1 / 40

Application and System Development

2. Introduction. Topic: Application and System DevelopmentGeneral security principlesThe ProblemThe Controls. 3. General Security Principles. AccountabilityAuthorizationLoggingSeparation of dutiesLeast privilegeRisk reductionLayered defense. 4. The Initial Problem. Access to Information in

byron
Download Presentation

Application and System Development

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. 1 Application and System Development

    2. 2 Introduction Topic: Application and System Development General security principles The Problem The Controls Approach Interaction/Discussion Based upon security general security principles Overlap The topic categories are arbitrary Discussion will touch on the same areas multiple times First topic: Application system development Approach Interaction/Discussion Based upon security general security principles Overlap The topic categories are arbitrary Discussion will touch on the same areas multiple times First topic: Application system development

    3. 3 General Security Principles Accountability Authorization Logging Separation of duties Least privilege Risk reduction Layered defense Approach Interaction/Discussion Based upon security general security principles Accountability Authorization Logging Separation of duties Least privilege Risk reduction Layered defense Redundancy Overlap The topic categories are arbitrary Discussion will touch on the same areas multiple times First topic: Application system development Approach Interaction/Discussion Based upon security general security principles Accountability Authorization Logging Separation of duties Least privilege Risk reduction Layered defense Redundancy Overlap The topic categories are arbitrary Discussion will touch on the same areas multiple times First topic: Application system development

    4. 4 The Initial Problem Access to Information in a Database Release of information Modification of information Denial of service Relational vs Object Oriented The biggest problems in application development: 1. Failure to design security into the application 2. Failure to control changes to the application 3. Failure to control the information for the application 4. Failure to control the transaction in transmission 5. Failure to control the information after transmission The biggest problems in application development: 1. Failure to design security into the application 2. Failure to control changes to the application 3. Failure to control the information for the application 4. Failure to control the transaction in transmission 5. Failure to control the information after transmission

    5. 5 Relational Database Tables “Relation” (Table or set of columns in table) With “Attributes” (Columns) Having “Permissible values” Specific Attribute is “Key” with unique values Occurring in “Instances” (Rows) “Tuple” of a Relation Instance Views With selected “Attributes” Linked by Key attributes Vulnerabilities? Accountability Spoofing a user Eavesdropping on session Inadequate authentication Unable to identify/track access/updates Illicit code to enable Theft of information or hard assets Improper access to information Improper update of information Improper destruction of information Invalid data - Lack of or inadequate data validation Data overwrites - Failure to lock records Incorrect internal processing Vulnerabilities? Accountability Spoofing a user Eavesdropping on session Inadequate authentication Unable to identify/track access/updates Illicit code to enable Theft of information or hard assets Improper access to information Improper update of information Improper destruction of information Invalid data - Lack of or inadequate data validation Data overwrites - Failure to lock records Incorrect internal processing

    6. 6 Relational Database Controls Grant/Revoke Privileges by Table, Column, Key set Permissions by View combining specific Tables, Columns, Key sets Conceptually dividing the database into pieces to allow sensitive data to be hidden from unauthorized users Authorizations for specific views having specific attributes, and for actions to perform within those views DAC, by specific grant to user or group by owner MAC, by classification level Vulnerabilities? Separation of Duties and Layered Defense Illicit code to enable Theft of information or hard assets Improper access to information Improper update of information Improper destruction of information Invalid data - Lack of or inadequate data validation Data overwrites - Failure to lock records Incorrect internal processing Direct access to data Vulnerabilities? Separation of Duties and Layered Defense Illicit code to enable Theft of information or hard assets Improper access to information Improper update of information Improper destruction of information Invalid data - Lack of or inadequate data validation Data overwrites - Failure to lock records Incorrect internal processing Direct access to data

    7. 7 Object-Oriented Database “Subjects” “Objects” “Methods” of accessing them Controls using Encapsulation, Inheritance, Information hiding Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    8. 8 Object-Oriented Issues Controls Polyinstantiation Producing a more defined version of an object by iteratively replacing variables with other variables or values Information located in more than one location for use by more than one user, usually having different security levels Requires sensitive information to be removed when stored at lower levels Insuring integrity with multiple updates going on is difficult Polymorphism Different objects responding to a common command in different ways - Encapsulation, Inheritance, Information hiding Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    9. 9 Programming/Data Attacks Salami attack Data diddling Fraud Logic bomb Mistakes Boundary errors Validation errors Time of Check/Time of Use (serialization) errors Covert channels Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    10. 10 Applications Beyond the Database Centralized systems Biggest issue still mistakes, omissions Protection by operating system/platform Physical data base integrity Logical data base integrity Element integrity Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    11. 11 Applications Beyond the Database Distributed systems More normal now “Decentralized” - connected or unconnected but related platforms running independent copies of software with independent copies of data Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    12. 12 Applications Beyond the Database Distributed systems “Decentralized” - connected or unconnected but related platforms running independent copies of software with independent copies of data “Dispersed” - interconnected and related platforms running the same software and using the same data, one of which (data or software) is centralized Accommodates change Deploys resources Improves performance Lower risk of system failure due to hardware malfunction Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    13. 13 Applications Beyond the Database Distributed systems “Decentralized” - connected or unconnected but related platforms running independent copies of software with independent copies of data “Dispersed” - interconnected and related platforms running the same software and using the same data, one of which (data or software) is centralized “Interoperable” or “Cooperative” - interconnected platforms running independent copies of software with independent copies of data Combines processing from dissimilar platforms Independently execute/test each component Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    14. 14 Definitions Loose coupling less dependencies between modules High cohesion modules perform discrete functions Agent Client/server local link to other areas of system, performs information preparation & exchange for client or server Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    15. 15 Potential Vulnerabilities Data problems Aggregation - building new objects from existing objects Inference deriving information not explicit Object reuse/garbage collection - reclaiming information from dynamic storage Data contamination Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    16. 16 Potential Vulnerabilities Malicious Code Trojan horse - program with hidden and undesirable functions Virus - malicious, usually destructive, code that infects other programs to propagate itself Logic bomb - hidden code designed to perform undesirable activities upon receiving or observing a specific condition Letter bomb - email attachment with malicious code Worm - a program that uses communications methods to propagate itself between systems Applet - platform-independent download-and-run mini-program used in Java programming Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    17. 17 Potential Vulnerabilities Access problems Trap door - secret way in Back door - unapproved method of accessing the system Covert channel - Unapproved communications link between application and another Covert storage channel - Writing to storage through one process, and reading by another (lower security level) Covert timing channel - Processes signal to one another by modulating system use Physical access to the area Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    18. 18 Vulnerabilities Summary Spoofing/Eavesdropping Unable to identify/track access/updates Theft of information or hard assets Improper access to information Improper update of information Improper destruction of information Lack of or inadequate data validation Data overwrites Incorrect internal processing Direct data access

    19. 19 Definitions Data mining Analyzing databases for trends/anomalies using automated tools without knowledge of data Knowledge-base system System to query a collection of knowledge expressed using a formal knowledge representation language Artificial Neural Network able to learn from example and to generalize

    20. 20 Controls - Personnel Issues Accountability and Risk Reduction Background checks of all personnel Separation of Duties Separate responsibilities for application development, approval, implementation, support

    21. 21 Application System Development Implement a Systems Development Life Cycle Quality Assurance program Involve QA/QC, Audit, Information Security Enforce review and approval of all applications

    22. 22 Application System Development Systems Development Life Cycle Applies to new development AND system maintenance

    23. 23 Application System Development Systems Development Life Cycle Applies to new development AND system maintenance Include infosec reviews at each milepost of cycle Verify that security requirements have been met Perform review of design and code

    24. 24 Application System Development Systems Development Life Cycle Applies to new development AND system maintenance Include infosec reviews at each milepost of cycle Project Initiation Involve information security in initial discussion of project Perform Risk Assessment to Define sensitivity of information Define criticality of system Define security risks Define level of protection needed Ensure regulatory/legal/privacy issues are addressed Ensure requirements can be met by application

    25. 25 Application System Development Systems Development Life Cycle Applies to new development AND system maintenance Include infosec reviews at each milepost of cycle Project Initiation Project Definition (Design Analysis) Functional/system design requirements Determine acceptable level of risk Level of loss Percentage of loss Permissible variance Identify security requirements and controls Determine exposure points in process Define controls to mitigate exposure Ensure requirements can be met by application

    26. 26 Application System Development Systems Development Life Cycle Applies to new development AND system maintenance Include infosec reviews at each milepost of cycle Project Initiation Project Definition (Design Analysis) System Design (Design Specification) Detailed planning of functional components Design program controls Design security mechanisms Design test plan Design verification Mathematical verification of model and design correspondence

    27. 27 Application System Development Systems Development Life Cycle Applies to new development AND system maintenance Include infosec reviews at each milepost of cycle Project Initiation Project Definition (Design Analysis) System Design (Design Specification) Programming/Training (Software Development) Development personnel should be authorized to work on system Document security Training of support personnel and users

    28. 28 Application System Development Systems Development Life Cycle Applies to new development AND system maintenance Include infosec reviews at each milepost of cycle Project Initiation Project Definition (Design Analysis) System Design (Design Specification) Programming and Training (Software Development) Installation, Evaluation and Testing Development staff should not conduct evaluation/testing Certification of security functionality Certification of processing integrity Desk check, operational test

    29. 29 Definitions Acceptance Verification that performance and security requirements have been met Accreditation Formal acceptance of security adequacy, authorization for operation and acceptance of existing risk (QC) Certification Formal testing of security safeguards Operational assurance Verification that a system is operating according to its security requirements Assurance Degree of confidence that the implemented security measures work as intended

    30. 30 Application System Development Systems Development Life Cycle Applies to new development AND system maintenance Include infosec reviews at each milepost of cycle Project Initiation Project Definition (Design Analysis) System Design (Design Specification) Programming and Training (Software Development) Installation, Evaluation and Testing Destruction

    31. 31 The Real World Systems Development Life Cycle Organizations understaffed, wear too many hats Separation of duties seldom complete Infosec seldom involved in initial stages of development Risks seldom adequately assessed Exposure points and controls seldom adequately determined Code checks are often skimped Approvals are often perfunctory Development process continues without formal approval Few limits on access to program code Change control for programs only

    32. 32 Operational Issues Implementation and Operation Code issues - Change Control Data issues Access Integrity Personnel issues

    33. 33 Controls Implementation and Operation Authorization - All support personnel should be authorized

    34. 34 Controls Implementation and Operation Risk Reduction - All code should be reviewed prior to implementation - Change Management

    35. 35 Controls Implementation and Operation Separation of Duties - Development staff should not review, implement systems Development staff should not support production data Development staff should not manage security function

    36. 36 Controls Accountability - No access should be permitted directly to database Production data should be managed by users, not support staff All access to production data should be logged

    37. 37 Controls Implementation and Operation All support personnel should be authorized All code should be reviewed prior to implementation Development staff should not review, implement systems Development staff should not support production data Development staff should not manage security function No access should be permitted directly to database Production data should be managed by users, not support staff All access to production data should be logged Least Privilege Access control Access should be given to necessary data fields only Layered Defense Access controls should be used in addition to system access

    38. 38 The Real World Implementation and Operation Organizations understaffed, wear too many hats Separation of duties seldom complete Development staff often support production systems IT staff often maintain production data Access is often granted on basis of “least effort”

    39. 39 Definitions Loose coupling weak dependencies between modules High cohesion modules perform discrete functions Due Care minimum and customary practice of responsible protection of assets that reflects a community or societal norm Due Diligence prudent management and execution of due care Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people Vulnerabilities? Improper access to data - controls not granular enough Invalid data - Update permitted to the wrong/too many people

    40. 40 Final Considerations What does the development life cycle and change control implementation cover? Applications programs? Supporting libraries? Operating systems? Proportionality

More Related