Injibara University

College of Engineering and

Technology
Department of Software Engineering
Fundamental of Software Security
(SEng7431)

11/18/2024 1
 Chapter One
Introduction to Software Security

11/18/2024 2
 Contents
What is security?

Objectives of Security

Computer Security Challenges

Security services and mechanisms

Security Attacks

Security Techniques

Model for Network Security

11/18/2024 3
 What is Security?
Security is “the quality or state of being secure—to be free from danger.”
Security is study about:

 Threats (bad things that may happen, e.g. your money getting stolen).

 Attacks (ways in which the threats may be actualized).

e.g. a thief breaking through your weak front door while you and the neighbors are on holiday.

 Vulnerabilities (weaknesses in your defenses, e.g. your front door being made of thin wood
and glass).

4
 Cont …
 The most secure computers are those not connected to the internet
and shielded from any interference.

 Computer security is about provisions and policies adopted to

protect information and property from theft, corruption, or
natural disaster while allowing the information and property to
remain accessible and productive to it intended users.

 Security of computers against intruders (e.g. Hackers) and

malicious software (e.g., viruses).

11/18/2024 5
 Cont …
• It is a methods and tools used to defend an organization's assets.

• The goal of security is to protect these assets, devices, and services from
being disrupted, stolen, or exploited by unauthorized users.

• These threats can be external or internal and malicious or accidental in both origin
and nature.

• A successful organization should have the following multiple layers of security in

place to protect its operations:

Physical security: to protect physical items, objects, or areas from unauthorized

access.
 Cont …
 Personnel security: to protect the individual or group of individuals who
are authorized to access the organization and its operations.

 Operations security: to protect the details of a particular operation or

series of activities.

 Communications security: to protect communications media, technology,

and content.

 Information security: to protect the confidentiality, integrity and

availability of information assets, whether in storage, processing, or
transmission.

 Network security : to protect networking components, connections, and

contents.
 Computer Security
What is the difference between Computer security and Software Security?
• Computer security is also called Cyber security, the protection of computer systems &
information from harm, theft, and unauthorized use.
Broad Scope: Encompasses the protection of entire computer systems, including hardware,
software, networks, and data.
Multi-Layered Approach: Deals with a wide range of threats, such as viruses, malware,
hacking attempts, unauthorized access, and physical security breaches.
Examples:
Network Security: Protecting networks from attacks like DDoS or man-in-the-middle attacks.
Physical Security: Safeguarding hardware from theft or damage.
Data Security: Ensuring data confidentiality, integrity, and availability.
Software security
 Software security describes methodologies, frameworks, processes, and strategies that
enhance security and reduce vulnerabilities within the software and the environment in
which it runs.

 It is an idea implemented to protect software against malicious attacks and other

hacker risks.

 So that the software continues to function correctly under such potential risks.

 People use software bearing in mind that it is reliable and can be trust upon and the
operation they perform is secured.

9
Cont…
• Specific Focus: Concentrates on the security of individual software applications and
programs.

• Development Lifecycle: Involves securing software throughout its entire lifecycle, from
design and development to deployment and maintenance.

• Examples:

• Secure Coding Practices: Writing code that is resistant to vulnerabilities like buffer
overflows and SQL injection.

• Vulnerability Assessment: Identifying and fixing weaknesses in software.

• Penetration Testing: Simulating attacks to uncover potential security flaws.

 Cont …
 Now, if this software has an exploitable security hole, then how can it be safe for use.

 Security brings value to software in terms of people’s trust.

 The value provided by secure software is of vital importance because many critical
functions are entirely dependent on the software.

That is why security is a serious topic which should be given proper attention
during the entire SDLC, right from the beginning.

11/18/2024 11
Cont. Security

System

Alice Attacker

Security is about
 Honest user (e.g., Alice, Bob, …)
 Dishonest Attacker
 How the Attacker
 Disrupts honest user’s use of the system (Integrity, Availability)
 Learns information intended for Alice only (Confidentiality)
 Cont …
 Network security on the other hand deals with provisions and policies adopted to prevent
and monitor unauthorized access, misuse, modification, or denial of the computer
network and network-accessible resources.

Not Sufficient!!

Internet
1
11/18/2024
Cont…
Network security

Network Attacker
System
Intercepts and
controls network
communication

Alice
Cont.
Web security

System

Web Attacker

Sets up malicious
site visited by
victim; no control
of network
Alice
Cont.
Operating system security

OS Attacker

Controls malicious
files and
applications

Alice
 Consequences of risks

 Failure/end of service.

 Reduction of QoS, down to Denial of Service (DoS)

 Internal problems in the enterprise.

 Trust decrease from partners (client, providers, share-holders).

 Technology leakage.

 Human consequences (personal data, sensitive data - medical, insurances, …).

11/18/2024 17
 Security criteria
• To understand the types of threats to security that exist, first we need to have a definition of
security requirements.

• The following are different security requirements.

Availability

• It requires that computer and network assets are only available to authorized parties.

• Computer and network should provide all the designated services in the presence of all kinds
of security attack.

11/18/2024 18
 Cont …
Integrity

• It requires that messages should be modified or altered only by authorized parties.

• Modification includes writing, changing, deleting, and creating the message that is
supposed to be transmitted across the network.

• Integrity guarantees that no modification, addition, or deletion is done to the message;

• The altering of message can be malicious or accidental.

11/18/2024 19
 Cont …
Confidentiality
• It requires that the message can only be accessible for reading by authorized parties.
• It also requires that the system should verify the identity of a user.
Authentication
• It means that correct identity is known to communicating parties.
• This property ensures that the parties are genuine not impersonator.
Authorization
• This property gives access rights to different types of users.
• For example a network management can be performed by network administrator only.

11/18/2024 20
 Why Security is needed?

• To protect assets, devices, and services from being disrupted, stolen, or exploited
by unauthorized users.

• Protect vital information while still allowing access to those who need it.

• Trade secrete, medical records, etc.

• Provide authentication and access control for resources.

• Guarantee availability of resources.

 Objectives of security (Pillars) - CIA
 When we discuss data and information, we must consider the CIA triad.
 The CIA triad refers to an information security model made up of the three main
components:
 These are confidentiality, integrity and availability.
 Each component represents a fundamental objective of information security.

Confidentiality
 Assures that private or confidential information is not made available or disclosed to
an unauthorized individual.
 Restrict access to authorized individuals.

11/18/2024 22
 Cont …
This term covers two related concepts:

 Data Confidentiality: Assures that private or confidential information or resources are

not made available or disclosed to unauthorized individuals.

 In network communication, it means only sender and intended receiver should

“understand” message contents.

 Privacy: assures that individuals control or influence what information related to them
may be collected and stored and by whom and to whom that information may be
disclosed.

11/18/2024 23
 Cont …
Integrity
• Change should be reliable.

• This means change should be made by only the authorized entity and authorized
mechanism. Data has not been altered in an unauthorized manner.

This term covers two related concepts:

 Data integrity: Assures that information and programs are changed only in a specified and
authorized manner.

 In network communication, sender and receiver want to ensure that the message is not
altered (in transit or afterwards) without detection.
11/18/2024 24
 Cont …
 System integrity: Assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the system.

Availability: Guaranteeing timely and reliable access to information and systems.

 Availability guarantees that systems, applications and data are available to users when
they need them.

 So, the information in the digital world must be kept available to authorized persons
when they need it.

11/18/2024 25
 Cont …
In addition to the CIA triad, other important security objectives include:

•Authentication: Verifies the identity of users, devices, or systems to ensure they are who
they claim to be.
•Examples: passwords, biometrics, or cryptographic keys, Two-factor authentication.
•Authorization: Grants or denies access to resources based on predefined access control
policies.
•Examples: Role-based access control or Attribute-based access control
•Non-repudiation: Preventing users from denying their actions.
•Ensures that actions or transactions cannot be denied by the parties involved.
•Examples: Provides proof of origin and delivery, typically using digital signatures.

11/18/2024 26
Cont.-CIA.

System

Alice Attacker

 Confidentiality: Attacker does not learn Alice’s

secrets.
 Integrity: Attacker does not undetectably corrupt
system’s function for Alice.
 Availability: Attacker does not keep system from
being useful to Alice.
Discussion Questions

What happens if all or one of the above

failed to manage?
 Consequences of Security Objective Failures
 Confidentiality Failure: Sensitive information, such as personal data, financial records,
or trade secrets, can be exposed to unauthorized individuals.

 Integrity Failure: Data can be tampered with, altered, or corrupted without detection.

 Availability Failure: Systems or services become unavailable to legitimate users, often due to attacks
like Distributed Denial-of-Service (DDoS).

 Authentication Failure: Unauthorized individuals can assume the identity of legitimate users.

 Authorization Failure: Users are granted access to resources they should not have, either accidentally
or through a security flaw.

 Non-repudiation Failure: Parties can deny their involvement in transactions or actions.

11/18/2024 29
 Security challenges
 Navigating the cybersecurity skills gap
 The shortage of cybersecurity professionals means organizations are competing to hire
and retain staff.
 There isn’t enough human resource to cover physical security or policy implementation in
securing data.
 Defending against evolving security threats
 Cybercriminals are continuously devising new ways to exploit vulnerabilities.
 Maintaining business speed
 Growth and digital transformation work best at speed, but a security breach can slow
down or even prevent progress.

11/18/2024 30
 Cont …
 Demanding compliance mandates: As organizations move to a cloud-native
architecture, it’s a challenge to select the right security tools and processes, as well as
the cloud-native security expertise you need.
 Complex environments and operations

 Digital transformation means some organizations may still be in the process of moving
from legacy architecture to the cloud.

 Many have multi-cloud or hybrid cloud environments with services from more than
one provider.

11/18/2024 31
Security services and mechanisms
 Security Service: A service that enhances the security of data processing systems and
information transfers.

 A security service makes use of one or more security mechanisms.

 Confidentiality: maintaining the privacy of data

 Integrity: detecting that the data is not tampered with or altered.

 Authentication: establishing proof of identity

 Nonrepudiation: the ability to prove that the sender actually sends the data.

 Access control: access to information resources is controlled.

 Availability: computer assets are available to authorized parties when needed. 32

 Cont …
 A Security mechanism
 Is any process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack.
 So that a security mechanisms can prevent the attack, detect the attack, or recover from
the attack.
 Prevention: take measures to prevent the damage; it means that an attack will fail.
 Detection: if an attack cannot be prevented; when, how and who of the attack have to
be identified.
 Recovery/Reaction: take measures to recover from the damage;. sometimes
retaliation (attacking the attacker’s system or taking legal actions to hold
the attacker accountable).
 The three strategies may be used together or separately.
11/18/2024 33
• Example: Protecting valuable items at home from a robber.
Prevention: locks on the door, guards, hidden places, etc.
Detection: robber alarm, guards, etc.
Recovery: calling the police, replace the stolen item, etc.
 Security threats and attacks
 Security threat is a potential violation of security.

 It is any person, act, or object that poses a danger to computer security/privacy.

 Security threats can be many like software attacks, theft of intellectual property,
identity theft, theft of equipment or information.

 It can be anything that can take advantage of a vulnerability to breach security and
negatively alter, erase, harm object or objects of interest.

 The computer world is full of threats; viruses, worms, etc.

 Note: The terms threat and attack are commonly used to mean more or less the same

11/18/2024thing 35
 Cont …
Security Vulnerabilities

 Vulnerabilities:- are weak points in security that an attacker can exploit in order to gain

access to the network or to resources.

 The vulnerability is not the attack, but rather the weak point that is exploited.

11/18/2024 36
 Cont …
Vulnerability Classification
 Vulnerabilities are classified according to the asset class they related to:
1. Hardware
 Susceptibility to humidity
 Susceptibility to dust
 Susceptibility to soiling
 Susceptibility to unprotected storage
2. Software
 Insufficient testing
 Lack of audit trail

11/18/2024 37
 Cont …
3. Network
 Unprotected communication lines and Insecure network architecture
4. Personnel
 Inadequate recruiting process and Inadequate security awareness
5. Site
 Unreliable power source
6. Organizational
 Lack of regular audits and Lack of continuity plans

11/18/2024 38
 Security attacks
• Categories of Attacks
 Interruption: An attack on availability.
 Interception: An attack on confidentiality
 Modification: An attack on integrity
 Fabrication: An attack on authenticity

11/18/2024 39
 Cont …
• Categories of Attacks/Threats
Source

Destination
Normal flow of information
Attack

Interruption Interception

Modification Fabrication
11/18/2024 40
 Security attack types
• The attacks can also be classified by the following criteria.
 Passive or active,
 Internal or external,
 At different protocol layers.
Passive vs. active attacks
• A passive attack attempt to learn or make use of the information without changing the
content of the message and disrupting the operation of the communication.
• Examples of passive attacks are:
 Eavesdropping , traffic analysis, and traffic monitoring.

11/18/2024 41
 Cont …
• Active attack attempts to interrupt, modify, delete, or fabricate messages or information
thereby disrupting normal operation of the network.

• Some examples of active attacks include:

 Jamming (blocking),

 Impersonating,

 Modification,

 Denial of service (DoS), and

 Message replay.
11/18/2024 42
 Passive attacks
• Passive attacks do not affect system resources.
– Eavesdropping, monitoring.
– The goal of the opponent is to obtain information that is being transmitted.
• Two types of passive attacks.
 Release of message contents.
 Traffic analysis.
• Passive attacks are very difficult to detect.
 Message transmission apparently normal.
• No alteration of the data.
 Emphasis on prevention rather than detection.
• By means of encryption.

11/18/2024 43
 Passive attacks (1)
Release of message contents

11/18/2024 44
 Passive attacks (2)
Traffic analysis

11/18/2024 45
 Active attacks
• Active attacks try to alter system resources or affect their operation.

 Modification of data, or creation of false data.

• Four categories

 Masquerade of one entity as some other.

 Replay previous message
 Modification of messages
 Denial of service (DoS): preventing normal use: a specific target or entire network.

• Difficult to prevent.

 The goal is to detect and recover.

11/18/2024 46
 Active attacks (1)
Masquerade

11/18/2024 47
 Active attacks (2)
Replay

11/18/2024 48
 Active attacks (3)
Modification of message

11/18/2024 49
 Security attack types
Internal vs. External attacks

• External attacks are carried out by hosts that don’t belong to the network domain,
sometimes they are called outsider.

 E.g.it can causes congestion by sending false routing information thereby causes
unavailability of services.

• In case of internal attack, the malicious node from the network gains unauthorized access
and acts as a genuine node and disrupts the normal operation of nodes.

• They are also known as insider.

11/18/2024 50
 Security attack types
• The security attacks can also be classified as according to the TCP/IP layers.

 Application layer: e-mail bombing, repudiation, data corruption, malicious code

attack (virus, Trojan horse)

 Transport layer: Altering checksum, SYN flooding, session hijacking.

 Network layer: IP spoofing

 Data link layer: traffic analysis, disruption.

 Physical layer: interception, eavesdropping.

11/18/2024 51
 Security Attacks
• Types of Attacks:

• Passive Attacks: Eavesdropping or monitoring transmissions (e.g., packet sniffing).

• Active Attacks: Altering or disrupting system operations (e.g., man-in-the-middle attacks).

• Insider Attacks: Attacks initiated by authorized users (e.g., a disgruntled employee leaking
sensitive data).

• Outsider Attacks: Attacks initiated by unauthorized users outside the organization (e.g.,
hacking attempts).

11/18/2024 52
 • Examples of Common Attacks:

• Denial-of-Service (DoS): Overloading a system to prevent legitimate access.

• Phishing: Deceiving users into providing sensitive information.

• Malware: Malicious software like viruses, worms, and ransomware.

11/18/2024 53
 Security Techniques
• Encryption: Using algorithms to protect data confidentiality.
• Example: AES (Advanced Encryption Standard) is widely used to secure sensitive data.

• Access Control: Implementing policies to restrict access to resources.

• Example: Role-Based Access Control (RBAC) where users are granted access based on
their role.

• Hashing: Generating a fixed-size string from data to verify its integrity.

• Example: SHA-256 algorithm used for ensuring data integrity.

11/18/2024 54
 Hacking
 Gaining access to a system that you are not supposed to have access is considered as

hacking.

 For example:

 Login into an email account that is not supposed to have access.

 Gaining access to a remote computer that you are not supposed to have access,

 Reading information that you are not supposed to able to read is considered as hacking.

11/18/2024 55
 Types Hacking
 We can define hacking into different categories, based on what is being hacked.
 These are as follows:
 Network Hacking: network hacking means gathering information about a network
with the intent to harm the network system and hamper its operations using the various
tools like Telnet, Ping, Tracert, etc.
 Website hacking: Website hacking means taking unauthorized access over a web
server, database and make a change in the information.
 Computer hacking: Computer hacking means unauthorized access to the Computer and
steals the information from PC like Computer ID and password by applying hacking
methods.
 Password hacking: Password hacking is the process of recovering secret passwords
from data that has been already stored in the computer system.
11/18/2024 56
 Cont …
 Email hacking: Email hacking means unauthorized access on an Email account and
using it without the owner's permission.

 Hackers are unauthorized users who break into computer systems in order to steal,
change or destroy information, often by installing dangerous malware without your
knowledge or consent.

 Their clever tactics and detailed technical knowledge help them access the
information.

11/18/2024 57
 Model for Network Security
• Components of the Security Model:
• Sender and Receiver: The entities between which data is transmitted.

• Transmission Medium: The network through which data travels.

• Security Protocols: Techniques used to secure the data (e.g., SSL/TLS for secure web
communication).

• Security Policy: Rules that define how security is enforced.

• Example: When sending a confidential email, the sender encrypts the message using the
recipient’s public key.

• The recipient decrypts it using their private key, ensuring that only the intended recipient
can read the email.
11/18/2024 58
 Cont…

• A Network Security Model shows how the security service has been designed over
the network to prevent the opponent from causing a threat to the confidentiality or
authenticity of the information that is being transmitted through the network.

• The network security model presents the two communicating parties

sender and receiver who mutually agrees to exchange the information.

• The sender has information to share with the receiver.

• Now, the transmission of a message from sender to receiver needs a medium i.e.
Information channel which is an Internet service.
Cont.
• Secret information is used while transforming the message which will also be
required when the message will be retransformed on the recipient side.

• That’s why a trusted third party is required which would take the responsibility of
distributing this secret information to both the parties involved in communication.
Elements of a comprehensive security program
Have good passwords
Have good antivirus product

Use good cryptography

Have a backup system

Audit and monitor systems and networks

Have a training and awareness program

Test your security frequently

 cyber crime prevention tips
1.Use Strong Passwords
 Use different user ID/password combinations for different accounts and avoid writing
them down.
 Make the passwords more complicated by combining letters, numbers, special
characters (minimum 10 characters in total) and change them on a regular basis.
2. Secure your computer
 Activate your firewall; firewalls are the first line of cyber defense they block connections
to unknown or bogus sites and will keep out some types of viruses and hackers.
 Use anti-virus/malware software Prevent viruses from infecting your computer by
installing and regularly updating anti-virus software.
 Block spyware attacks prevent spyware from infiltrating your computer by installing and
updating anti-spyware software.
11/18/2024 62
 Cont …
3. Be Social-Media Savvy
 Make sure your social networking profiles (e.g. Facebook, Twitter, YouTube, MSN,
etc.) are set to private.
 Check your security settings.
 Be careful what information you post online.
 Once it is on the internet, it is there forever!
4. Secure your Mobile Devices
 Be aware that your mobile device is not vulnerable to viruses and hackers.
 Download applications from trusted sources.

11/18/2024 63
 Cont …
5. Install the latest operating system updates

 Keep your applications and operating system (e.g. Windows, Mac, Linux) current with the
latest system updates.

 Turn on automatic updates to prevent potential attacks on older software.

6. Protect your data

 Use encryption for your most sensitive files such as tax returns or financial records, make
regular back-ups of all your important data, and store it in another location.

11/18/2024 64
 Cont …
7. Secure your wireless network
 Wi-Fi (wireless) networks at home are vulnerable to intrusion if they are not properly
secured.
 Review and modify default settings. Public Wi-Fi, “Hot Spots”, are also vulnerable.
 Avoid conducting financial or corporate transactions on these networks.
8. Protect your e-identity
 Be cautious when giving out personal information such as your name, address, phone
number or financial information on the internet.
 Make sure that websites are secure (e.g. when making online purchases) or that you’ve
enabled privacy settings (e.g. when accessing/using social networking sites).

11/18/2024 65
 Cont …
9. Avoid being scammed
 Always think before you click on a link or file of unknown origin.
 Don’t feel pressured by any emails.
 Check the source of the message; when in doubt, verify the source.
 Never reply to emails that ask you to verify your information or confirm your user ID or
password.
10. Call the right person for help don’t panic!
• If you are a victim, if you encounter illegal internet content or if you suspect a computer
crime, identity theft or a commercial scam, report this to your local police.
• If you need help with maintenance or software installation on your computer, consult
with your service provider or a certified computer technician.

11/18/2024 66
 Cont …
 Prevention is only a goal; it is not possible to prevent attacks on any practical computer.

 So we approximate prevention by constructing security systems based upon deflection,

deterrence, detection and recovery.

 File encryption is a deterrence and possibly a deflection to files that aren’t encrypted.

 File backups are for recovery.

11/18/2024 67
 Part II: Secure system design Principles

11/18/2024 68
 Contents

Enterprise
Secure system Secure design Security information
design techniques policies security
program policy

11/18/2024 69
 Secure Design Principles
•Least Privilege: Granting users the minimal level of access required to perform their tasks.

•Example: A receptionist having access only to the scheduling system, not financial records.

•Defense in Depth: Using multiple layers of security controls to protect data.

•Example: Using firewalls, encryption, and multi-factor authentication together.

•Fail-Safe Defaults: The default state of the system should deny access unless explicitly granted.

•Example: A firewall that blocks all traffic unless specified otherwise.

•Economy of Mechanism: Keeping designs simple and small to reduce errors and vulnerabilities.

•Example: A lightweight authentication process for internal applications.

11/18/2024 70
 Cont..
•Separation of Duties: Dividing responsibilities to prevent fraud or abuse.
•Example: Splitting transaction approval and execution between two different employees.
•Complete Mediation: Every access to a resource should be checked for permission.
•Example: Continuous validation of user sessions for online banking.
•Open Design: Security should not rely on secrecy of the design or implementation.
•Example: Using open-source encryption algorithms like RSA instead of proprietary
algorithms.
•Least Common Mechanism: Minimize shared resources to reduce the risk of interference.
•Example: Avoiding shared accounts on a system.

11/18/2024 71
 Secure system design
• System Hardening: Reducing vulnerabilities by securing system configurations, patching
software, and disabling unnecessary services.

• Examples:
• Operating System Hardening: Disabling unnecessary services (e.g., stopping unused ports like
FTP if it’s not needed).
• Software Updates: Regularly applying security patches to fix vulnerabilities (e.g., updating web
servers like Apache or Nginx).
• Access Controls: Implementing authentication, authorization, and accounting mechanisms to
secure access to resources.
Examples: Authentication: Using multi-factor authentication (MFA) where users need a password and a code from a
mobile app.
Authorization: Using Role-Based Access Control (RBAC) to allow only administrators to access sensitive data.
Accounting: Keeping logs of user activities to detect unauthorized access or suspicious behavior.
7
11/18/2024
 Secure system design
• Input Validation: Ensuring that user inputs are properly validated to prevent attacks like
SQL injection.

• Example: Checking user inputs to ensure they do not contain malicious code.
• SQL Injection Prevention sanitizing inputs before processing them in a database query to prevent SQL injection.

• cursor.execute("SELECT * FROM users WHERE username = ?", (user_input,))

• Secure Coding Practices: Writing code that avoids vulnerabilities such as buffer overflows
and improper error handling.

• Examples: Using Secure Libraries: Prefer libraries that have been audited for security (e.g., using bcrypt for
password hashing).
7
11/18/2024
 Cont…
Steps To Making Systems More Secure

 Change default usernames and passwords: default passwords should be changed

immediately and even better is to also change, delete or disable the default username.

 Don't share passwords: Password repetition is the use of the same password for separate
accounts. Sharing a repeated password increases your danger of becoming a victim of
identity theft.

 Use strong authentication: using strong passwords that are a reasonable length with a
combination of letters, numbers and special characters and don’t include dictionary words.

7
11/18/2024
 Cont …
 Use centralized authentication: Using a centralized authentication system to simplifies
the process of managing user information as there is a single system that needs to be
administered instead of multiple systems.

 Restrict access: access to systems should be restricted to the minimum level that is
required for a user to perform the tasks they need to perform.

 Don't forget physical security: Security is about layers and one of those layers is physical
access.

 Maintain backups

7
11/18/2024
 Secure design techniques
 Threat Modeling: identifying, analyzing, and prioritizing potential threats to a system to understand its
vulnerabilities and the impact of potential attacks.

 Examples: When designing an online banking system, threat modeling might identify risks such as
unauthorized access, data breaches, and man-in-the-middle attacks.

 Risk Assessment: identifying, evaluating, and prioritizing risks based on their potential impact and
likelihood

 Example:A company might assess the risk of a data breach if employees are allowed to access sensitive
information on personal devices.

 Evaluation Criteria: Standards or benchmarks used to assess the security posture of a system or software.
 E.g: The Common Criteria (ISO/IEC 15408) is a framework that provides guidelines for evaluating the security
11/18/2024 76
 Secure design techniques
 Vulnerability Assessment: identifying, quantifying, and prioritizing vulnerabilities in a system.

 Cryptographic Techniques: used to secure data through encryption and hashing to ensure
confidentiality, integrity, and authenticity.

Example:
• AES (Advanced Encryption Standard) is commonly used to encrypt sensitive data, such as customer
information in online transactions.
• Digital Signatures are used to verify the authenticity of documents and software updates.
 Access Control: restrict access to systems and data based on users’ identities and roles

 Multilevel Security:

 Secure Operating System: security features like access controls, encryption, and auditing to protect
against unauthorized access and attacks.
11/18/2024 77
 Security policies
 Policy is the essential foundation of an effective information security program.
 A security policy is a written document in an organization outlining how to protect the
organization from threats, including computer security threats, and how to handle
situations when they do occur.
 A security policy must identify all of a company's assets as well as all the potential
threats to those assets.
 Policy maker sets emphasis on the importance of information security.
Objectives
 Reduced risk.
 Compliance with laws and regulations.
 Assurance of operational continuity, information integrity, and confidentiality.

11/18/2024 78
 Thank you

11/18/2024 79