CSE 101

Lesson 5 Software Engineering Concepts and Computer Security

Summer 2011
1

What is the difference between software engineering and computer science?

Computer Science
 theory  fundamentals

Software Engineering
  the practicalities of developing delivering useful software

is concerned with

System Engineering is concerned with all aspects of computer-based

systems development including hardware, software and process engineering.

What is a software process?

A set of activities whose goal is the development or evolution of software. Generic activities in all software processes are: Specification - what the system should do and its development constraints Development - production of the software system Validation - checking that the software is what the customer wants Evolution - changing the software in response to changing demands. CASE (Computer-Aided Software Engineering) :Software systems which are intended to provide automated support for software process activities, such as requirements analysis, system modelling, debugging and testing
Upper-CASE Tools to support the early process activities of requirements and design Lower-CASE Tools to support later activities such as programming, debugging and testing

What are the attributes of good software?

The software should deliver the required functionality and performance to the user and should be maintainable, dependable and acceptable. Maintainability
Software must evolve to meet changing needs (scalable);

Dependability
Software must be trustworthy (reliable, secured and safe);

Efficiency
Software should not make wasteful use of system resources;

Acceptability
Software must accepted by the users for which it was designed. This means it must be understandable, usable and compatible with other systems.

What are the key challenges facing Software Engineering?

Heterogeneity
Developing techniques for building software that can cope with heterogeneous platforms and execution environments;

Delivery
Developing techniques that lead to faster delivery of software;

Trust
Developing techniques that demonstrate that software can be trusted by its users. Reliable, Secured and Safe.

Generic Software Process Models

A simplified representation of a software process, presented from a specific perspective Examples of process perspectives:
Workflow perspective represents inputs, outputs and dependencies Data-flow perspective represents data transformation activities Role/action perspective represents the roles/activities of the people involved in software process

Generic process models

Waterfall Evolutionary development Formal transformation Integration from reusable components

Engineering Example
Building a house: Land and finances garden, garage, you are used to age wine, enjoy to sit by the fireplace, lots of storage, dont like Bauhaus Architect will define number of floors and rooms, orientation of the driveway, size of the garage type of bricks, color of the walls, Construction Entering Living in the house Fixing minor problems, leaking in the roof
7

The Waterfall Model

System Feasibility Plans + Requirements Validation

Waterfall Weakness
High risk for new systems because of specification and design problems. Low risk for well-understood developments using familiar technology. Usually requirements change, are incomplete or even not known ( Result: Thats not what I meant ! ( go back to last step ) WF-Model reacts very statically: Each stage must be completed before next one starts

Validation

Product Design

Verification

Detailed Design

Verification

Code

Unit Test

Too expensive Doesnt force to discipline

Integration Product Verification

Integration

System Test

Operation + Maintenance

Revalidation
8

Evolutionary Process Model

Concurrent activities Initial version

Specification

Outline description

Development

Intermediate versions

Validation

Final version

Process Model Weakness: Prototyping

Low risk for new applications because specification and program stay in step. High risk because of lack of process visibility.

Transformational
High risk because of need for advanced technology and staff skills.
9

Spiral Process Model

Determine objectives alternatives and constraints Evaluate alternatives identify, resolve risks Risk analysis Risk analysis Risk analysis Prototype 2 Risk analysis Prototype 1 Concept of Operation Prototype 3 Operational protoype

REVIEW Requirements plan Life-cycle plan

Simulations, models, benchmarks S/W requirements

Product design

Development plan Integration and test plan

Requirement validation Design V&V

Detailed design

Code Unit test

Plan next phase

Focuses attention on reuse options. Focuses attention on early error elimination. Puts quality objectives up front. Integrates development and maintenance. Provides a framework for hardware/software development. Contractual development often specifies process model and deliverables in advance. Requires risk assessment expertise.

Integration test Acceptance test Develop, verify Service next-level product

10

Professional and ethical responsibility

Software engineering involves wider responsibilities than simply the application of technical skills. Software engineers must behave in an honest and ethically responsible way if they are to be respected as professionals. Ethical behaviour is more than simply upholding the law. Confidentiality Engineers should normally respect the confidentiality of their employers or clients irrespective of whether or not a formal confidentiality agreement has been signed. Competence Engineers should not misrepresent their level of competence. They should not knowingly accept work which is outside their competence. Intellectual property rights Engineers should be aware of local laws governing the use of intellectual property such as patents, copyright, etc. They should be careful to ensure that the intellectual property of employers and clients is protected. Computer misuse Software engineers should not use their technical skills to misuse other peoples computers. Computer misuse ranges from relatively trivial (game playing on an employers machine, say) to extremely serious (dissemination of viruses).
11

ACM/IEEE Code of Ethics

The professional societies in the US have cooperated to produce a code of ethical practice. Members of these organisations sign up to the code of practice when they join. The Code contains eight Principles related to the behaviour of and decisions made by professional software engineers, including practitioners, educators, managers, supervisors and policy makers, as well as trainees and students of the profession.

PUBLIC CLIENT AND EMPLOYER PRODUCT JUDGMENT MANAGEMENT PROFESSION COLLEAGUES SELF

12

Code of ethics - principles

PUBLIC Software engineers shall act consistently with the public interest. CLIENT AND EMPLOYER Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest. PRODUCT Software engineers shall ensure that their products and related modifications meet the highest professional standards possible. JUDGMENT Software engineers shall maintain integrity and independence in their professional judgment. MANAGEMENT Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance. PROFESSION Software engineers shall advance the integrity and reputation of the profession consistent with the public interest. COLLEAGUES Software engineers shall be fair to and supportive of their colleagues. SELF Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession.
13

Computer Crime Software Piracy

Software piracy the illegal copying of software programs is the biggest legal issue affecting the computer industry. Piracy is of greatest concern to developers of commercial software, or programs that must be purchased before using. Piracy is less of a concern for shareware makers, whose programs must be registered but not always purchased. Piracy is not a concern for freeware, which is software that can be freely distributed by anyone.

Various forms of copy protection have been used to discourage piracy, including: Installation diskettes that record the number of times the software is installed. Hardware locks, without which the program cannot function. Passwords, serial numbers, or other codes required for installation.

14

Computer Viruses Categories of Viruses

A virus is a parasitic program that infects another program (the host). Most viruses fall into the following categories: Boot sector viruses Self-encrypting viruses Cluster viruses Self-changing viruses File-infecting viruses Stealth viruses Worms Macro viruses Bombs Joke programs Trojan Horses Bimodal viruses Polymorphic viruses Bipartite viruses Self-garbling viruses Multipartite viruses E-mail viruses Macro viruses
Viruses are spread in several ways. The most common are: Receiving an infected disk. Downloading an infected executable file from a network or the Internet. Copying a document file that is infected with a macro virus. To avoid viruses, you should: Treat all disks as though they are infected. Install an antivirus program and keep its virus definitions (database of virus information) up to date. Run your antivirus program regularly.
15

Theft Hardware, Software Theft and Data Theft

As PCs become smaller and as more people use laptop and handheld computers hardware theft is becoming a growing problem. Software theft is also a major problem for companies, many of which must purchase large quantities of expensive software programs. To combat hardware and software theft, many companies are locking hardware to desks and securing software in libraries, granting access to employees only as needed. Data theft can be far more serious than software or hardware losses, because data can be difficult or impossible to replace. Hackers are a threat to sensitive corporate and government data because they pride themselves on getting around security measures. Organizations can keep hackers at bay by protecting their networks. This can be done by enforcing the use of user IDs and passwords. Data can also be protected through encryption, making it useless to anyone who does not have the encryption key.

16

Network Security
Classic properties of secure systems:
Confidentiality
Encrypt message so only sender and receiver can understand it.

Authentication
Both sender and receiver need to verify the identity of the other party in a communication: are you really who you claim to be?

Authorization
Does a party with a verified identity have permission to access (r/w/x/) information? Gets into access control policies.

Integrity
During a communication, can both sender and receiver detect whether a message has been altered?

Non-Repudiation
Originator of a communication cant deny later that the communication never took place

Availability
Guaranteeing access to legitimate users. Prevention of Denial-of-Service (DOS) attacks.
17

Cryptography
plaintext Encryption ciphertext Decryption plaintext

Encryption algorithm also called a cipher Cryptography has evolved so that modern encryption and decryption use secret keys
Only have to protect the keys! => Key distribution problem Cryptographic algorithms can be openly published plaintext ciphertext plaintext Encryption Decryption

Key KA

Key KB
18

Cryptography
Cryptography throughout history:
Julius Caesar cipher: replaced each character by a character cyclically shifted to the left. Weakness?
Easy to attack by looking at frequency of characters

Mary Queen of Scots: put to death for treason after Queen Elizabeths Is spymaster cracked her encryption code WWII: Allies break German Enigma code and Japanese naval code
Enigma code machine (right)
19

Cryptography
Cryptanalysis Type of attacks: Brute force: try every key Ciphertext-only attack: Attacker knows ciphertext of several messages encrypted with same key (but doesnt know plaintext). Possible to recover plaintext (also possible to deduce key) by looking at frequency of ciphertext letters Known-plaintext attack: Attacker observes pairs of plaintext/ciphertext encrypted with same key. Possible to deduce key and/or devise algorithm to decrypt ciphertext. Chosen-plaintext attack: Attacker can choose the plaintext and look at the paired ciphertext. Attacker has more control than known-plaintext attack and may be able to gain more info about key Adaptive Chosen-Plaintext attack: Attacker chooses a series of plaintexts, basing the next plaintext on the result of previous encryption Differential cryptanalysis very powerful attacking tool But DES is resistant to it Cryptanalysis attacks often exploit the redundancy of natural language Lossless compression before encryption removes redundancy
20

Principle of Confusion and Diffusion

plaintext Encryption ciphertext Decryption plaintext

Key KA

Key KB

Terms courtesy of Claude Shannon, father of Information Theory Confusion = Substitution

a -> b Caesar cipher abcd -> dacb DES
21

Diffusion = Transposition or Permutation

Principle of Confusion and Diffusion

Confusion : a classical Substitution Cipher Modern substitution ciphers take in N bits and substitute N bits using lookup table: called SBoxes Cryptographers often think in terms of the plaintext alphabet as being the alphabet used to write the original message, and the cipher text alphabet as being the letters that are substituted in place of the plain letters. A cipher is the name given to any form of cryptographic substitution, in which each letter is replaced by another letter or symbol.
22

Caesar Cipher
According to Suetonius, Caesar simply replaced each letter in a message with the letter that is three places further down the alphabet. As shown below, it is clear to see that the cipher text alphabet has been shifted by three places. Hence this form of substitution is often called the Caesar Shift Cipher.

Courtesy: Andreas Steffen

23

Pigpen Cipher
The Pigpen Cipher was used by Freemasons in the 18th Century to keep their records private. The cipher does not substitute one letter for another; rather it substitutes each letter for a symbol. The alphabet is written in the grids shown, and then each letter is enciphered by replacing it with a symbol that corresponds to the portion of the pigpen grid that contains the letter. For example:

Plain Text

: I Love Computer Science

Cipher text :

24

Principle of Confusion and Diffusion

Diffusion : a classical Transposition cipher

Courtesy: Andreas Steffen

modern Transposition ciphers take in N bits and permute using lookup table : called P-Boxes
25

Question???

26