検索 - みる会図書館

検索対象: Software security. building security in

Software security. building security inから 421件ヒットしました。

Software security. building security in


② software security

Software security. building security in


7 92 C わ 4 々 右 7 R な た - B ビ d S “ 〃 り s 〃 〃 g a program has design-level vulnerabilities reqmres great expertise, which makes finding such flaws not only difficult but 引 so particularly hard to automate. Even though finding flaws is a difficult undertaking, I cover it in some detail in Chapter 5. Examples 0f design-level problems include error handling in object- oriented systems, Object sharing and trust lssues, unprotected data channels (bOth internal and external), incorrect or missing access control mecha- msms, lack 0f auditing/logging or incorrect logging, and ordering and tim- ing errors (especially in multithreaded systems). These sorts 0f flaws almost always lead tO security risk. Risk Management and Security Testing SOft 、 vare securlty practitioners perform many different tasks tO manage software security riSkS, such as: ・ Creating security abuse/misuse cases ・ LiSting normative security reqtllrements (and security features and functions) ・ Performing architectural risk analysis ・ Building risk-based security test plans ・ Wielding static analysis t001S ・ Performing security tests ・ Performing penetration testing in the final environment ・ Cleaning up after security breaches Three of these practices are particularly closely linked—architectural risk analysis, risk-based security test planning, and security testing—because a critical aspect Of security testing relies on directly probing security risks. Chapter 5 explains how t0 approach a software security risk analysis, the end product being a set Of security-related risks ranked by business or mis- S10n impact. Chapter 2 explains how t0 keep track 0f security risks and properly manage them over tlme in an RMF. The pithy aphorism 。 。 Software security is not security software" provides an important motivator for security testing. Although security features, such as cryptography, strong authentication, and access control, play a critical role in software security, security itself is an emergent property Of the entire system, not Just the security mechanisms and features. A buffer overflow is a security problem regardless Of whether it exists in a security feature or in the noncritical GUI.

Software security. building security in


PART ー Software Security Fundamentals

Software security. building security in


20 The ProbIem with AppIication Security C わ 7 Defining 4 D な じ ゅ ビ Because the idea that software iS a maJOr problem in computer security iS fairly new, many diverse sets 0f people are working on the problem. One set Of network securlty practitioners, led by a number Of security tOOls vendors, has worked hard and spent lots 0f marketing money t0 coin "application security' as the moniker Of ChOice tO describe the software security space. There are a number Of reasons tO be wary when confronted with application security. Personally, I am a proponent Of the term 50 ″ 比 e security over the term 4 々 々 〃 〃 0 〃 5 % ″ especially when discussing the idea 0f building security in. Here'S Why. One problem is that the term 4 々 々 〃 じ 4 〃 0 〃 5 ビ c 〃 り means different things tO different people. ln many circles, it has come tO mean the protection Of software 4 〃 / 4 耘 わ 〃 市 . Although the notion 0f protecting software iS an important one, JLISt plain easler tO protect something that is defect- free than something riddled with vulnerabilities. Pondering the question, "What is the most effective way tO protect software ' can help untangle software security and application security. On one hand, software security is about building secure software: desigmng software tO be secure; making sure that software iS secure; and educating software developers, architects, and users about hOW tO build security in. On the other hand, application security is about protecting software and the systems that software runs ln a post factO way, only after development is complete. lssues critical t0 this subfield include sandboxing code ()s the Java Virtual Machine does), protecting against malicious code, obfuscating code, locking down executables, monitoring programs as they run (especially their input), enforcing the software-use policy with technology, and dealing with extensible systems. Application security follows naturally from a network-centric approach tO security by embracing standard approaches, such as "penetrate and patch" and input filtering (trying t0 block malicious input), and by generally providing value in a reactive way. (See the next box—Application Security Testing Tools: Good or Bad?) Put succinctly, application security is based primarily on finding and fixing known security problems after they've been exploited in fielded systems, usually by filtering dangerous input on its way to broken software. S0ftware security—the process 0f designing, building, and testing software for securlty—identifies and expunges problems in the soft 、 vare itself. ln this way, software security practitioners attempt tO build SO 丘 ー ware that can withstand attack proactively. Let me glve you a specific example:

Software security. building security in


PART Ⅲ Software Security Grows Up

Software security. building security in


PART Ⅱ seven Touchpoints fo 「 Software Security

Software security. building security in


工 X レ 〃 i security touchpoints intO action. applicable throughout the software development lifecycle when you put the attack patterns, and historical risks. These knowledge catalogs are directly ful tO practitioners: prmciples guidelines explOitS' pillars. This chapter presents a taxonomy 0f seven knowledge catalogs use- Chapter 11 , Knowledge for software securitY' describes one 0f the three with the software security touchpoints. is the result Of combining your existing approach tO software development rity programs. A completely integrated secure Development Lifecycle (SDL) Of expenence at Cigital' helping large companies implement software secu- zooming down the highway' but it な possible. This chapter draws on years IS running 100 miles an hour is like fixing your engine while your car is adopting software securlty touchpoints in a development organization that oriented 0f the chapters in SO ″ ル 4 立 り . There is little doubt that in a large organization. Because Of Chapter 10 is the 1 れ ost business- approach t0 the kind 0f cultural change required t0 adopt software security Chapter 10 , An Enterprise software security Program' describes an programs. Of essential software security knowledge and Of large-scale software security part lll, Software security Grows Up, contains a far-ranging treatment to-day tactics carried out by ops people are largely defensive. essential tO security, Of course' but in terms Of building security the day- a white hat activity, but it is only very weakly constructive. Operations is that might otherwise be missing from the development team. Operations is carrylng out the touchpoints, providing and security wisdom tions, describes hO 、 network securlty professionals can get involved in ing network security. Chapter 9 , S0ftware SecuritY Meets Security Opera- Software security can benefit greatly from experience gained bY practic- both black and white hats, the black hat is predominant. drives the remaimng portion. Although abuse cases clearly involve a mix of centage 0f the abuse cases. Black hat thinking in the form Of attack patterns security reqmrements, which are a necessary foundation for a goodly per- selves driven by the two threads. White hat thinking (constructive) drives hat (destructive) activities. That would be wrong. Abuse cases are them- are tricky. You might guess by the name that abuse cases involve only black process iS introduced tO adoption Of cases easier. cases known attack patterns and alSO thinking about anti-requirements. A simple activity. Abuse case development is based on understanding and applying

Software security. building security in


38 C わ 4 1 Defining 4 D な c ゆ 〃 れ practices may be the only way t0 go. Microsoft's Trustworthy Computing lnitiative IS no accident. If we are to build systems that can be properly operated, we must involve the わ 〃 〃 d ビ Of systems security. ThiS starts with education, where security remalns an often-unmentioned especially the software arena. Every modern security department needs tO think seriously about security engineering. The best departments already have staff devoted tO software security. Others are beginning tO 100k at the problem Of security engmeering. At the very least' close collaboration with the 。 in your orgamzatlon IS a necesslty. Don't forget that software security is not Just about building security functionality and integrating security features! C0ders are likely t0 ask' "lf I use [this API] , is it good enough when doing their building thing. The question tO ask in response 。 ・ what attacks have impact and are worth avoiding for this module? " This line Of questioning works tO elicit a better understanding Of design and its security implications. 50 wa 代 Security ls E 0 れ e ' 5 J0b Connectivity and distributed computatlon is SO pervasive that the only way tO begin tO secure our computlng infrastructure iS tO everyone. ・ Builders must practice security engineermg, ensuring that the systems we build are defensible and not riddled with holes (especially when it comes tO the software). ・ Operations people must contlnue tO architect reasonable networkS' defend them, and keep them up. ・ Administrators must understand the distributed nature Of modern sys- tems and begin t0 practice the principle ofleast privilege. ・ Users must understand that software ca れ be secure SO that they can take their business tO software providers whO share their values. (Witness the rise Of FirefOX. ) Users must alSO understand that they are the last bastion of defense in any security design and that they need t0 make tradeoffs for better security. ・ Executives must understand hOW early investment in security design and security analysis affects the degree tO which users will trust their products. The most important people tO enlist for near-term progress ln computer security are the builders. OnlY by pushing past the standard-issue operations vrew Of security will we begin tO make systems that can stand up under attack.

Software security. building security in


319 ・ COde obfuscatlon and digital content protection ・ Malicious code detectlon and analysis open questions be used as drivers for research. The National Science Foundation suggests that the following eleven labs are working on some of the more difficult problems. security fla 、 (S). Scient1Sts and researchers from academic and commercial current capabilities (). g ” automated analysis Of software architecture for opment lifecycle as described by the touchpoints) and some of it far beyond practical (). g. , working software security intO the standard software devel- Much work remalns tO be done in SOft 、 security, some 0f it basic and turallevel [McGraw 2003 ]. duce the philosophy of proactively attacking the problem at the architec- problem, discuss trends that demonstrate the problem's growth, and intro- DIMACS Software Security Workshop, ' ' I introduce the software security research is t0 make progress [Wing 2003 ]. ln "From the Ground Up: The design and security' as one Of three critical areas tO tackle if security tO Action: LOOk Beyond the Horizon," JeannetteWing includes "software Most security researchers agree that we have a pressing problem. ln "A Call Basic Science: Open Research Areas practical solutions are becomlng available in the market. Much work remains tO done each Of these areas, but some basic will do and what they are doing 11. How to build programs and systems and know exactly what they designs 10. } 40 、 t() assumptlons security system 9. HOW tO quantify security tradeoffs 8. { OW tO prevent/withstand denial-of-service attacks 7. } 40W tO get trustworthy computations from untrusted platforms 6. HOW tO support privacy enforcement technically 5. HOW tO provide reasonable protection Of intellectual property managed 4. HOW tO design systems with security that can be reasonably lntended miSS10n 3. HOW tO design systems that can tolerate attack and carry out the 2. HOW tO know when a system has been compromised programs 1. How tO avoid building security flaws and security bugs into

Software security. building security in


P refa ce oftware security has come a long way in the last few years, but we've really only just begun. Software security is the practice of building soft- ware tO be secure and tO function properly under malicious attack. The underlying concepts behind So 〃 ル 4 尾 立 り have developed over almost a decade and were first described in B 〃 〃 市 〃 g 立 砒 So ″ ル 4 [Viega and McGraw 2001 ] and E ェ が 0 〃 g So 〃 ル 4 [Hoglund and McGraw 2004 ]. This book begins where its predecessors left off, describing in detail how to put SOft 、 vare security intO practice. After completing 立 り [McGraw and Felten 1996 ] and follow- ing it up with S ビ 〃 g レ 4 [McGraw and FeIten 1999 ] , I began wondering hOW it was that such excellent designers, engineers, and architects went astray when it came tO security.What was it about software that made secu- rity such a problem? If you wanted to build secure software, how would you do it? These questions and the perseverance of John Viega led to Building Secure SO 〃 ″ 4 e. Building 立 So 〃 ル 4 (BSS), the white hat book, seems to have touched off a revolution. Security people who once relied solely on fire- walls, intrusion detectlon, and antivn•us mechanisms came t0 understand and embrace the necessity Of better software. BSS provides a coherent and sensible philosophical foundation for the blossoming field of software security. E ゆ / 0 〃 g So ″ ル 4 尾 (ES), the black hat book, provides a much-needed balance, teaching hOW tO break soft 、 vare and how malicious hackers wrlte exploits. ES is meant as a reality check for software security, ensuring that the good guys address real attacks and invent and peddle solutions that actually work. The t 、 V() b()()ks are ln sense images. SO ″ ル 4 ビ S ビ c 〃 り unifies the two sides of software security—attack and defense, exploiting and designing, breaking and building—into a