Domain 8 Software

Development Security
Security in the software development lifecycle know the rings
and how they work
Development environment security controls
Acquired software security impact know shrink-wrap vs.
malicious attacks vs. purposeful backdoors
Domain 8 Software
Development Security
Security control test and vuln
app controls
App threats
Object reuse sensitive data should be removed from storage areas
before another subject accesses it
Garbage collection processes should de-allocate committed storage
Trap/backdoors
Buffer overflows
Covert channels
Security control test and vuln
app controls
Application controls
Goal is to enforce an organizations security policy and procedures in the
maintenance of CIA
Involves input to the system, the data being processed, and the output
from the system
Controls can be classes as
Preventative
Data checks, custom screens, validity checks
Detective
CRCs, Hashs
Corrective
Backups, control reports
Security control test and vuln
app controls
Distributed System Components
Agent Surrogate program performs services on behalf of another
Proxy Acts on behalf of principal but may hide the principal
Applets Small apps, downloaded from the web
Java Run in constrained space, downloaded from the web
Active X Establishes trust between client and server with digital
certificates
System development - Lifecycle

Project initiation define the concepts

Functional design analysis and planning define the
requirements, formal design
Design specifications functional design review, detail planning
Software development Lifecycle
Installation install, test and audit
Maintenance continual product changes and fixes
Disposal replace product with a new one
Database concepts and security
data warehouse
Data warehouse
Repository of heterogeneous databases that is available for users to query
Data is normalized
Redundant data is removed
Can be applied to audit logs to find system anomalies
Data mining
Objective is to find relationships that were unknown until now
Metadata
Data about data
Data Mart
Metadata is stored in the data mart
Data dictionary
Database system for developers
Stores all data structures used by an application
Database concepts and security
security issues
Security is provided in relational databases through views
Virtual relation that combines information from other relations
The DMBs can be compromised by circumventing the normal
security controls
Aggregation act of obtaining information of higher sensitivity by
combining information from lower levels of sensitivity
Inference is ability of users to infer or deduce info about data at
sensitivity levels for which they do not have access, a link is
called an inference channel
Database concepts and security
security issues
Anti aggregation and inference measures
Containers put data into strict containers and limit access control
Cell suppression using a view control to hide specific cells
Implement a view partition scheme
Noise insert bogus information in the database
Polyinstantiation A record of a higher level security holds different data to the same record of
a lower one
SQL
Select, update, delete insert, grant access, revoke access
Data normalization
Ensures that attributes in a table rely only on the primary key
Eliminates repeating groups
Eliminates redundant data
Eliminates attributes not dependent on the primary key
Database concepts Relational
operations
Primitives select, project, union, difference, product
Non primitives Join, intersection, divide
View important operation
Controls database access
Defined from join, project, and select
Appears as a virtual table with settings that the user can view
Database concepts Jargon

Tuple row in a relational model

Attribute a column in a data model
Element data in a cell
Schema describes the database structure
Candidate key identifier that is unique to the record
Primary key field that links all the data in a row
Foreign key attribute of one table that is the primary key of another
View virtual relationship to display specifics used for security
Cell intersection of a row and column also called element
Data dictionary - central repository for meta data and data relationships
Cardinality number of rows in a relationship
Software development - Models

Simple model
Assumes each step can be completed without any effect from the later stages
of the development
Assumes any reworking will not affect previous work
Waterfall Model
Recognizes a need for developers to modify early stages
Developers are limited to going back one stage to rework
Large development teams to stop parallel reworking
Assumes a stage will finish at a specific time (not usually the case)
Ending phase tied to a milestone
Verification Evaluates product against spec
Validation ensures real work requirement
Software development Models
cont.
Spiral model
Goes around in a spiral
Develop plans
Define objectives
Prototype and identify risk
Final deveipment
Joint Analysts Development Model (JAD)
Rapid Application Development (RAD)
Software development

Personnel away from devs should test the software keeps

testing objectives
Unit testing should be addressed when modules designed
Three phases to maintenance and change controls
Request control requirement for change
Change control manage the change, document everything
Release control manage the upgrade
Software development
Configuration mgmt.
Used to manage evolving changes to products track versions,
issues new products
Should conform to BS 7799
Definitions
Configuration item component to be changed
Version recorded state of the CI
Configuration collection of component config
Building subtopic
Build list subtopic
Software library - subtopic
Software development CMM

Software capability maturity model (CMM)

Level 1
Initiating chaotic, quality is unpredictable
Level 2
Repeatable PM exists, no formal method
Level 3
Defined, formal processes in place
Level 4
Managing product improvement, process improvement
Level 5
Optimizing continuous process improvement, bugetized
Software development OOP
Concepts
Potentially capable of being more reliable and reduces the
possible propagation of program change errors
Classes these tell the system how to make objects, the process
of creating an object using the directions in a class is called
instantiation
Objects Objects contain procedures called methods, data called
attributes.
Often called black box functions happen but cannot see
Messages Objects perform work by sending messages to other
objects
Software development
Fundamental characteristics
Encapsulation data hiding
Polymorphism different objects can react to identical messages in
different ways
Polyinstantiation allows an object to be copied and populated with
different data
Inheritance subclasses inherit settings
All predefined types are objects
All user defined types are objects
All operations are performed by sending messages to objects
Object Request Brokers Establishes a client server relationship
between objects made available to users over a network
Acquired software security
impact
1. Operating system attacks: attackers always try to search for
operating system vulnerabilities and exploits. Some vulnerabilities of
operating systems are buffer overflows, bugs in OS, or unpatched OS.
2. Application-level attacks: When an application is released, it must
be tested before going live. A hacker can use a buffer overflow,
active content, cross-site scripts, DoS, SQL injection, session
hijacking, or phishing.
3. Shrink Wrap Code Attacks: in this type of attack a hacker can use
the shrink wrap code method to hack in a system. Packaging
applications with backdoors or intentional bugs.
4. Misconfiguration attacks: Configurations not done properly, leaving
default passwords, etc. that can be utilized by hackers.