Part 18: Prologue to Certification - PowerPoint PPT Presentation

chapter 18 introduction to assurance n.
Skip this Video
Loading SlideShow in 5 Seconds..
Part 18: Prologue to Certification PowerPoint Presentation
Part 18: Prologue to Certification

play fullscreen
1 / 21
Download
Download Presentation

Part 18: Prologue to Certification

Presentation Transcript

  1. Chapter 18: Introduction to Assurance • Overview • Why assurance? • Trust and assurance • Life cycle and assurance Computer Security: Art and Science ©2002-2004 Matt Bishop

  2. Overview • Trust • Problems from lack of assurance • Types of assurance • Life cycle and assurance • Waterfall life cycle model • Other life cycle models Computer Security: Art and Science ©2002-2004 Matt Bishop

  3. Trust • Trustworthy entity has sufficient credible evidence leading one to believe that the system will meet a set of requirements • Trust is a measure of trustworthiness relying on the evidence • Assurance is confidence that an entity meets its security requirements based on evidence provided by applying assurance techniques Computer Security: Art and Science ©2002-2004 Matt Bishop

  4. Relationships Computer Security: Art and Science ©2002-2004 Matt Bishop

  5. Problem Sources • Requirements definitions, omissions, and mistakes • System design flaws • Hardware implementation flaws, such as wiring and chip flaws • Software implementation errors, program bugs, and compiler bugs • System use and operation errors and inadvertent mistakes • Willful system misuse • Hardware, communication, or other equipment malfunction • Environmental problems, natural causes, and acts of God • Evolution, maintenance, faulty upgrades, and decommissions Computer Security: Art and Science ©2002-2004 Matt Bishop

  6. Examples • Challenger explosion • Sensors removed from booster rockets to meet accelerated launch schedule • Deaths from faulty radiation therapy system • Hardware safety interlock removed • Flaws in software design • Bell V22 Osprey crashes • Failure to correct for malfunctioning components; two faulty ones could outvote a third • Intel 486 chip • Bug in trigonometric functions Computer Security: Art and Science ©2002-2004 Matt Bishop

  7. Role of Requirements • Requirements are statements of goals that must be met • Vary from high-level, generic issues to low-level, concrete issues • Security objectives are high-level security issues • Security requirements are specific, concrete issues Computer Security: Art and Science ©2002-2004 Matt Bishop

  8. Types of Assurance • Policy assurance is evidence establishing security requirements in policy is complete, consistent, technically sound • Design assurance is evidence establishing design sufficient to meet requirements of security policy • Implementation assurance is evidence establishing implementation consistent with security requirements of security policy Computer Security: Art and Science ©2002-2004 Matt Bishop

  9. Types of Assurance • Operationalassurance is evidence establishing system sustains the security policy requirements during installation, configuration, and day-to-day operation • Also called administrative assurance Computer Security: Art and Science ©2002-2004 Matt Bishop

  10. Life Cycle Computer Security: Art and Science ©2002-2004 Matt Bishop

  11. Life Cycle • Conception • Manufacture • Deployment • Fielded Product Life Computer Security: Art and Science ©2002-2004 Matt Bishop

  12. Conception • Idea • Decisions to pursue it • Proof of concept • See if idea has merit • High-level requirements analysis • What does “secure” mean for this concept? • Is it possible for this concept to meet this meaning of security? • Is the organization willing to support the additional resources required to make this concept meet this meaning of security? Computer Security: Art and Science ©2002-2004 Matt Bishop

  13. Manufacture • Develop detailed plans for each group involved • May depend on use; internal product requires no sales • Implement the plans to create entity • Includes decisions whether to proceed, for example due to market needs Computer Security: Art and Science ©2002-2004 Matt Bishop

  14. Deployment • Delivery • Assure that correct masters are delivered to production and protected • Distribute to customers, sales organizations • Installation and configuration • Ensure product works appropriately for specific environment into which it is installed • Service people know security procedures Computer Security: Art and Science ©2002-2004 Matt Bishop

  15. Fielded Product Life • Routine maintenance, patching • Responsibility of engineering in small organizations • Responsibility may be in different group than one that manufactures product • Customer service, support organizations • Retirement or decommission of product Computer Security: Art and Science ©2002-2004 Matt Bishop

  16. Waterfall Life Cycle Model • Requirements definition and analysis • Functional and non-functional • General (for customer), specifications • System and software design • Implementation and unit testing • Integration and system testing • Operation and maintenance Computer Security: Art and Science ©2002-2004 Matt Bishop

  17. Relationship of Stages Computer Security: Art and Science ©2002-2004 Matt Bishop

  18. Models • Exploratory programming • Develop working system quickly • Used when detailed requirements specification cannot be formulated in advance, and adequacy is goal • No requirements or design specification, so low assurance • Prototyping • Objective is to establish system requirements • Future iterations (after first) allow assurance techniques Computer Security: Art and Science ©2002-2004 Matt Bishop

  19. Models • Formal transformation • Create formal specification • Translate it into program using correctness-preserving transformations • Very conducive to assurance methods • System assembly from reusable components • Depends on whether components are trusted • Must assure connections, composition as well • Very complex, difficult to assure Computer Security: Art and Science ©2002-2004 Matt Bishop

  20. Models • Extreme programming • Rapid prototyping and “best practices” • Project driven by business decisions • Requirements open until project complete • Programmers work in teams • Components tested, integrated several times a day • Objective is to get system into production as quickly as possible, then enhance it • Evidence adduced after development needed for assurance Computer Security: Art and Science ©2002-2004 Matt Bishop

  21. Key Points • Assurance critical for determining trustworthiness of systems • Different levels of assurance, from informal evidence to rigorous mathematical evidence • Assurance needed at all stages of system life cycle Computer Security: Art and Science ©2002-2004 Matt Bishop