SlideShare uma empresa Scribd logo

Security testing (CS 5032 2012)

Ian Sommerville
Ian Sommerville

This document discusses techniques for assuring the dependability and security of systems. It covers security testing and validation methods like experience-based validation, tool-based validation, and formal verification. It also discusses the importance of process assurance and identifying potential hazards. Safety cases are described as a means to collect evidence that a system is safe by making structured arguments based on claims and evidence. Safety arguments show unsafe conditions can never occur by considering all program paths.

Tecnologia
1 de 24
Dependability and Security Assurance Lecture 2 Dependability and Security Assurance, CSE course, 2011 Slide 1
Security testing • Testing the extent to which the system can protect itself from external attacks. • Problems with security testing – Security requirements are ‘shall not’ requirements i.e. they specify what should not happen. It is not usually possible to define security requirements as simple constraints that can be checked by the system. – The people attacking a system are intelligent and look for vulnerabilities. They can experiment to discover weaknesses and loopholes in the system. • Static analysis may be used to guide the testing team to areas of the program that may include errors and vulnerabilities. Dependability and Security Assurance, CSE course, 2011 Slide 2
Security validation • Experience-based validation – The system is reviewed and analysed against the types of attack that are known to the validation team. • Tiger teams – A team is established whose goal is to breach the security of the system by simulating attacks on the system. • Tool-based validation – Various security tools such as password checkers are used to analyse the system in operation. • Formal verification – The system is verified against a Dependability and Security Assurance, CSE course, 2011 formal security specification. Slide 3
Examples of entries in a security checklist Security checklist 1. Do all files that are created in the application have appropriate access permissions? The wrong access permissions may lead to these files being accessed by unauthorized users. 2. Does the system automatically terminate user sessions after a period of inactivity? Sessions that are left active may allow unauthorized access through an unattended computer. 3. If the system is written in a programming language without array bound checking, are there situations where buffer overflow may be exploited? Buffer overflow may allow attackers to send code strings to the system and then execute them. 4. If passwords are set, does the system check that passwords are ‘strong’? Strong passwords consist of mixed letters, numbers, and punctuation, and are not normal dictionary entries. They are more difficult to break than simple passwords. 5. Are inputs from the system’s environment always checked against an input specification? Incorrect processing of badly formed inputs is a common cause of security vulnerabilities. Dependability and Security Assurance, CSE course, 2011 Slide 4
Process assurance • Process assurance involves defining a dependable process and ensuring that this process is followed during the system development. • Process assurance focuses on: – Do we have the right processes? Are the processes appropriate for the level of dependability required. Should include requirements management, change management, reviews and inspections, etc. – Are we doing the processes right? Have these processes been followed by the development team. • Process assurance generates documentation – Agile processes therefore are rarely used for critical systems. Dependability and Security Assurance, CSE course, 2011 Slide 5
Processes for safety assurance • Process assurance is important for safety-critical systems development: – Accidents are rare events so testing may not find all problems; – Safety requirements are sometimes ‘shall not’ requirements so cannot be demonstrated through testing. • Safety assurance activities may be included in the software process that record the analyses that have been carried out and the people responsible for these. – Personal responsibility is important as system failures may lead to subsequent legal actions. Dependability and Security Assurance, CSE course, 2011 Slide 6
Safety related process activities • Creation of a hazard logging and monitoring system. • Appointment of project safety engineers who have explicit responsibility for system safety. • Extensive use of safety reviews. • Creation of a safety certification system where the safety of critical components is formally certified. • Detailed configuration management. Dependability and Security Assurance, CSE course, 2011 Slide 7
Hazard analysis • Hazard analysis involves identifying hazards and their root causes. • There should be clear traceability from identified hazards through their analysis to the actions taken during the process to ensure that these hazards have been covered. • A hazard log may be used to track hazards throughout the process. Dependability and Security Assurance, CSE course, 2011 Slide 8
A simplified hazard log entry Hazard Log Page 4: Printed 20.02.2009 System: Insulin Pump System File: InsulinPump/Safety/HazardLog Safety Engineer: James Brown Log version: 1/3 Identified Hazard Insulin overdose delivered to patient Identified by Jane Williams Criticality class 1 Identified risk High Fault tree YES Date 24.01.07 Location Hazard Log, Page 5 identified Fault tree creators Jane Williams and Bill Smith Fault tree checked YES Date 28.01.07 Checker James Brown System safety design requirements 1. The system shall include self-testing software that will test the sensor system, the clock, and the insulin delivery system. 2. The self-checking software shall be executed once per minute. 3. In the event of the self-checking software discovering a fault in any of the system components, an audible warning shall be issued and the pump display shall indicate the name of the component where the fault has been discovered. The delivery of insulin shall be suspended. 4. The system shall incorporate an override system that allows the system user to modify the computed dose of insulin that is to be delivered by the system. 5. The amount of override shall be no greater than a pre-set value (maxOverride), which is set when the system is configured by medical staff. Dependability and Security Assurance, CSE course, 2011 Slide 9
Safety and dependability cases • Safety and dependability cases are structured documents that set out detailed arguments and evidence that a required level of safety or dependability has been achieved. • They are normally required by regulators before a system can be certified for operational use. The regulator’s responsibility is to check that a system is as safe or dependable as is practical. • Regulators and developers work together and negotiate what needs to be included in a system safety/dependability case. Dependability and Security Assurance, CSE course, 2011 Slide 10
The system safety case • A safety case is: – A documented body of evidence that provides a convincing and valid argument that a system is adequately safe for a given application in a given environment. • Arguments in a safety case can be based on formal proof, design rationale, safety proofs, etc. Process factors may also be included. Dependability and Security Assurance, CSE course, 2011 Slide 11
The contents of a software safety case Chapter Description System description An overview of the system and a description of its critical components. Safety requirements The safety requirements abstracted from the system requirements specification. Details of other relevant system requirements may also be included. Hazard and risk analysis Documents describing the hazards and risks that have been identified and the measures taken to reduce risk. Hazard analyses and hazard logs. Design analysis A set of structured arguments (see Section 15.5.1) that justify why the design is safe. Verification and validation A description of the V & V procedures used and, where appropriate, the test plans for the system. Summaries of the test results showing defects that have been detected and corrected. If formal methods have been used, a formal system specification and any analyses of that specification. Records of static analyses of the source code. Review reports Records of all design and safety reviews. Team competences Evidence of the competence of all of the team involved in safety-related systems development and validation. Process QA Records of the quality assurance processes (see Chapter 24) carried out during system development. Change management Records of all changes proposed, actions taken and, where appropriate, justification of the processes safety of these changes. Information about configuration management procedures and configuration management logs. Associated safety cases References to other safety cases that may impact the safety case. Dependability and Security Assurance, CSE course, 2011 Slide 12
Structured arguments • Safety/dependability cases should be based around structured arguments that present evidence to justify the assertions made in these arguments. • The argument justifies why a claim about system safety/security is justified by the available evidence. Dependability and Security Assurance, CSE course, 2011 Slide 13
Structured arguments Dependability and Security Assurance, CSE course, 2011 Slide 14
Insulin pump safety argument • Arguments are based on claims and evidence. • Insulin pump safety: – Claim: The maximum single dose of insulin to be delivered (CurrentDose) will not exceed MaxDose. – Evidence: Safety argument for insulin pump (discussed later) – Evidence: Test data for insulin pump. The value of currentDose was correctly computed in 400 tests – Evidence: Static analysis report for insulin pump software revealed no anomalies that affected the value of CurrentDose – Argument: The evidence presented demonstrates that the maximum dose of insulin that can be computed = MaxDose. Dependability and Security Assurance, CSE course, 2011 Slide 15
Structured safety arguments • Structured arguments that demonstrate that a system meets its safety obligations. • It is not necessary to demonstrate that the program works as intended; the aim is simply to demonstrate safety. • Generally based on a claim hierarchy. – You start at the leaves of the hierarchy and demonstrate safety. This implies the higher-level claims are true. Dependability and Security Assurance, CSE course, 2011 Slide 16
A safety claim hierarchy for the insulin pump Dependability and Security Assurance, CSE course, 2011 Slide 17
Safety arguments • Safety arguments are intended to show that the system cannot reach in unsafe state. • They do NOT demonstrate that the system is correct. • They are generally based on proof by contradiction – Assume that an unsafe state can be reached; – Show that this is contradicted by the program code • The contradiction means that the computation is therefore NOT UNSAFE i.e. SAFE. Dependability and Security Assurance, CSE course, 2011 Slide 18
Construction of a safety argument • Establish the safe exit conditions for a component or a program. • Starting from the END of the code, work backwards until you have identified all paths that lead to the exit of the code. • Assume that the exit condition is false. • Show that, for each path leading to the exit that the FINAL VALUE ASSIGNMENTS made in that path contradict the assumption of an unsafe exit from the component. Dependability and Security Assurance, CSE course, 2011 Slide 19
Insulin dose computation with safety checks -- The insulin dose to be delivered is a function of blood sugar level, -- the previous dose delivered and the time of delivery of the previous dose currentDose = computeInsulin () ; // THIS IS THE AMOUNT DELIVERED // Safety check—adjust currentDose if necessary. // if statement 1 if (previousDose == 0) //Assigns value to CurrentDose { if (currentDose > maxDose/2) currentDose = maxDose/2 ; } else if (currentDose > (previousDose * 2) ) currentDose = previousDose * 2 ; // if statement 2 if ( currentDose < minimumDose ) // ONLY EXECUTED IF DOSE UNSAFE currentDose = 0 ; else if ( currentDose > maxDose ) currentDose = maxDose ; administerInsulin (currentDose) ; Dependability and Security Assurance, CSE course, 2011 Slide 20
Informal safety argument based on demonstrating contradictions Dependability and Security Assurance, CSE course, 2011 Slide 21
Neither IF-THEN IF_ELSE branch of if- branch of if- branch of if- statement 2 is statement 2 is statement 2 is executed executed executed CurrentDose is >= minimumDose currentDose = 0 currentDose = and <= maxDose maxDose In all cases, the post conditions contradict the unsafe condition that the dose administered is greater than maxDose. Dependability and Security Assurance, CSE course, 2011 Slide 22
Key points • Security validation is difficult because security requirements state what should not happen in a system, rather than what should. Furthermore, system attackers are intelligent and may have more time to probe for weaknesses than is available for security testing. • Security validation may be carried out using experience-based analysis, tool-based analysis or ‘tiger teams’ that simulate attacks on a system. • It is important to have a well-defined, certified process for safety-critical systems development. The process must include the identification and monitoring Dependability and Security Assurance, CSE course, 2011 Slide 23 of potential hazards.
Key points • Safety and dependability cases collect all of the evidence that demonstrates a system is safe and dependable. Safety cases are required when an external regulator must certify the system before it is used. • Safety cases are usually based on structured arguments. Structured safety arguments show that an identified hazardous condition can never occur by considering all program paths that lead to an unsafe condition, and showing that the condition cannot hold. Dependability and Security Assurance, CSE course, 2011 Slide 24

Recomendados

CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Ian Sommerville
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013Ian Sommerville
 

Recomendados

CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Security Engineering 2 (CS 5032 2012)
Security Engineering 2 (CS 5032 2012)Ian Sommerville
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013Ian Sommerville
 
Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Ian Sommerville
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013Ian Sommerville
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
Concepts in Software Safety
Concepts in Software SafetyConcepts in Software Safety
Concepts in Software Safetydalesanders
 
8. operational risk management
8. operational risk management8. operational risk management
8. operational risk managementSekaransrinivasan Srini
 
what is security
what is securitywhat is security
what is securityDedi Dwianto
 
Software safety in embedded systems &amp; software safety why, what, and how
Software safety in embedded systems &amp; software safety why, what, and how Software safety in embedded systems &amp; software safety why, what, and how
Software safety in embedded systems &amp; software safety why, what, and how bdemchak
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsPivotPointSecurity
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Ch20
Ch20Ch20
Ch20phanleson
 
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemDynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemRadita Apriana
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
An introduction to intrusion detection systems
An introduction to intrusion detection systemsAn introduction to intrusion detection systems
An introduction to intrusion detection systemsUltraUploader
 
C0931115
C0931115C0931115
C0931115IOSR Journals
 
Outpost Anti-Malware 7.5
Outpost Anti-Malware 7.5Outpost Anti-Malware 7.5
Outpost Anti-Malware 7.5Lubov Putsko
 
Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Ian Sommerville
 
Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Ian Sommerville
 

Mais conteúdo relacionado

Mais procurados

Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Ian Sommerville
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013Ian Sommerville
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringAHM Pervej Kabir
 
Concepts in Software Safety
Concepts in Software SafetyConcepts in Software Safety
Concepts in Software Safetydalesanders
 
Software safety in embedded systems &amp; software safety why, what, and how
Software safety in embedded systems &amp; software safety why, what, and how Software safety in embedded systems &amp; software safety why, what, and how
Software safety in embedded systems &amp; software safety why, what, and how bdemchak
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsPivotPointSecurity
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemDynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemRadita Apriana
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
An introduction to intrusion detection systems
An introduction to intrusion detection systemsAn introduction to intrusion detection systems
An introduction to intrusion detection systemsUltraUploader
 
Outpost Anti-Malware 7.5
Outpost Anti-Malware 7.5Outpost Anti-Malware 7.5
Outpost Anti-Malware 7.5Lubov Putsko
 

Mais procurados (20)

Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Concepts in Software Safety
Concepts in Software SafetyConcepts in Software Safety
Concepts in Software Safety
 
8. operational risk management
8. operational risk management8. operational risk management
8. operational risk management
 
what is security
what is securitywhat is security
what is security
 
Software safety in embedded systems &amp; software safety why, what, and how
Software safety in embedded systems &amp; software safety why, what, and how Software safety in embedded systems &amp; software safety why, what, and how
Software safety in embedded systems &amp; software safety why, what, and how
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision Points
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
 
Ch20
Ch20Ch20
Ch20
 
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemDynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and Testing
 
8. operations security
8. operations security8. operations security
8. operations security
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development Security
 
An introduction to intrusion detection systems
An introduction to intrusion detection systemsAn introduction to intrusion detection systems
An introduction to intrusion detection systems
 
C0931115
C0931115C0931115
C0931115
 
Outpost Anti-Malware 7.5
Outpost Anti-Malware 7.5Outpost Anti-Malware 7.5
Outpost Anti-Malware 7.5
 

Destaque

Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Ian Sommerville
 
Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Ian Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 
Cooperative work (LSCITS EngD 2012)
Cooperative work (LSCITS EngD 2012)Cooperative work (LSCITS EngD 2012)
Cooperative work (LSCITS EngD 2012)Ian Sommerville
 
Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Ian Sommerville
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013Ian Sommerville
 
Static analysis and reliability testing (CS 5032 2012)
Static analysis and reliability testing (CS 5032 2012)Static analysis and reliability testing (CS 5032 2012)
Static analysis and reliability testing (CS 5032 2012)Ian Sommerville
 
Ultra-large Scale Systems (LSCITS EngD 2011)
Ultra-large Scale Systems (LSCITS EngD 2011)Ultra-large Scale Systems (LSCITS EngD 2011)
Ultra-large Scale Systems (LSCITS EngD 2011)Ian Sommerville
 
An overview of software requirements engineering
An overview of software requirements engineeringAn overview of software requirements engineering
An overview of software requirements engineeringIan Sommerville
 
Requirements Engineering Process Improvement
Requirements Engineering Process ImprovementRequirements Engineering Process Improvement
Requirements Engineering Process ImprovementIan Sommerville
 
Requirements Engineering: A Good Practice Guide
Requirements Engineering: A Good Practice GuideRequirements Engineering: A Good Practice Guide
Requirements Engineering: A Good Practice GuideIan Sommerville
 
Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)Ian Sommerville
 

Destaque (13)

Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)
 
Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)Security Engineering 1 (CS 5032 2012)
Security Engineering 1 (CS 5032 2012)
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013
 
LSCITS engineering
LSCITS engineeringLSCITS engineering
LSCITS engineering
 
Cooperative work (LSCITS EngD 2012)
Cooperative work (LSCITS EngD 2012)Cooperative work (LSCITS EngD 2012)
Cooperative work (LSCITS EngD 2012)
 
Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)Introduction to Critical Systems Engineering (CS 5032 2012)
Introduction to Critical Systems Engineering (CS 5032 2012)
 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013
 
Static analysis and reliability testing (CS 5032 2012)
Static analysis and reliability testing (CS 5032 2012)Static analysis and reliability testing (CS 5032 2012)
Static analysis and reliability testing (CS 5032 2012)
 
Ultra-large Scale Systems (LSCITS EngD 2011)
Ultra-large Scale Systems (LSCITS EngD 2011)Ultra-large Scale Systems (LSCITS EngD 2011)
Ultra-large Scale Systems (LSCITS EngD 2011)
 
An overview of software requirements engineering
An overview of software requirements engineeringAn overview of software requirements engineering
An overview of software requirements engineering
 
Requirements Engineering Process Improvement
Requirements Engineering Process ImprovementRequirements Engineering Process Improvement
Requirements Engineering Process Improvement
 
Requirements Engineering: A Good Practice Guide
Requirements Engineering: A Good Practice GuideRequirements Engineering: A Good Practice Guide
Requirements Engineering: A Good Practice Guide
 
Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)
 

Semelhante a Security testing (CS 5032 2012)

A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingEC-Council
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.Expeed Software
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementJim Piechocki
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptxosandadeshan
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Dakiry
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and toolMoutasm Tamimi
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancementcyberprosocial
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specificationAryan Ajmer
 
1303 independent risk assessments
1303 independent risk assessments1303 independent risk assessments
1303 independent risk assessmentsJenny Reid
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information SystemsKashfUlHuda1
 
Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2Don Kim
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testingsakshisoni076
 

Semelhante a Security testing (CS 5032 2012) (20)

Security assessment
Security assessmentSecurity assessment
Security assessment
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability Management
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”
 
An integrated security testing framework and tool
An integrated security testing framework and toolAn integrated security testing framework and tool
An integrated security testing framework and tool
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Module 6.pptx
Module 6.pptxModule 6.pptx
Module 6.pptx
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
 
Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specification
 
1303 independent risk assessments
1303 independent risk assessments1303 independent risk assessments
1303 independent risk assessments
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
 
Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2Design and Analyze Secure Networked Systems - 2
Design and Analyze Secure Networked Systems - 2
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testing
 

Mais de Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale SystemsIan Sommerville
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITSIan Sommerville
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems designIan Sommerville
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITSIan Sommerville
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITSIan Sommerville
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-studyIan Sommerville
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013Ian Sommerville
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013Ian Sommerville
 

Mais de Ian Sommerville (19)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013
 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013
 

Último

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Security testing (CS 5032 2012)

  • 1. Dependability and Security Assurance Lecture 2 Dependability and Security Assurance, CSE course, 2011 Slide 1
  • 2. Security testing • Testing the extent to which the system can protect itself from external attacks. • Problems with security testing – Security requirements are ‘shall not’ requirements i.e. they specify what should not happen. It is not usually possible to define security requirements as simple constraints that can be checked by the system. – The people attacking a system are intelligent and look for vulnerabilities. They can experiment to discover weaknesses and loopholes in the system. • Static analysis may be used to guide the testing team to areas of the program that may include errors and vulnerabilities. Dependability and Security Assurance, CSE course, 2011 Slide 2
  • 3. Security validation • Experience-based validation – The system is reviewed and analysed against the types of attack that are known to the validation team. • Tiger teams – A team is established whose goal is to breach the security of the system by simulating attacks on the system. • Tool-based validation – Various security tools such as password checkers are used to analyse the system in operation. • Formal verification – The system is verified against a Dependability and Security Assurance, CSE course, 2011 formal security specification. Slide 3
  • 4. Examples of entries in a security checklist Security checklist 1. Do all files that are created in the application have appropriate access permissions? The wrong access permissions may lead to these files being accessed by unauthorized users. 2. Does the system automatically terminate user sessions after a period of inactivity? Sessions that are left active may allow unauthorized access through an unattended computer. 3. If the system is written in a programming language without array bound checking, are there situations where buffer overflow may be exploited? Buffer overflow may allow attackers to send code strings to the system and then execute them. 4. If passwords are set, does the system check that passwords are ‘strong’? Strong passwords consist of mixed letters, numbers, and punctuation, and are not normal dictionary entries. They are more difficult to break than simple passwords. 5. Are inputs from the system’s environment always checked against an input specification? Incorrect processing of badly formed inputs is a common cause of security vulnerabilities. Dependability and Security Assurance, CSE course, 2011 Slide 4
  • 5. Process assurance • Process assurance involves defining a dependable process and ensuring that this process is followed during the system development. • Process assurance focuses on: – Do we have the right processes? Are the processes appropriate for the level of dependability required. Should include requirements management, change management, reviews and inspections, etc. – Are we doing the processes right? Have these processes been followed by the development team. • Process assurance generates documentation – Agile processes therefore are rarely used for critical systems. Dependability and Security Assurance, CSE course, 2011 Slide 5
  • 6. Processes for safety assurance • Process assurance is important for safety-critical systems development: – Accidents are rare events so testing may not find all problems; – Safety requirements are sometimes ‘shall not’ requirements so cannot be demonstrated through testing. • Safety assurance activities may be included in the software process that record the analyses that have been carried out and the people responsible for these. – Personal responsibility is important as system failures may lead to subsequent legal actions. Dependability and Security Assurance, CSE course, 2011 Slide 6
  • 7. Safety related process activities • Creation of a hazard logging and monitoring system. • Appointment of project safety engineers who have explicit responsibility for system safety. • Extensive use of safety reviews. • Creation of a safety certification system where the safety of critical components is formally certified. • Detailed configuration management. Dependability and Security Assurance, CSE course, 2011 Slide 7
  • 8. Hazard analysis • Hazard analysis involves identifying hazards and their root causes. • There should be clear traceability from identified hazards through their analysis to the actions taken during the process to ensure that these hazards have been covered. • A hazard log may be used to track hazards throughout the process. Dependability and Security Assurance, CSE course, 2011 Slide 8
  • 9. A simplified hazard log entry Hazard Log Page 4: Printed 20.02.2009 System: Insulin Pump System File: InsulinPump/Safety/HazardLog Safety Engineer: James Brown Log version: 1/3 Identified Hazard Insulin overdose delivered to patient Identified by Jane Williams Criticality class 1 Identified risk High Fault tree YES Date 24.01.07 Location Hazard Log, Page 5 identified Fault tree creators Jane Williams and Bill Smith Fault tree checked YES Date 28.01.07 Checker James Brown System safety design requirements 1. The system shall include self-testing software that will test the sensor system, the clock, and the insulin delivery system. 2. The self-checking software shall be executed once per minute. 3. In the event of the self-checking software discovering a fault in any of the system components, an audible warning shall be issued and the pump display shall indicate the name of the component where the fault has been discovered. The delivery of insulin shall be suspended. 4. The system shall incorporate an override system that allows the system user to modify the computed dose of insulin that is to be delivered by the system. 5. The amount of override shall be no greater than a pre-set value (maxOverride), which is set when the system is configured by medical staff. Dependability and Security Assurance, CSE course, 2011 Slide 9
  • 10. Safety and dependability cases • Safety and dependability cases are structured documents that set out detailed arguments and evidence that a required level of safety or dependability has been achieved. • They are normally required by regulators before a system can be certified for operational use. The regulator’s responsibility is to check that a system is as safe or dependable as is practical. • Regulators and developers work together and negotiate what needs to be included in a system safety/dependability case. Dependability and Security Assurance, CSE course, 2011 Slide 10
  • 11. The system safety case • A safety case is: – A documented body of evidence that provides a convincing and valid argument that a system is adequately safe for a given application in a given environment. • Arguments in a safety case can be based on formal proof, design rationale, safety proofs, etc. Process factors may also be included. Dependability and Security Assurance, CSE course, 2011 Slide 11
  • 12. The contents of a software safety case Chapter Description System description An overview of the system and a description of its critical components. Safety requirements The safety requirements abstracted from the system requirements specification. Details of other relevant system requirements may also be included. Hazard and risk analysis Documents describing the hazards and risks that have been identified and the measures taken to reduce risk. Hazard analyses and hazard logs. Design analysis A set of structured arguments (see Section 15.5.1) that justify why the design is safe. Verification and validation A description of the V & V procedures used and, where appropriate, the test plans for the system. Summaries of the test results showing defects that have been detected and corrected. If formal methods have been used, a formal system specification and any analyses of that specification. Records of static analyses of the source code. Review reports Records of all design and safety reviews. Team competences Evidence of the competence of all of the team involved in safety-related systems development and validation. Process QA Records of the quality assurance processes (see Chapter 24) carried out during system development. Change management Records of all changes proposed, actions taken and, where appropriate, justification of the processes safety of these changes. Information about configuration management procedures and configuration management logs. Associated safety cases References to other safety cases that may impact the safety case. Dependability and Security Assurance, CSE course, 2011 Slide 12
  • 13. Structured arguments • Safety/dependability cases should be based around structured arguments that present evidence to justify the assertions made in these arguments. • The argument justifies why a claim about system safety/security is justified by the available evidence. Dependability and Security Assurance, CSE course, 2011 Slide 13
  • 14. Structured arguments Dependability and Security Assurance, CSE course, 2011 Slide 14
  • 15. Insulin pump safety argument • Arguments are based on claims and evidence. • Insulin pump safety: – Claim: The maximum single dose of insulin to be delivered (CurrentDose) will not exceed MaxDose. – Evidence: Safety argument for insulin pump (discussed later) – Evidence: Test data for insulin pump. The value of currentDose was correctly computed in 400 tests – Evidence: Static analysis report for insulin pump software revealed no anomalies that affected the value of CurrentDose – Argument: The evidence presented demonstrates that the maximum dose of insulin that can be computed = MaxDose. Dependability and Security Assurance, CSE course, 2011 Slide 15
  • 16. Structured safety arguments • Structured arguments that demonstrate that a system meets its safety obligations. • It is not necessary to demonstrate that the program works as intended; the aim is simply to demonstrate safety. • Generally based on a claim hierarchy. – You start at the leaves of the hierarchy and demonstrate safety. This implies the higher-level claims are true. Dependability and Security Assurance, CSE course, 2011 Slide 16
  • 17. A safety claim hierarchy for the insulin pump Dependability and Security Assurance, CSE course, 2011 Slide 17
  • 18. Safety arguments • Safety arguments are intended to show that the system cannot reach in unsafe state. • They do NOT demonstrate that the system is correct. • They are generally based on proof by contradiction – Assume that an unsafe state can be reached; – Show that this is contradicted by the program code • The contradiction means that the computation is therefore NOT UNSAFE i.e. SAFE. Dependability and Security Assurance, CSE course, 2011 Slide 18
  • 19. Construction of a safety argument • Establish the safe exit conditions for a component or a program. • Starting from the END of the code, work backwards until you have identified all paths that lead to the exit of the code. • Assume that the exit condition is false. • Show that, for each path leading to the exit that the FINAL VALUE ASSIGNMENTS made in that path contradict the assumption of an unsafe exit from the component. Dependability and Security Assurance, CSE course, 2011 Slide 19
  • 20. Insulin dose computation with safety checks -- The insulin dose to be delivered is a function of blood sugar level, -- the previous dose delivered and the time of delivery of the previous dose currentDose = computeInsulin () ; // THIS IS THE AMOUNT DELIVERED // Safety check—adjust currentDose if necessary. // if statement 1 if (previousDose == 0) //Assigns value to CurrentDose { if (currentDose > maxDose/2) currentDose = maxDose/2 ; } else if (currentDose > (previousDose * 2) ) currentDose = previousDose * 2 ; // if statement 2 if ( currentDose < minimumDose ) // ONLY EXECUTED IF DOSE UNSAFE currentDose = 0 ; else if ( currentDose > maxDose ) currentDose = maxDose ; administerInsulin (currentDose) ; Dependability and Security Assurance, CSE course, 2011 Slide 20
  • 21. Informal safety argument based on demonstrating contradictions Dependability and Security Assurance, CSE course, 2011 Slide 21
  • 22. Neither IF-THEN IF_ELSE branch of if- branch of if- branch of if- statement 2 is statement 2 is statement 2 is executed executed executed CurrentDose is >= minimumDose currentDose = 0 currentDose = and <= maxDose maxDose In all cases, the post conditions contradict the unsafe condition that the dose administered is greater than maxDose. Dependability and Security Assurance, CSE course, 2011 Slide 22
  • 23. Key points • Security validation is difficult because security requirements state what should not happen in a system, rather than what should. Furthermore, system attackers are intelligent and may have more time to probe for weaknesses than is available for security testing. • Security validation may be carried out using experience-based analysis, tool-based analysis or ‘tiger teams’ that simulate attacks on a system. • It is important to have a well-defined, certified process for safety-critical systems development. The process must include the identification and monitoring Dependability and Security Assurance, CSE course, 2011 Slide 23 of potential hazards.
  • 24. Key points • Safety and dependability cases collect all of the evidence that demonstrates a system is safe and dependable. Safety cases are required when an external regulator must certify the system before it is used. • Safety cases are usually based on structured arguments. Structured safety arguments show that an identified hazardous condition can never occur by considering all program paths that lead to an unsafe condition, and showing that the condition cannot hold. Dependability and Security Assurance, CSE course, 2011 Slide 24