Submitted by: Lea S.

San Pedro BSCS 3-A

Submitted to: Prof. Ruel Dogma

Security Engineering

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

Security engineering is concerned with how to develop and maintain systems that can resist malicious attacks intended to damage a computer-based system or its data. Security may be compromised in: 1. Application security is a software engineering problem where software engineers should ensure that the system is designed to resist attacks. 2. Infrastructure security is a systems management problem where system managers should ensure that the infrastructure is configured to resist attacks. System managers have to set up the infrastructure to make the most effective use of whatever infrastructure security features are available. Thl:y also have to repair infrastructure security vulnerabilities that have come to light as the software is used. Range of Activities in Security Management 1. User and permission management includes adding and removing users from the system, ensuring that appropriate user authentication mechanisms are in place and setting up the permissions in the system so that users only have access to the resources that they need. 2. System software deployment and maintenance includes installing system software and middleware and configuring these properly so that security vulnerabilities are avoided. It also involves updating this software regularly with new versions or patches that repair security problems that have been discovered. 3. Attack monitoring, detection and recovery includes activities which monitor the system for unauthorised access, detect and put in place strategies for resisting attacks and backup activities so that normal operation can be resumed after an external attack. Security threats fall into three principal categories: 1. Threats to the confidentiality of the system and its data. 2. Threats to the integrity of the system and its data. 3. Threats to the availability of the system and its data.

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

The controls that you might put in place to enhance system security also fall into three classes: 1. Controls that are intended to ensure that attacks are unsuccessful. 2. Controls that are intended to detect and repel attacks. 3. Controls that support recovery from problems. Security risk management involves assessing the losses that might ensue from attacks on a system and deriving security requirements that are aimed at eliminating or reducing these losses. Staged Process of Risk Assessment 1. Preliminary risk assessment. The aim of this assessment process is, firstly, to assess whether or not the benefits of developing the system justify the associated risks and then to derive specific security requirements for the system to be implemented. 2. Life cycle risk assessment. This risk assessment takes place during the system development life cycle and is informed by the technical system design and implementation decisions. It informs the process of security requirements engineering. Known and potential vulnerabilities are identified and this knowledge is used to inform decision-making about the system functionality and how it is to be implemented, tested and deployed.

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

Stages of Preliminary Risk Assessment

Asset Identification

Asset Value Assessment

Exposure Assessment

Threat Identification

Probability Assessment

Control Identification

Feasibility Assessment

Security Req. Definition

1. Asset identification where the system assets that may require protection are identified. 2. Asset value assessment where you estimate the value of the identified assets. 3. Exposure assessment where you assess the potential losses associated with each asset. 4. Threat identification where you identify the threats to system assets. 5. Probability assessment where you estimate the probability of each threat. 6. Control identification where you propose the controls that might be put in place to protect an asset. 7. Feasibility assessment where you assess the technical feasibility and the costs of the proposed controls. 8. Security requirements definition where the exposure, threats and control assessments are used to derive a set of system security requirements.

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

In designing a system architecture that maintains security, you need to consider two fundamental issues: 1. Protection--how should the system be organised so that critical assets can be protected against external attack? 2. Distribution--how should system assets be distributed so that the effects of a successful attack are minimized? Design guidelines for secure system engineering 1. Base security decisions on an explicit security policy 2. Avoid a single point of failure 3. Fail securely 4. Balance security and usability 5. Be aware of the possibility of social engineering 6. Use redundancy and diversity to reduce risk 7. Validate all inputs 8. Compartmentalize your assets 9. Design for deployment 10. Design for recoverabiJity

Deployment of a system involves configuring the software to operate in an operational environment, installing the system on the computers in that environment and then configuring the installed system for these computers. Four ways in which you can incorporate deployment support in a system: 1. Include support for viewing and analysing configurations 2. Mimmise default privileges 3. Localise configuration settings 4. Provide easy ways to fix security vulnerabilities

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

System survivability reflects the ability of a system to continue to deliver essential business or missioncritical services to legitimate users whilst it is under attack or after part of the system has been damaged. Strategies to achieve system survivability 1. Resistance 2. Recognition 3. Recovery Four-stage process of systems analysis 1. System understanding 2. Critical service identification 3. Attack simulation Scenarios 4. Survivability analysis Components

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

Service Oriented Software Engineering

Service-oriented Software Engineering (SOSE) is a software engineering methodology focused on the development of software systems by composition of reusable services (serviceorientation) often provided by other service providers. SOSE emphasizes on the specification, analysis, fault-tolerant computing, verification and validation, model checking, testing, dependability evaluation of service-oriented software and hardware. SOSE Techniques Development phase Collaborative specification & modeling SOSE techniques Service specification languages, Model-driving architecture,Ontology engineering, and Policy specification. Collaborative verification Dynamic completeness and consistency checking, dynamic model checking, and Dynamic simulation. Collaborative design Ontology engineering, dynamic reconfiguration, dynamic composition and re-composition, dynamic dependability (reliability, security, vulnerability, safety) design Collaborative implementation Collaborative validation Automatic system composition and code generation Dynamic specification-based test generation, group testing, remote testing, monitoring, and dynamic policy enforcement Collaborative run-time evaluation Dynamic data collection and profiling, data mining, reasoning, dependability (reliability, security, vulnerability, etc) evaluation Collaborative operation and maintenance Dynamic reconfiguration and recomposition, dynamic reverification and re-validation

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

Service engineering is the process of developing services for reuse in service-oriented applications. It has much in common with component engineering. Three logical stages in the service engineering process
Service Candidate Identification Service Candidate Identification Service Candidate Identification

Service Requirements

Service Interface Specification

Validated and Deployed Service

Service interfaces are defined in an XML-based language called WSDL. A WSDL specification includes a definition of the interface types and operations, the binding protocol used by the service and the service location There are three stages to service interface design: 1. Logical interface design where you identify the operations associated with the service, the inputs and outputs of these operations and the exceptions associated with these operations. 2. Message design where you design the structure of the messages that are sent and received by the service. 3. WSDL development where you translate your logical and message design to an abstract interface description written in WSDL. Legacy System Services 1. A maintenance service 2. A facilities service 3. A logging service

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

Six key stages in the process of service construction by composition:

Discover Services Select Services Refine Workflow
Create Workflow Program

Formulate Outline Workflow

Test Service

Workflow Design

Service List

Service Specifications

Workflow Design

Executable Workflow

Deployable Service

Workflow design involves analysing existing or planned business processes to understand the different stages of these processes then representing the process being designed in a workflow design notation. Testing is important in all system development processes to help demonstrate that a system meets its functional and non-functional requirements and to detect defects that have been introduced during the development process. Techniques of software testing based on sourcecode analysis cannot be used in service oriented systems that rely on externally provided services.

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

Aspect Oriented Software Development

Aspect-oriented software development (AOSD) is an emerging software development technology that seeks new modularizations ofsoftware systems in order to isolate secondary or supporting functions from the main program's business logic. AOSD allows multiple concerns to be expressed separately and automatically unified into working systems. Aspects are used alongside other abstractions such as objects and methods. Executable aspect-oriented program is created by automatically combining (weaving) objects, methods and aspects, according to specifications that are included in the program source code. Aspect-Oriented Software Development focuses on the identification, specification and representation of cross-cutting concerns and their modularization into separate functional units as well as their automated composition into a working system. Separation of concerns is a key principle of software design and implementation. There are several different types of stakeholder concern: 1. Functional concerns which are related to specific functionality to be included in a system.. For example, 111 a tram control system, a specific functional concern is train braking. 2. Quality of service concerns which are related to the non-functional behaviour of it system. These include characteristics such as performance, reliability and availability. 3. Policy concerns which are related to the overall policies that govern the use of the system. Policy concerns include security and safety concerns and concerns related to business rules. 4. System concerns which are related to attributes of the system as a whole such as its maintainability or its configurability.

10

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

5. Organizational concerns which are related to organizational goals and priorities such as producing a system within budget, making use of existing software assets or maintaining the reputation of an organization. Tangling occurs when a module in a system includes code that implements different system requirements. The related phenomenon of scattering occurs when the implementation of a single concern is scattered across several components in a program. Aspect is a program abstraction that defines a cross-cutting concern. It includes the definition of a pointcut and the advice associated with that concern. Join Point is an event in an executing program where the advice associated with an aspect may be executed. Pointcut is a statement, included in an aspect, that defines the join points where the associated aspect advice should be executed. Types of extension that are derived from the different types of concern 1. Secondary functional extensions. These add additional functional capabilities to the functionality provided in the core system. For example, the production of reports on the drugs prescribed in the previous month would be a secondary functional extension to a patient informaltion system. 2. Policy extensions. These add functional capabilities to support some organiZational policy. Extensions which add security features are examples of policy extensions. 3. QoS extensions. These add functional capabilities to help attain the quality of service requirements that have been specified for the system. For example, an extensmn might provide support for a cache to reduce the number of database accesses or automated backups for recovery in the event of a system failure. 4. Infrastructure extensions. These extensions add functional capabilities to support the Implementation of a system on some specific implementation platform.

11

EMERGING TECHNOLOGIES IN SOFTWARE ENGINEERING

Viewpoint-oriented approach to requirements engineering, where each viewpoint represents the requirements of related groups of stakeholders, is one way to separate core and secondary concerns. Aspect-oriented design is the process of designing a system that makes use of aspects to implement the cross-cctting conoerns and extensions that are identified during the requirements engineering process. Generic Aspect Oriented Design Process

Core System Design

Aspect Identification and Design

Composition Design

Conflict Analysis and Resolution

Name Design

Software Requirements

Design Models

Program Naming Standards

1. Core system design. At this stage, you should design an architecture to support the central, core functionality of the system. The architecture must also take into account quality of service requirements such as performance and dependability requirements. However, specific functional support that is required should be implemented as extensions. 2. Aspect identification and design. Starting with the extensions identified in the system requirements, you should analyse these to see if they are aspects in themselves or if they should be broken down into several aspects. Once aspects have been identified, these can then be separately designed, taking into account the design of the core system features. 3. Composition design. At this stage, you analyse the core system and aspect designs to discover where the aspects should be composed with the core system. 4. Conflict analysis and resolution. A problem with aspects is that they may interfere with each other when they are composed with the core system 5. Name design. This is an important design activity that defines standards for naming entities in the program.
12