1.

Adnan Alam Khan

ASSIGNMENT 1
DESIGN CHARACTERISTIC OF A SECURE SOFTWARE
DEFINITION OF SOFTWARE SECURITY:
Literature Review:
One of the most essential part of security is "encryption" it is to change data in such a way that only an
authorized recipient is able to reconstruct the plaintext. This allows us to transmit data without worrying
about it getting into unauthorized hands. (Cryptography).

Another important name which is used for software security is "Integrity". This attribute measures a
system's ability to withstand attacks (both accidental and intentional) to its security. Attackers likes to
attack on three components of software: a) programs b) data, and c) documents.

To measure integrity or software security, two additional attributes must be defined: threat and security.
Threat is the probability (which can be estimated or derived from empirical evidence) that an attack of a
specific type will occur within a given time. Security is the probability (which can be estimated or derived
from empirical evidence) that the attack of a specific type will be repelled. The integrity of a software
system can then be defined as integrity = summation [(1 threat) X (1 security)](Roger Pressman)

What father of software engineering says about software Security? The availability of mechanisms that
control or protect programs and data. (Roger Pressman)

There is a direct relationship between quality factors and software quality metric in the form of security
and integrity. (Roger Pressman)
What CASE says about Software Security? The repository provides mechanisms to control who can view
and modify information contained within it. (CASE).
What software project management says about Software Security? There are three major types of
software development project requirements
a) Functional Requirements (FR)
b) Non Functional Requirements (NFR)
c) Technical Requirements (TR) .Software security is lies in NFR which is responsible for HOW the
software must perform, in general we call it "quality requirements"
Software security is on the top of the functionality in software reused code.
The function point components of software security is 5 FP in External interface file (EIF), whereas External
query process (es) (EQ) gives it 6 FP in user authentication.
The seven FiSMA 1.1 BFC classes with their relevant counting parameters gives it an eminent position in
Algorithmic and manipulation services.[2]
Capability Maturity Model and CMM are used by the Software Engineering Institute (SEI) to denote a
particular class of maturity models. Here it lies in System Security Engineering CMM which is a continuous
process.(CMM)
According to Software project development plan items software security is on fifth ranking.(SPM)
Definition from Web:
Software security is an idea implemented to protect software against malicious attack and other hacker
risks so that the software continues to function correctly under such potential risks. Security is necessary
to provide integrity, authentication and availability.

Definition from Scholar:

Software security is the idea of engineering software so that it continues to function correctly under
malicious attack. Most technologists acknowledge this undertaking's importance, but they need some
help in understanding how to tackle it.

Web security:

PROBLEM:
Weak communication channels
Weak password and authentication mechanisms
Weak data storage methods

SOLUTION:
Analyzing fundamental design principles
Assessing the attack surface
Enumerating various threat agents
Identifying weaknesses and gaps in security controls
Identifying Assets and Vulnerabilities to Known Threats
Identifying Likely Attack Methods, Tools, and Techniques
STRATEGY:
For each method, the security plan should include a proactive strategy as well as a reactive strategy.

The proactive or pre-attack strategy is a set of steps that helps to minimize existing security policy
vulnerabilities and develop contingency plans. Determining the damage that an attack will cause on a
system and the weaknesses and vulnerabilities exploited during this attack helps in developing the
proactive strategy.

Determine the damage that the attack will cause.

Determine the vulnerabilities and weaknesses that the attack will exploit.
Minimize the vulnerabilities and weaknesses that are determined to be weak points in the
system for that specific type of attack.

The reactive strategy or post-attack strategy helps security personnel to assess the damage caused by
the attack, repair the damage or implement the contingency plan developed in the proactive strategy,
document and learn from the experience, and get business functions running as soon as possible.

There can certainly be a lot more to lose when embedded systems are attacked, but that shouldn't
change your approach to how the software is developed. Regardless of the language, OS or hardware
platform, the same strategies apply for application security. It all starts with the design. Threat modeling
is key. This means looking at the overall system and determining everything from attack points to the
specific exploits that can be carried out against the application.

A top-down framework approach follows the plan laid out in Chapter 10 of my book Software Security.
The idea is simple perform a gap analysis between where you are and where you want to be from a
software security perspective. Then build a plan to address the gaps. Make sure to include software
security best practices for software you build, assurance activities for the software you buy, a portal for
software security guidance, and an enterprise-wide training program for developers and architects. (See
Want Turns to Need.)

The framework approach works well in an organization with strong centralized IT leadership that has
both the power and the budget to undertake a large-scale initiative. Weve seen this approach work
nicely in global financial services firms, even when the development organization has tens of thousands
of developers spread over multiple continents.

The portfolio risk method takes a more business-oriented approach to the software security problem.
The idea here is to assess the entire application portfolio according to some risk criteria agreed on in
advance. The results of this risk survey help determine which kinds of security controls and activities
should be applied in what order to what applications. Organizations that are set up with strong but
stove-piped business units often benefit from this approach. When executive management understands
software risks clearly (and what to do to mitigate them), good things usually follow.

The training first approach to software security is more grounded in the technical world. This approach
helps developers who love to do the right thing but just dont know what the right thing is when it
comes to security. Having trained over 6,000 developers on software security, here are some pointers
from us at Cigital: Make sure that trainers are actually software people (not security people with no
software experience); use examples from the enterprise code base if possible; and include lots of hands-
on exercises with real tools and techniques. Training is an essential part of any software security
initiative, and sometimes it makes sense as a first step.

Research on this topic

Mr.Kenji has proposed a model which addresses software security issues. The Model is based on following
points.
Attacker Identification
Malicious intent Identification
Vulnerability Analysis
Attacking measure identification
Countermeasure Identification[3]

CONCLUSION:
The lead with a tool approach, meanwhile, makes sense for an organization that has already purchased
and attempted to roll out a security analysis tool. In many cases, QA departments are furnished with
Web application security badness-ometers. Sometimes development organizations are mandated to use
static analysis tools like Fortify, Ounce, or Coverity. After the dust clears, the real work of tool adoption
begins. In our experience, writing custom rules (linked to corporate guidelines) for code review tools can
be a very effective way of upping static-analysis tool adoption. Likewise, security testing training geared
for QA is important for engendering an attackers perspective among professional testers who are used
to focusing their attention on features and functions.

In the end, your organization may require some combination of the four paths to software security.

REFERENCES:
[1] http://digitalenterprise.org/models/models.html
[2] Peter R. Hill,"Practical Software Project Estimation: A Toolkit for Estimating Software
Development Effort & Duration",McGraw-Hill,2011
[3] Kenji ,"Curriculum design and methodologies for security requirements analysis" Special issue:
The future of software engineering for security and privacy,2008.
[4] G. McGraw, "Software security," in IEEE Security & Privacy, vol. 2, no. 2, pp. 80-83, Mar-Apr
2004.
[5] https://msdn.microsoft.com/en-us/library/cc723506.aspx
[6] http://www.darkreading.com/risk/software-security-strategies/d/d-id/1129228?
[7] http://searchsoftwarequality.techtarget.com/tip/Ten-steps-to-better-app-testing-strategies