3.Secure Design Principles And Process

Course 1: Overview of Secure Programming, Section 3 ,[object Object],[object Object],[object Object],[object Object]

Course 1 Learning Plan ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Secure Software Engineering: Learning Objectives ,[object Object],[object Object],[object Object]

Secure Software Engineering: Parts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Secure Programming: Art or Science? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Software Engineering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Results from Current Software Engineering Methods ,[object Object],[object Object],[object Object],[object Object],[object Object]

Exercise ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Assurance ,[object Object],[object Object],[object Object],[object Object]

How do you measure assurance? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Question ,[object Object],[object Object],[object Object],[object Object]

Secure Software Engineering: Parts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

List of Design Principles ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Reference: Saltzer and Schroeder (1974) http://www.cs.virginia.edu/~evans/cs551/saltzer/

1. Least Privilege ,[object Object],[object Object],[object Object]

Compartmentalization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

2. Fail-Safe Defaults ,[object Object],[object Object],[object Object],[object Object],[object Object]

3. Economy of Mechanism ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Example Failed Economy of Mechanism ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

4. Complete Mediation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Example Failure of Complete Mediation ,[object Object],[object Object],[object Object],[object Object]

Another example: CAN-2002-0871 ,[object Object]

5. Open Design ,[object Object],[object Object],[object Object],[object Object]

Example Failure of Open Design ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Notes on Open Design ,[object Object],[object Object],[object Object]

6. Separation of Privilege ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Successful Example ,[object Object],[object Object],[object Object],[object Object],[object Object]

Notes on the Separation of Privilege ,[object Object],[object Object],[object Object]

7. Least Common Mechanism ,[object Object],[object Object],[object Object],[object Object]

Failed Example of Least Common Mechanism ,[object Object],[object Object],[object Object]

8. Psychological Acceptability ,[object Object],[object Object],[object Object],[object Object]

Example mechanism defeated for convenience's sake ,[object Object],[object Object],[object Object],[object Object]

Recap of Design Principles ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Instructor: This list is to help with the exercise on the next slide

Exercise ,[object Object],[object Object],Instructor: Allow 15-20 minutes for the groups to discuss, then have them present their findings in no more than 3 minutes each.

Security Requirements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Exercise ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Instructor: Allow 10-15 minutes for students to read the document and let them present a requirement in no more than 2 minutes.

Exercise Question ,[object Object],[object Object],[object Object]

Processes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Development Environment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Development Tools ,[object Object],[object Object],[object Object]

Change Control ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Vulnerability Response Process ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Researcher ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Researcher Motivation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Vendor ,[object Object],[object Object],[object Object],[object Object]

3 rd Party Coordinator ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Arbitrator ,[object Object],[object Object],[object Object]

Process ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Contact information ,[object Object],[object Object],[object Object],[object Object],[object Object]

Role of Cryptography ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

About These Slides ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Pascal Meunier [email_address] ,[object Object],[object Object]

3.Secure Design Principles And Process

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à 3.Secure Design Principles And Process

Similaire à 3.Secure Design Principles And Process (20)

Plus de phanleson

Plus de phanleson (20)

Dernier

Dernier (20)

3.Secure Design Principles And Process

Notes de l'éditeur