130 likes | 391 Views
CSCE 548 Secure Software Development Use Cases Misuse Cases. Reading. Required: McGraw: Chapter 8 I. Alexander, Misuse Cases: Use Cases with Hostile Intent, IEEE Software, vol. 20, no. 1, pp. 58-66, Jan./Feb. 2003. http://www.computer.org/portal/web/csdl/doi/10.1109/MS.2003.1159030
E N D
Reading Required: • McGraw: Chapter 8 • I. Alexander, Misuse Cases: Use Cases with Hostile Intent, IEEE Software, vol. 20, no. 1, pp. 58-66, Jan./Feb. 2003. http://www.computer.org/portal/web/csdl/doi/10.1109/MS.2003.1159030 Recommended” • Pauli and Xu, Misuse Case-Based Design and Analysis of Secure Software Architecture, http://cs.ndsu.edu/~dxu/publications/pauli-xu-ITCC05.pdf • Steven and Peterson, Defining Misuse within the Development Process, http://csdl.computer.org/dl/mags/sp/2006/06/j6081.pdf • Next lecture: • Reliability
Application of Touchpoints External Review 3. Penetration Testing 1. Code Review (Tools) 6. Security Requirements 4. Risk-Based Security Tests 2. Risk Analysis 7. Security Operations 5. Abuse cases 2. Risk Analysis Requirement and Use cases Architecture and Design Test Plans Code Tests and Test Results Feedback from the Field
Misuse Cases • Software development: making software do something • Describe features and functions • Everything goes right • Need: security, performance, reliability • Service level agreement – legal binding • How to model non-normative behavior in use cases? • Think like a bad guy
Software Vendor Accountability SLA for specific, measurable criteria: • Proper implementation of security features • Looking for known security flaws and confirming that they are not present • Passing third party validation and verification • Use of source code analysis tools
Checking for Known Vulnerabilities • Need tool • Possible attacks and attack types • How the software behaves if something goes WRONG • What motivates an attacker?
Misuse Cases • Extends use case diagrams • Represent actions the system should prevent • Represent together • Desired functionalities • Undesired actions • Security: emergent property must be built in from the ground up • Making explicit trade offs
Misuse Cases • Analyze system design and requirements • Assumptions • Failure of assumptions • Attack patterns • Software that is used also going to be attacked • What can a bad guy do and how to react to malicious use
Misuse Case Development • Team work – software developers and security experts • Identifying and documenting threats • Creating anti-requirements: how the system can be abused • Creating attack model • Select attack pattern relevant to the system • Include anyone who can gain access to the system
Link to slides on Ian Alexander’s paper on Misuse Cases: Use Cases with Hostile Intent, www.cse.msstate.edu/~allen/cse8990sp07/Lectures/Presentations/cln11_021507.ppt
Next Class • Software Reliability • B. Littlewood, P. Popov, L. Strigini, "Modelling software design diversity - a review", ACM Computing Surveys, Vol. 33, No. 2, June 2001, pp. 177-208, http://portal.acm.org/citation.cfm?doid=384192.384195