Data Protection and Security

   

VI

Operating System Security and Secure Programming

    

VI.IV

Secure Software Development

    
   
 

Analyzing Security:

Security requirements and analysis phase consists of several substeps:

  • Define the project’s security environment and objectives.
  • List application’s potential threats and prioritize them.
  • Flesh out the security policy.
  • Evaluate security risks.

A security environment describes the context in which the software is expected to evolve. The environment affects the kind of threats the application is likely to encounter. For example instant messenger is a client-server application based on exchanging messages over the Internet.

High level-security issues lead us to security objectives. Two main security objectives in the instant messenger example are integrity protection of exchanged messages and client authentication.

This example is exposed to various threats: identity theft, tampering, eavesdropping. The following attack tree is used to provide a detailed picture of the threat model for identity theft.

Figure: Threat Model for Identity Theft

The next issue is to write a security policy, a set of security requirements that we can prioritize accordings to the information’s sensitivity.

Finally, the analysis phase completes with a risk evaluation. The best-known formula for risk is given as

Risk = Criticality * Likelihood of occurence

Alternatively, Dread Classification can be used which rates each threat from 1 to 10 according to its damage potential, reproducibility, exploitability, the amount of affected users, and discoverability. At the end, the average is computed and the highest results should be given the priority.

   
   
       
 
«previous session [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] next session »
   
       
 
«proceed to previous section proceed to next section »
  chapter index