security case buffer overflow
DESCRIPTION
TRANSCRIPT
Security assurance case study, 2013 Slide 1
Security case – buffer overflow
Security assurance case study, 2013 Slide 2
Security cases
• A structured body of evidence that supports an argument related to the security of a system
• Intended to convince a regulator or system controller that the system is acceptably secure
• Comparable to safety cases
Security assurance case study, 2013 Slide 3
The system is acceptably secure
RequirementsThere are no missing orExisting requirements that createSecurity vulnerabilities
OperationOperational procedures guard againstSecurity deficiencies
DesignThere are no design errors thatCreate security vulnerabilities
CodingThere are no implementation errorsthat create security vulnerabilities
CLAIM
SUBCLAIM
Security assurance case study, 2013 Slide 4
CodingThere are no implementation errorsthat create security vulnerabilities
Programmers trainedProgrammers have been trainedIn secure coding practice for the development language used
Coding defectsSecurity-threatening coding defectshave been identified and checked
Description of good codingpractice
EVIDENCE
Records of programmertraining
Buffer overflowThere are no bufferoverflow possibilities in the code
Input checksAll inputs checked for validity
Security assurance case study, 2013 Slide 5
Buffer overflowThere are no bufferoverflow possibilities in the code
Code reviewCode reviews showed nopotential buffer overflows
Static analysisStatic analysis tool did notReport buffer overflow possibilities
System testingTesting the code with invalid inputs (long strings) resulted in all invalidInputs being rejected
Security assurance case study, 2013 Slide 6
System testingTesting the code with invalid inputs (long strings) resulted in all invalidInputs being rejected
Test selection analysisJustification that the systemTests chosen were adequateTo discover buffer overflow
Test planThe tests chosen and expectedtest results
Test resultsResults of running thetests on the system
Security assurance case study, 2013 Slide 7
Security arguments
• Security should be based on multiple arguments rather than a single argument
• Key elements– Competence of the development team
– Conformance with recommended development processes
– Use of manual and automated analysis of code, designs and documents
– System testing
Security assurance case study, 2013 Slide 8
Tool support
• Security and safety arguments depend on organising a large volume of records, documents, test results, etc.
• Difficult to do manually so tool support for argumentation, reporting and document management is required
• Commercial tools available to support this activity e.g. Adelard safety case editor
Security assurance case study, 2013 Slide 9
Security assurance case study, 2013 Slide 10
Conclusions
• Security cases involve making structured arguments, backed up by evidence about the security of a system.
• Security cases will become increasingly important as regulators and managers will expect these to be produced before security-critical software is released
• Interesting challenge of reconciling security cases (which rely on documentation) and agile software development (which relies on minimising documentation)