1

SOFTWARE SECURITY ENGINEERING/

APPLICATION SECURITY
ENGINEERING LIFE CYCLE/ BUILDING
SECURITY IN/SECURED SOFTWARE
DEVELOPMENT
 Basic Principle of Computer Security
2

Process of establishing and

distinguishing amongst person/user &
Identity
admin ids, a program/process/another
computer ids, and data connections
and comms.
Authentication
Functions, Objects,
Patterns
Functional capabilities
Authorisation Identification
Access control lists
Security Encryption
Privacy
Information
padding
Screening

Integrity Redundancy checks Authorisation Authentication

Certificates

Durability Single session

Multi session
 What is Software Security?
3

 Software security can be considered as a branch of computer security

which prime focus is on the secure design and implementation of
software (application and system software) using best practices that
are known for last 50 years (learned from failures), using good
practice design methods, applying SE principles and process of
developing secure software development practices, using best
languages and its safe and secure features, best tools and methods.
 Software Security Attributes
4
Authentication Security Baselines
Viruses, Spam,
Intrusions

Remote Access
Threats

Perimeter Protection Security Applications

E-mail Web Presence

Asset Protection Access to Resources

Firewall and OS
Physical Protection Security Wireless Networks
 Software Security Research Landscape
5
Application software
security

Network
security
VoIP security A Software Flaw is
Wireless network &
a software security
platform security error in the design
Software components
Convergence A Software Bug is a
Network security
& architecture security software security
error left in the
Software security implementation
Service-oriented
Cloud & Web Architecture
services
security
security

Open source
component security

https://app.box.com/s/qg0tofy8yzl06vwikg3o2fbbkmlrvmd7
 Application Security
6

 1) Introduction to Application Security =

http://www.youtube.com/watch?v=CDbWvEwBBxo

2) Injection Attacks = http://www.youtube.com/watch?v=pypTYPaU7mM

3) Cross Site Scripting = http://www.youtube.com/watch?v=_Z9RQSnf8-g

 Secure Programming with Static Analysis (Fortify Software Ltd) Brian Chess
 http://www.youtube.com/watch?v=OVWHpyjqBkI
 Security Metrics Andrew Jaquith http://www.youtube.com/watch?v=biD9D714Bxc
 Why Software Security Engineering?
7

SSE has emerged to apply

Increased Trust
software and security
Benefits Integrity
engineering principles to
Increased
software development availability
process, methods, and
techniques. In other words Software
Eliciting software security
requirements
Building Security In right Security Means Building secured Functions, Objects, Patterns,
Components, Frameworks, Architectures
from requirements, design, Building trust, secured database frames, secured
development, and testing web services, secured testability techniques, and
recoverability
along with software Lack of expertise on software security
development life cycle engineering
Threats Additional cost
phases. There are a number of
security specific techniques People, motivation, infrastructure, and
culture
such as misuse cases, attack
tree, threat modelling,
Microsoft Security
Development Lifecycle
(SDL)
 Pillars of IT and Software Security
8

Availability

Knowledge

Integrity

Software security
touchpoints

Confidentiality

Risk Management

Compliance
 Software Security Engineering
9

Software Engineering Lifecycle

Software
Requirements Design Code Testing Quality
Engineering
Assurance
Secured
Systems/
Products

Software
Security Design for Security Security Security
Requirements Security analysis Testing Assurance

Software Security Engineering Lifecycle

Secure Requirements and Design: Identify sensitive and possible threats, data, resources, and define security
requirements like confidentiality, integrity, and availability. Apply threat modelling, abuse, and misuse cases.
Apply principle secure software design by integrating security requirements into design and to prevent, mitigate possible
security breaches and cyber attacks. Main categories of secure principles are: Simplicity, Design for security (Build
Security In (BSI), Build Trust In (BTI), and Defend in Depth (all possible defence against security attacks). Example:
very Secure FTP Daemon (vsftpd: is a lightweight, stable and secure FTP server for UNIX-like systems),
https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon
 Software Security Techniques
10

Requirements Architecture Test

Engineering & Design Code Operational/Fi
Plans
and use case eld Testing
modelling

Security
Risk External Review, Static Penetration
Abuse cases, analysis & and Risk based analysis testing &
security test for code Security
security inspection, Architectural
Risk analysis security Breaks
and security
modelling Analysis
 Microsoft’s Security Development Lifecycle (SDL)
11

Training Requirem Design Implementa Verificatio Release Response

ents tion n

Core Define quality Attack Response

training gates/bug bars surface Specify tools Dynamic/fuzz Response
Enforce testing plan execution
Analyse security analysis
and privacy risks Threat banned Verify threat Final
modelling functions models/attack security
Static analysis surface review
Security
archive

Secure Implementation Techniques: Apply secure coding rules and tools to prevent, mitigate,
and detect all possible security attacks.
Apply automated code review techniques such as static analysis, vulnerability analysis, and
symbolic execution which underlies whitebox fuzz testing.
Apply penetration testing to find potential flaws in the real system in a deployment
environment.
Apply fuzz testing and attack patterns.
 Methods Micros McGraw’ OWAS VCGs (Byers S2D-ProM UMLSec
oft s P’s and (Essafi, (Jurjen
SDL Touchpoi CLASP Shahmehri Labed, and 2005)
Features (Howar nts (2006) 2007) Ghezala
d and (McGraw 2007)
Lipner 2004 &
2006) 2006)
Process Full set Range of A set of VCG based Risk based UML
stages/act of activities activitie based
ivities activitie s profiling
s and
support formalism
ed
Risk Part of Aspect of Aspect Not explicitly Risk based Aspect of
managem of

SSE ent
Security Threat
technique modelli
Threat
modelling
Threat
modelli
Process is
based on
Attack tree and
labelled
UMLsec

Methods s ng ng specific to
Vulunerability
Cause Graphs
directed graph
with
goals/intention

Compariso
(VCGs) s(state
transitions
diagrams)
Lifecycle 
n
    
support
Iterative      

12
 Secure Mobile Cloud Computing (MCC)
Architecture
13

Mobile cloud computing architecture

Definition of MCC: A service that allows resource constrained mobile users to

adaptively adjust processing and storage capabilities by transparently partitioning and
offloading the computationally intensive and storage demanding jobs on traditional
cloud resources by providing ubiquitous wireless access.

A.N. Khan et al. Towards secure mobile cloud computing: A survey/ Future Generation
Computer Systems 29 (2013) 1278–1299
 Security services on different layers

14

In addition to security and privacy, the secure cloud application services provide the user management, key
management, encryption on demand, intrusion detection, authentication, and authorization services to mobile users.
There is a need for a secure communication channel between cloud and the mobile device. The secure routing
protocols can be used to protect the communication channel between the mobile device and cloud. Virtualization
improves the utilization of cloud resources but introduces new security issues due to the lack of perfect isolation of
virtual machines hosted on a single server.
 Key points
15

 Cloud computing has emerged to reduce IT costs

 SOA design principles are the key to achieving secure cloud services development and
deployment
 Different cloud delivery models for businesses
 Needs awareness training
 Security is one of the major concerns on cloud, SOA, Mobile cloud, etc
 Therefore, it is important to apply Software Security Engineering concepts, techniques,
and principles
 Principle (Design) vs. Rule (Implementation): A principle is a design goal with several
possible manifestations (design rationale) and a rule (implementation) should follow the
sound design principle.
 Exercises/Tutorial/Lab
Study in detail Amazon EC2 Architecture and others
Identify a common programming security flaws in Java, C#
Develop a number of abuse cases & threat modelling for software security
for Amazon
Define terms found in cloud infrastructure and cloud architecture
diagrams
Define WS-standards services specification shown in example services for
cloud consumers– look up online
Define software security characteristics
Microsoft Threat Modelling Tool, https://
docs.microsoft.com/en-us/azure/security/azure-security-threat-modeling-t
ool
Study and re-engineer design and requirements for vsftpd, https://
wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon
16
 References
Ramachandran, M (2012) Software Security Engineering: Design and Applications, Nova Science Publishers, New York,
USA, 2011, ISBN: 978-1-61470-128-6, https://www.novapublishers.com/catalog/product_info.php?products_id=26331
Ramachandran, M (2011) Software components for cloud computing architectures and applications, Springer, Mahmmood,
Z and Hill, R (eds.). www.springer.com/computer/communication+networks/book/978-1-4471-2235-7
Wang, L., and Laszewski, v. G. Scientific Cloud Computing: Early Definition and Experience,
http://cyberaide.googlecode.com/svn/trunk/papers/08-cloud/vonLaszewski-08-cloud.pdf, 2008.
ACMQueue Cloud Computing: An Overview, distributed computing, 2009
Clarke, R., User Requirements for Cloud Computing Architecture, 10th IEEE/ACM International Conference on Cluster,
Cloud and Grid Computing, 2010
INFOSEC Institute S-SDLC, http://resources.infosecinstitute.com/intro-secure-software-development-life-cycle/
http://www.coverity.com/library/pdf/coverity-security-wp.pdf
http://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?List=ef7cbc6d-9997-4b62-96a4-a36fb7e171af&ID=432
Computer Weekly, http://www.computerweekly.com/news/2240158374/Secure-software-development-crucial-for-business
Secure software development, IT NOW, March 2015
Security RE methods:
OCTAVE by SEI, Alberts, C. & Dorofee, A. Managing Information Security Risks: The OCTAVE Approach. New York:
Addison Wesley, 2003. This is a descriptive and process-oriented book on a new security risk evaluation method, OCTAVE.
OCTAVE stands for Operationally Critical Threat, Asset, and Vulnerability Evaluation
SQUARE method by SEI, Chen, P.; Dean, M.; Lopez, L.; Mead, N. R.; Ojoko-Adams, D.; Osman, H.; & Xie, N. SQUARE
Methodology: Case Study on Asset Management System (CMU/SEI-2004-SR-015). Pittsburgh, PA: Software Engineering
Institute, Carnegie Mellon University, 2004. http://www.sei.cmu.edu/publications/documents/04.reports/04sr015.html

17