenance and DecommissioningTools and InstrumentsExpert Center (IV&V) and People to AssistTraining
* David Gilliam & John Powell - JPL, Caltech.*
SSC ToolsReview Source CodeReview File CallsReview Library CallsCheck Subroutine Calls in BinariesProvided Perl ScriptsSystem and Programming Tools
* David Gilliam & John Powell - JPL, Caltech.*
AgendaCollaboratorsGoalProblemSecurity & the Software Life CycleSoftware Security Assessment Instrument (SSAI)Software Security Checklist (SSC)Final Notes
* David Gilliam & John Powell - JPL, Caltech.*
Final NotesWomb-to-Tomb ProcessMust Coincide with Organizational Polices and RequirementsNotification to Users and Functional Areas when Software or Systems De-CommissionedRegression Test on DecommissioningRe-Verify Security on Decommissioning
* David Gilliam & John Powell - JPL, Caltech.*
Final Notes (Cont.)Return on Investment (ROI)Enhanced or Non-Loss of NASA ImageMaintenance Costs Decrease
* David Gilliam & John Powell - JPL, Caltech.*
Note on Future WorkTraining Course for SSC and Use of Security Assessment ToolsExperts and Expert Center Available to Assist with the Instrument and ToolsIntegrate with Deep Space Mission Systems (DSMS)Verifying SSL Potential to Verify Space Link Extension (SLE) ProtocolDeveloping an Approach to Project Life Cycle Security Risk Assessment at JPL
* David Gilliam & John Powell - JPL, Caltech.*
David GilliamJPL400 Oak Grove Dr., MS 144-210Pasadena, CA 91109Phone: (818) 354-0900FAX: (818) 393-1377Email: [email protected]
John PowellMS 125-233Phone: (818) 393-1377Email:[email protected]
Website: http://rssr.jpl.nasa.gov/
FOR MORE INFO...
