Introduction to Software

Security
Adama Science and Technology University
School of Electrical Engineering and Computing
Department of Computer Science and Engineering
Dr. Mesfin Abebe Haile (2019)
 Introduction to Software
Security

 Why security?
Cyberspace (internet, intranet etc…) is becoming a
dangerous place for all organizations and individuals to
protect their sensitive data or reputation.
This is because of the numerous people and machines
accessing it that lead to a big danger.
The IT skills of a person that wants to hack or to breach
your security has decreased but the success rate of it has
increased.
Availability of hacking tools, rapidly increased technology
(bandwidth and technology), and hacking knowledge.
9/5/2019 2
 Introduction to Software
Security
 Why security?
Organizations hardened their networks, applications and
operating systems to a reasonable level of safety, and
conducting a business disaster recovery plan.

9/5/2019 3
 Introduction to Software
Security

 Potential losses due to security attacks:

Losing you data,
Bad usage of your computer resources,
Reputation loss,
Identity theft.

 The general state in computer security has the ability to

detect and prevent attacks and to be able to recover.

9/5/2019 4
 Introduction to Software
Security

 What is Computer (Cyber) Security?

The primary attribute that system builder focus on is
correctness.
Example: working banking website … (it has to work as
specified – desirable behaviors / should do)
Security is concerned with preventing undesirable
behaviors.
Example: considers an enemy, opponent, hacker, adversary
who is actively and maliciously trying to circumvent any
protective measures you put in place. (should not do)
9/5/2019 5
 Introduction to Software
Security

 Computer security is not just a science but also an art.

 It is an art:
No system can be secured without an examination of how
security has to be used.
Necessitates a statement of requirements and an expression
of those requirements in the form of authorized actions and
authorized users.
Just as an artist paints his view of the world onto canvas, so
does a designer of security features articulate his view of the
world of human/machine interaction in the security policy
and mechanisms of the system.
9/5/2019 6
 Introduction to Software
Security
Two designers may use entirely different designs to achieve
the same creation, just as two artists may use different
subjects to achieve the same concept.
 Software security is also a science:
Its theory is based on mathematical constructions, analyses,
and proofs.
Its systems are built in accordance with the accepted
practices of engineering.
It uses inductive and deductive reasoning to examine the
security of systems from key axioms and to discover
underlying principles.
9/5/2019 7
 The Basic Components of
Software Security

 Software security rests on three properties: confidentiality,

integrity, and availability. (Authenticity and Utility added
recently)
 Violation of these properties lead to undesirable behavior.

 The interpretations of these three aspects vary, as do the

contexts in which they arise. (system type… etc)
 The interpretation of an aspect in a given environment is
dictated by the needs of the individuals, customs, and laws
of the particular organization.
9/5/2019 8
 The Basic Components of
Software Security

9/5/2019 9
 The Basic Components of
Software Security

 Confidentiality: is the concealment of information or

resources. (stealing information)
Access control mechanisms support confidentiality.
One access control mechanism for preserving confidentiality
is cryptography, which scrambles data to make it
incomprehensible.
Resource hiding is another important aspect of
confidentiality.

9/5/2019 10
 The Basic Components of
Software Security

 Integrity: refers to the trustworthiness of data or resources,

and it is usually phrased in terms of preventing improper
or unauthorized change. (Modifying information)
Integrity mechanisms fall into two classes: prevention
mechanisms and detection mechanisms.
Prevention mechanisms seek to maintain the integrity of the
data by blocking any unauthorized attempts to change.
 Detection mechanisms do not try to prevent violations of
integrity; they simply report that the data’s integrity is no
longer trustworthy.
9/5/2019 11
 The Basic Components of
Software Security

 Working with integrity is very different from working with

confidentiality.
 With confidentiality, the data is either compromised or it is
not, but integrity includes both the correctness and the
trustworthiness of the data.
 The origin of the data, how well the data was protected
before it arrived at the current machine, and how well the
data is protected on the current machine all affect the
integrity of the data.
 Thus, evaluating integrity is often very difficult.
9/5/2019 12
 The Basic Components of
Software Security

 Availability: refers to the ability to use the information or

resource desired. (denying access)
The aspect of availability that is relevant to security is that
someone may deliberately arrange to deny access to data or
to a service by making it unavailable.

Attempts to block availability, called denial of service

attacks, can be the most difficult to detect.
Example: unable to access banking information.

9/5/2019 13
 The Basic Components of
Software Security

 Defects and Vulnerabilities

Many breaches begin by exploiting a vulnerability.
Vulnerability is a security-relevant software defect that can
be exploited to effect an undesired behavior.

A software defect is present when the software behaves

incorrectly, i.e., it fails to meet its requirement.
Defects occur in the SW design and its implementation:
A flaw is a defect in the design.
A bug is a defect in the implementation.
9/5/2019 14
 The Basic Components of
Software Security

 An adversary is not a normal user!

The adversary will actively attempt to find defects in rare
feature interactions and edge cases.
For a typical user finding a bug will result in a crash, which
he will now try to avoid.
An adversary will work to find a bug and exploit it to
achieve his goals.

 In short, to ensure security; we must eliminate bugs and

design flaws, and/or make them harder to exploit.
9/5/2019 15
 The Basic Components of
Software Security

 Software security: is a kind of computer security that

focuses on the secure design and implementation of
software.
Using the best languages, tools, methods.
It focus on secure code.
By contrast: many popular approaches to security treat
software as a black box (ignoring the code)
Os security, ant-virus, firewall, etc…
 SW defects are the root cause of vulnerability and
addressing them directly solves the security problems.
9/5/2019 16
 The Basic Components of
Software Security

 Other forms of security (Firewalls and anti-virus) are like

building strong walls around a weak interior.
 Attackers often can bypass outer defects to attack
weakness within.
 “Software security aims to address weakness directly”.

Software security includes secure design, secure code, code

review and testing for secure software.

9/5/2019 17
 The Basic Components of
Software Security

Software security includes secure design, secure code, code

review and testing for secure software

 To make a software more secure; consider security

throughout the software development lifecycle:
 Better requirement (security requirements, abuse cases)
 Better design (architectural risk analysis ; threat modeling)
 Better implementation (coding rules)
 Better assurance or testing (code reviews, risk-based
security testing and penetration testing).
9/5/2019 18
 The Basic Components of
Software Security

 Some concepts about computer security:

 A threat is a potential violation of security.
The actions that could cause them to occur must be guarded
and these actions are called attacks.
Those who execute such actions, or cause them to be
executed, are called attackers.
The three security services – confidentiality, integrity, and
availability counter threats to the security of a system.

9/5/2019 19
 The Basic Components of
Software Security

 Researches divides threats into four broad classes:

Disclosure or unauthorized access to information,
Deception or acceptance of false data,
Disruption, or interruption or prevention of correct
operation and,
Usurpation or unauthorized control of some part of a
system.

9/5/2019 20
 The Basic Components of
Software Security
 The above broad classes encompass many common
threats:
Snooping: the unauthorized interception of information.
(Passive - wiretapping )
Modification or alteration: unauthorized change of
information. (active – an entity to modify)
Masquerading or spoofing: an impersonation of one entity
by another is a form of both deception and usurpation.
Repudiation of origin: a false denial that an entity sent (or
create) something is a form of deception.
Integrity mechanisms cope with this threat.
9/5/2019 21
 The Basic Components of
Software Security
 These four classes encompass many common threats:
Denial of receipt: a false denial that an entity received some
information or message, is a form of deception.
Integrity and availability mechanisms guard against these
attacks.
Delay: a temporally inhabitation of a service, is a form of
usurpation.
Availability mechanisms can prevent this threat.
Denial of service: a long-term inhibition of service, is a form
of usurpation.
Availability mechanisms counter this threat.
9/5/2019 22
 The Basic Components of
Software Security

 Policy and mechanism:

A security policy: is a statement of what is, and what is not,
allowed.
 A university can have a policy that prohibit any student from
copying another student’s homework files.

A security mechanism: is a method, tool, or procedure for

enforcing a security policy. (technical or non-technical)
The system should have a mechanism to prevent a student
from reading other students file.

9/5/2019 23
 The Basic Components of
Software Security

 Policy and mechanism:

Policies may be presented mathematically as a list of
allowed (secure) and disallowed (nonsecure) states.
In practice, policies are rarely so precise; they normally
describe in English what users and staff are allowed to do.

9/5/2019 24
 The Basic Components of
Software Security

 Goals of Security:
A security policy’s specification of “secure” and
“nonsecure” actions can:
Prevent the attack : the attack will fail (cumbersome).
Detect the attack: when prevention is not possible.
Recover from the attack: has two forms; the first is stop the
attack and assess and repair any damage caused by that attack.
In the second approach, the system continues to function
correctly while an attack is under way.

9/5/2019 25
 The Basic Components of
Software Security
 Assurance:
System specification, design, and implementation can
provide a basis for determining “how much” to trust a
system. This type of trust is called assurance.
It is an attempt to provide a basis for bolstering (specifying)
how much one can trust a system.
Example: certification, manufacturing standards, and
preventative sealing provide some degree of assurance that an
aspirin is not contaminated.
The degree of trust the purchaser has in the purity of the
aspirin is a result of these three processes.
9/5/2019 26
 The Basic Components of
Software Security
 In the 1980s, drug manufacturers met two of the criteria
above, but none used safety seals.
 A series of “drug scares” arose when a well-known
manufacturer’s medicines were contaminated after
manufacture but before purchase.

 The manufacturer promptly introduced safety seals to

assure its customers that the medicine in the container was
the same as when it was shipped from the manufacturing
plants.
9/5/2019 27
 The Basic Components of
Software Security
 Assurance in the computer world is similar to the analogy.
 It requires specific steps to ensure that the computer will
function properly.
 The sequence of steps includes:
 Detailed specifications of the desired (or undesirable) behavior;
 An analysis of the design of the hardware, software, and other
components to show that the system will not violate the
specifications; and
 Arguments or proofs that the implementation, operating
procedures, and maintenance procedures will produce the desired
behavior.
9/5/2019 28
 The Basic Components of
Software Security
 A system is said to satisfy a specification if the
specification correctly states how the system will function.
 Specification:
 A specification is a (formal or informal) statement of the
desired functioning of the system.
 It can be highly mathematical, using any of several
languages defined for that purpose.
 It can be informal; English to describe what the system
should do under certain conditions.
 It can be low-level, combining program code with logical
and temporal relationships to specify ordering of events.
9/5/2019 29
 The Basic Components of
Software Security

 Design:
 The design of a system translate the specification into
components that will implement them.
 An analyst can determine whether a design satisfies a set of
specifications in several ways. (mathematically, compelling
argument)
 A design depends on assumptions about what the
specifications mean lead to vulnerabilities.

9/5/2019 30
 The Basic Components of
Software Security

 Implementation:
 Given a design, the implementation creates a system that
satisfies that design.
 If the design also satisfies the specifications, then by
transitivity the implementation will also satisfy the
specifications.
 The difficulty is the complexity of proving that a program
correctly implements the design and, in turn, the
specifications.
 A program is correct if its implementation performs as
specified.
9/5/2019 31
 The Basic Components of
Software Security
 Implementation:
 Proofs of correctness require each line of source code to be
checked for mathematical correctness.
 There are three difficulties in this process:
 First, the complexity of programs makes their mathematical
verification difficult.
 Second, program verification assumes that the programs are
compiled correctly, linked and loaded correctly, and executed
correctly.
 Third, if the verification relies on conditions on the input, the
program must reject any inputs that do not meet those
conditions.
9/5/2019 32
 The Basic Components of
Software Security

 Implementation:
 A posteriori verification techniques known as testing have
become widespread; since formal proofs of correctness are
so time consuming.
 During testing, the tester executes the program on data to
determine if the output is what it should be and to
understand how likely the program is to contain an error.

 Although these techniques are considerably simpler than the

more formal methods, they do not provide the same degree
of assurance that formal methods do.
9/5/2019 33
 The Basic Components of
Software Security

 Implementation:
 Furthermore, testing relies on test procedures and
documentation, errors in either of which could invalidate the
testing results.
 Although assurance techniques do not guarantee
correctness or security, they provide a firm basis for
assessing what one must trust in order to believe that a
system is secure.
 Their value is in eliminating possible, and common, sources
of error and forcing designers to define precisely what the
system is to do.
9/5/2019 34
 The Basic Components of
Software Security
 Operational Issues:
 Any useful policy and mechanism must balance the benefits
of the protection against the cost of designing,
implementing, and using the mechanism.
 This balance can be determined by analyzing the risks of a
security breach and the likelihood of it occurring.
 In very few situations can risks be rigorously quantified.

 The laws, customs, and society place on constraints on the

acceptability of security procedures and mechanisms; as
these factors change, security policies.
9/5/2019 35
 The Basic Components of
Software Security
 Cost-Benefit Analysis:
 The benefits of computer security are weighed against their
total cost .
 If the data or resources cost less than their protection,
adding security mechanisms and procedures is not cost-
effective.
 The data or resources can be reconstructed more cheaply
than the protections themselves. Unfortunately, this is rarely
the case.
 Adding security mechanisms to an existing system is often
more expensive than designing them into the system in the
9/5/2019first place. 36
 The Basic Components of
Software Security
 Risk Analysis:
 To determine whether an asset should be protected, and to
what level, requires analysis of the potential threats against
that asset and the likelihood that they will materialize.

 The level of protection is a function of the probability of an

attack occurring and the effects of the attack should it
succeed.
 If an attack is unlikely, protecting against it has a lower
priority than protecting against a likely one.

9/5/2019 37
 The Basic Components of
Software Security
 Law and Customs:
 Laws restrict the availability and use of technology and
affect procedural controls.
 Hence, any policy and any selection of mechanisms must
take into account legal considerations.
 Laws are not the only constraints on policies and
mechanisms selection . Society distinguishes between legal
and acceptable practices.
 The issue that laws and customs raise is the issue of
psychological acceptability.

9/5/2019 38
 The Basic Components of
Software Security
 Human Issue:
 The designers, implementers, and maintainers of security
controls are essential to the correct operation of those
controls.
 Organizational problem:
 Security provides no direct financial rewards to the user.
 It limits losses, but it also requires the expenditure of
resources that could be used elsewhere.
 Unless losses occur, organizations often believe they are
wasting effort related to security.
9/5/2019 39
 The Basic Components of
Software Security
 Organizational problem:
 Furthermore, security controls often add complexity to
simple operations.
 Lack of resources is another common problem. Securing a
system requires resources as well as people.
 People problems:
 The heart of any security system is people.
 People who have some motive to attack an organization and
are not authorized to use that organization’s systems are
called outsiders and can pose a serious threat.
9/5/2019 40
 The Basic Components of
Software Security
 People problems:
 Insider misuse of authorized privileges is a very difficult
problem to solve.
 Untrained personnel also pose a threat to system security.

 Similarly, administrators who misconfigure security-related

features of a system can weaken the site security.
 Users can also weaken site security by misusing security
mechanisms.

9/5/2019 41
 The Basic Components of
Software Security
 The security life cycle:

9/5/2019 42
 The Basic Components of
Software Security
 The security life cycle:
 Whether or not a program is tested or proved to be secure,
operational environments always it can introduce
unexpected problems or difficulties.
 If the assurance (specification, design, implementation, and
testing/proof) phase is done properly, the extra problems and
difficulties are minimal.

 If the assurance phase has been omitted or done poorly, the

problems may require a complete reevaluation of the
system.
9/5/2019 43
 Question & Answer

9/5/2019 44
 Thank You !!!

9/5/2019 45
 Assignment I

1. The following are other forms of security that are different

from software security (white box security). Identify the
limitations of these (black box security) security
mechanisms :
 OS(Operating system) security
 DBMS security
 Firewalls security
 IDS(Intrusion detection system) security
 Anti-virus scanners etc…

9/5/2019 46
 Assignment I

2. Take your own example and explain the following security

lifecycle phases:
 Threats,
 Policy,
 Specification,
 Design,
 Implementation,
 Operation and Maintenance.

9/5/2019 47