Software Engineering for Security a Roadmap - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Software Engineering for Security a Roadmap

Description:

Software Engineering for Security a Roadmap. Paper by. Premkumar T. Devanbu & Stuart Stubbelbine ... Clarity in presentation of topics and neat organization. ... – PowerPoint PPT presentation

Number of Views:140
Avg rating:3.0/5.0
Slides: 13
Provided by: shankarrka
Category:

less

Transcript and Presenter's Notes

Title: Software Engineering for Security a Roadmap


1
Software Engineering for Security a Roadmap
  • Paper by
  • Premkumar T. Devanbu Stuart Stubbelbine
  • Presented by
  • Shankarr Kalyanaraaman

2
Warm up.
  • Our dependence, Risk range and criticality.
  • Challenges..COTS, Mobile code, etc.
  • Solution - Security in software engineering.

3
Agenda
  • Requirements and policies
  • Architecture and design of security systems
  • Software piracy protection
  • Trusting software components
  • Verification of systems
  • Secure software deployment
  • Secure computations, not secure computers
  • Conclusion Remarks

4
Requirements and policies
  • Security a non functional requirement, an
    afterthought ?
  • Security models lessons learnt
  • Challenge - Unifying security with systems
    engineering.
  • Rational functional requirements engineering.
  • Expense, Resource availability and best of both
    worlds
  • But how ???? - Remarks
  • Challenge - Unifying security and system models.
  • Use of models current trend.
  • Security is not a component of qualitative system
    modeling.
  • Approaches, advantages and challenges ? Research
    areas.
  • SecureUML1 An approach

5
Architecture and Design
  • Reengineering software systems for security
    poor planning and scenario changes.
  • Challenge Legacy security mismatches.
  • Impedance mismatch Legacy and Standards.
  • Research areas platform independent policy and
    security systems.
  • Can web-services and standards like SOAP, XML be
    used, maybe. discuss !!!
  • Challenge Separating the security Aspect.
  • Difficulty in reengineering legacy systems ?
    evolvable security.
  • Aspect oriented programming.
  • Use of architectural connectorsdoes anything
    strike.?

6
Software piracy protection
  • Economic benefits in pirating Adversary
    Economics.
  • Approaches
  • Hardware and software tokens. ineffective.
  • Dynamic decryption of code
  • Watermarking static dynamic
  • Code partitioning
  • Challenge Attacker cost models.

7
Trusting software components
  • Risks involved with COTS based systems.
  • Black box approach.
  • Grey box approach.
  • Cryptographic techniques.
  • Tamper resistant hardware.
  • Challenges more grey box approaches.

8
Verification of systems
  • Security features and assurance requirement
    standards.
  • COTS, Common Criteria Technology.
  • Formal methods Automatic verification.
  • Challenge Implementation based verification.

9
Secure software deployment
  • Successive version problem
  • PDCM Post Deployment Configuration Management.
  • Challenge - Controlled Delegation.
  • Challenge privacy protection.

10
Secure computations, not secure computers
  • Test oracles Proof checkers.
  • Use of secure data structures and proof carrying
    answers.

11
Remarks
  • Remarks
  • Paper is effective in communicating issues.
  • Clarity in presentation of topics and neat
    organization.
  • Targets a wide range of security problems.
  • Issues
  • lacks better explanation for complex technical
    concepts

12
Relation to Embedded systems
  • Safety critical systems require more security
    than any other.
  • Embedded systems require stricter verification
    due to higher levels of composition (Hardware
    Software).
Write a Comment
User Comments (0)
About PowerShow.com