Should we use tactics or patterns to build secure systems?

Abstrac

Automation of Authorisation Vulnerability Detection in Authenticated Web Applications

In the beginning the World Wide Web, also known as the Internet, consisted mainly of websites. These were essentially information depositories containing static pages, with the flow of information mostly one directional, from the server to the user’s browser. Most of these websites didn’t authenticate users, instead, each user was treated the same, and presented with the same information. A malicious party that gained access to the web server hosting these websites would usually not gain access to confidential information as most of the information on the web server would already be accessible to the public. Instead, the malicious party would typically modify the files that are on the server in order to deface the website or use the server to host pirated materials. At present, the majority of websites available on the public internet are applications; these are highly functional and rely on two-way communication between the client’s browser and the web server hosting the application. The content on these applications is typically generated dynamically, and is often tailored towards each specific user, with much of the information dealt with being confidential in nature. A malicious party that compromises a web application, and gains access to confidential information which they normally should not be able to access, may be able to steal personal client information, commit financial fraud, or perform other malicious actions against those users whose personal information has been leaked. This thesis seeks to examine the access controls that are put in place across a variety of web applications that seek to prevent malicious parties from gaining access to confidential information they should not be able to access. It will test these access controls to ensure that they are robust enough for their purpose, and aims to automate this procedure

Integration of policy aspects into information security issues in South African organisations

Information for individual organisations should always be secured. Organisations need to protect their information from attackers or competitors as these could lead to law suits or loss of business. With the more advanced network technology, information security risks and threats are believed to be on the increase and becoming even more sophisticated. This paper assesses how South African organisations integrate legal and policy aspects when they deal with information security issues. Qualitative research methods were employed to gather and analyse data for the study. Results show that participation by top management in the provision of information security policies is very minimal in organisations. Again, most information security practitioners are not familiar with the legal and policy aspects that they are supposed to integrate in the implementation of information security and thus most organisations in the country are not complying with the law.Institute for Corporate Citizenshi

Enhancing The Secured Software Framework Using Vulnerability Patterns And Flow Diagrams

This article describes the process of simplifying the software security classification. The inputs of this process include a reference model from previous researcher and existing Common Vulnerabilities and Exposure (CVE) database. An interesting aim is to find out how we can make the secured software framework implementable in practice. In order to answer this question, some inquiries were set out regarding reference model and meta-process for classification to be a workable measurement system. The outputs of the process are the results discussion of experimental result and expert's validation. The experimental result use the existing CVE database which serves as an analysis when a) the framework is applied on three mix datasets, and b) when the framework is applied on two focus datasets. The first explains the result when the framework is applied on the CVE data randomly which consist mix of vendors and the latter is applied on the CVE data randomly but on selective vendors. The metric used in this assessment are precision and recall rate. The result shows there is a strong indicator that the framework can produce acceptable output accuracy. Apart from that, several experts' views were discussed to show the correctness and eliminate the ambiguity of classification rules and to prove the whole framework process

Evaluation Framework for Software Security Requirements Engineering Tools

Tarkvaraarenduses on nõuded kui süsteemi vundament, mis vastutavad ka ebaõnnestumiste eest. Valed nõuded võivad viia tarkvara eripäradeni, mis tegelikult ei vasta spetsifikatsioonidele. Sel põhjusel peetakse nõuete koostamist kõige keerulisemaks ja olulisemaks sammuks tarkvaraarenduse elutsükli kõikide protsesside jooksul. Tänapäeval, kus küberrünnakud on \n\rtavalised, mängivad turvalisuse nõuded väga olulist rolli tarkvaraarenduse protsessis. On levimas uut tüüpi tööriistad, mille kasutamist peetakse kõige efektiivsemaks meetodiks turvalisusnõuete väljatöötamisel. Lisaks võimaldavad need tööriistad lahendada turvalisusega seotud küsimusi kasutajal endal, hoides märgatavalt kokku inseneride aega. Siiski on nende tööriistade \n\rareng alles algstaadiumis ning neid ei ole tarkvarainseneride poolt massiliselt kasutusele võetud. Põhjus on väga pikas uue tarkvara õppimise ja sellega kohanemise protsessis, mis põhjustab ajakadu arendusprotsessis ning lisab projektile kulusid. Projekti jaoks konkreetse tööriista valimisel võib tutvumine ja katsetamine võtta inseneridel hulgaliselt aega. Lisaks sellele võib struktureerimata valikuprotsess viia vale tööriista kasutuselevõtmisele, mis raiskab omakorda kõigi aega ja pingutusi. Selles uurimuses kavatseme me koostada struktureeritud lähenemise, mis aitab insenere turvaliste tööriistade valimisel. Protsessile kaasaaitamiseks saavad analüütikud ja arhitektid hinnata tarkvara omadusi, mida nad enda seisukohast olulisimateks peavad. Sellest lähtuvalt saavad nad valida kindlate tööriistade vahel ning teha parima valiku. \n\rAntud uurimustöös konstrueeritud lähenemisega on võimalik säästa aega, vaeva ja kulutusi. Uurimuse koostamise käigus uurime me tarkvaraarenduse turvaprotsesse, meetodeid ja tööriistu ning püüame luua raamistikku, mis oleks inseneridele turvalisusnõuete tööriistade hindamisel abiks.In software development requirements are considered as building blocks of software system, which also are considered to be responsible in event of failure. Bad requirements can lead to software features that are not to the specifications. For that reason requirement gathering process is considered as the most sensitive and complicated process among all software engineering lifecycle processes. In current age where cyber-attacks are common security requirements also comes into place and plays a very important role in software development process. In order to elicit security requirements new type of tools are begin to form a shape called security engineering tools which help in eliciting security requirements. That considered being the most efficient way of eliciting security requirements. Moreover these tools empower users with artifacts specifically to cater security needs, which save time and efforts for engineers in return. Nevertheless these tools are still at their infantry and are lacking mass adoption by software security engineers. Reason because these tools have steep learning curve which can add-up to development time and end up pushing more cost to the project. In order to decide which tool to select for a particular project require engineers to use these tools which in return will consume tremendous amount of time. Moreover using unstructured tool selection process can also leads to wrong tool selection which will be the waste of time and efforts. In this research work we are going to construct structured approach which will help engineers in security engineering tool selection process. In order to aid this process analysts and architects will be able to rate the features they want the most in a particular security engineering tool. In return from this process they will be able to choose between security engineering tools and select the best one. Finally using approach constructed in this research work will save time, efforts, and costs. In our approach we will analyze security engineering processes, methods and tools, to construct a framework that will help aid engineers in security engineering tool evaluation process

Applying Misuse Case to Improve the Security of Information Systems

In the Information Security Profession we are losing the Battle. Today’s Information Systems are, perversely, more secure than Tomorrow’s. The only way we can reverse this trend is by securing Information Systems smarter and faster than we do today. This dissertation explores Information Systems and how they are developed with the aim of incorporating Security in the early stages of their development; using a technique called ‘Misuse Cases’. Misuse Cases capture how an Information System can be used in a way that it is not supposed to, either deliberately (an attack) or accidentally (a mistake). It is true to say that Information Systems are misused by Human beings. Humans may use machines as a proxy from which to commit their misuses, but ultimately the security profession is at the mercy of human creativity (and stupidity). Misuse Cases provide us with a way to reason about how a System might be misused at an early stage in its development. We can use this information to incorporate countermeasures into the System’s Requirements (in the form of security requirements). We apply Four Techniques based on Misuse Cases to a hypothetical Case Study-an IT Contractor Management System to achieve the following: • Identify potential top-level Misuses; • Use Misuse Cases to Elicit Security Requirements; • Propose a way to develop Tests to verify that Security Requirements have been met. In applying the Techniques we recognise their benefits and limitations and where appropriate propose some enhancements

Engineering security into distributed systems: a survey of methodologies

Rapid technological advances in recent years have precipitated a general shift towards software distribution as a central computing paradigm. This has been accompanied by a corresponding increase in the dangers of security breaches, often causing security attributes to become an inhibiting factor for use and adoption. Despite the acknowledged importance of security, especially in the context of open and collaborative environments, there is a growing gap in the survey literature relating to systematic approaches (methodologies) for engineering secure distributed systems. In this paper, we attempt to fill the aforementioned gap by surveying and critically analyzing the state-of-the-art in security methodologies based on some form of abstract modeling (i.e. model-based methodologies) for, or applicable to, distributed systems. Our detailed reviews can be seen as a step towards increasing awareness and appreciation of a range of methodologies, allowing researchers and industry stakeholders to gain a comprehensive view of the field and make informed decisions. Following the comprehensive survey we propose a number of criteria reflecting the characteristics security methodologies should possess to be adopted in real-life industry scenarios, and evaluate each methodology accordingly. Our results highlight a number of areas for improvement, help to qualify adoption risks, and indicate future research directions.Anton V. Uzunov, Eduardo B. Fernandez, Katrina Falkne

Elicitación y trazabilidad de requerimientos utilizando patrones de seguridad

En este trabajo se describe un método para incorporar Patrones de Seguridad en el dominio específico de una aplicación con requerimientos de seguridad. Se utiliza la relación entre un glosario de términos específicos (LEL) y los Escenarios, asociados a casos de uso, para abstraer el conocimiento de ambos dominios: el propio de la aplicación y el de la seguridad. Luego con una nueva versión de la herramienta Baseline Mentor Workbench (BMW), se puede deducir el conjunto de CRC de análisis: clases candidatas. La terna: LEL, Escenario y CRC, son los componentes del modelo que nos permiten representar un Patrón de Seguridad mediante un sub-escenario con su terminología, semántica y comportamiento específicos. La información documentada en el “template” del Patrón de Seguridad, concretamente su comportamiento estático y dinámico, colaboran para conducir y validar el análisis del dominio de la aplicación con requerimientos de seguridad. De este modo el Patrón de Seguridad no sólo se incorpora al modelo de la aplicación de forma natural y controlada, sino que conduce las decisiones a tomar sobre el diseño de la aplicación. Como toda la información sobre el modelo estático y dinámico del Patrón de Seguridad pertenece a la etapa de diseño, y se integra a un modelo contextual de una aplicación perteneciente a la etapa de elicitación y análisis de requerimientos, los elementos del Patrón de Seguridad se dice que traccionan hacia etapas más avanzadas en el proceso de desarrollo de la aplicación. La herramienta extiende el concepto de “forward traceability” sobre los requerimientos de seguridad y permite tener visibilidad entre las CRC y los requerimientos que le dieron origen, sean éstos requerimientos funcionales y de seguridad. Este trabajo se ha organizado de la siguiente manera: en el Capítulo 2 se presentan aspectos relevantes del estado del arte de la producción de software seguro; se discuten algunos temas que apuntan a desarrollar un léxico y marco conceptual apropiado y otros que son motivos de investigación y desarrollo; se revisan los adelantos hechos sobre la elicitación de requerimientos de seguridad. En el Capítulo 3 se presenta el conjunto de elementos utilizados en la descripción del método propuesto: LEL, Escenarios, CRC y Patrones de Seguridad. En este Capítulo se muestra que es factible modelar un Patrón de Seguridad con los elementos descriptos: LEL, Escenario y CRC; lo cual resulta en un valor fundamental para este trabajo. En el Capítulo 4 se describe el método de elicitación de requerimientos utilizando Patrones de Seguridad, primero una síntesis de sus etapas y luego su aplicación en la construcción de una aplicación con requerimientos de seguridad. En el Capítulo 5 se describe la herramienta construida para utilizar el método propuesto. En el Capítulo 6 se presentan métodos relacionados, complementarios al propuesto en este trabajo. En el Capítulo 7 se presentan las conclusiones de este trabajo y para finalizar, en el Capítulo 8 se mencionan posibles futuros trabajos para continuar esta línea de investigación.Facultad de Informátic

Eliciting Security Requirements Through Misuse Activities

In previous work we introduced an approach for finding security requirements based on misuse activities (actions). This method starts from the activity diagram of a use case (or a sequence of use cases). Each activity is analyzed to see how it could be subverted to produce a misuse of information. This analysis results in a set of threats. We then consider which policies can stop or mitigate these threats. We now extend that approach to consider in the analysis the type of misuse (confidentiality, integrity ...) that can happen in each activity, the role of the attacker, and the context for the threat. This extended analysis results in a finer and more systematic way to find threats and we can identify now more threats. We also improve the way to find the policies to control these threats and we consider how to map the corresponding policies to security patterns. The information in each pattern helps in the selection of an optimal (or good) set of policies. Our extended approach can be conveniently incorporated in a methodology to build secure systems