Chapter 2 - Secure Software Requirements Flashcards
What quality attributes should secure software have?
Reliability
Resiliency
Recoverability
What is Reliability?
An attribute of secure software. The software functions as it is expected to.
What is Resiliency?
An attribute of secure software. The software doesn’t violate any security policy and can withstand the actions of threat agents and user errors.
What is Recoverability?
The software can restore operations to what the business expects by containing and limiting damage caused by threats that materialize.
What is a RTM?
Requirements Traceability Matrix
What are some internal sources of software requirements?
Policies Standards Guidelines Patterns Practices
What are some external sources of software requirements?
Regulations
Compliance initiatives
Geographical requirements
Who is ultimately responsible for software risk?
The business owner.
What are confidentiality requirements?
Those that address protection against disclosure of data or information that are personal or sensitive to unauthorized individuals.
What are the two broad data classifications?
Public and non-public
What is another name for public data?
`Directory information
What are the most common forms of covert secret writing?
Steganography and digital watermarking.
What is masking?
A weak form of confidentiality protection in which original information is askterisked or Xed out.
What are the three methods for which confidentiality requirements need to be developed?
In transit
In processing
In storage
What are integrity requirements?
Requirements that address reliability assurance and prevention of unauthorized modification.
What do integrity controls assure?
Reliability (the software does what it should), accuracy, completeness, and consistency.
What is even parity?
Addition of a parity bit to data such that there is an even number of 1 bits in the data.
What is odd parity?
Addition of a parity bit to data such that there is an odd number of 1 bits in the data.
What is the strongest form of data integrity?
Hashing.
What are availability requirements?
those software requirements that ensure the protection against destruction of the software system and/or data, thereby assisting in the prevention against DoS to authorized users.
What are availability requirements?
those software requirements that ensure the protection against destruction of the software system and/or data, thereby assisting in the prevention against DoS to authorized users.
What is MTD?
Maximum Tolerable Downtime
What is RTO?
Recovery Time Objective
RTO is the amount of time by which the system or software needs to be restored back to the expected state of business operations for authorized business users when it goes down.
Where should MTD and RTO be stated?
The SLA (Service Level Agreeemnt)
What is BIA?
Business Impact Analysis.
A qualitative or quantitiative analysis of the cost of failure of the software to operate. This can include loss of credibility, confidence, or brand reputation.
What is a single point of failure?
Having no redundancy capabilities
What is replication?
Master/slave or primary/secondary scheme in which there is one master or primary node and updates are propagated to the slaves or secondary node either actively or passively.
What is active/active replication?
Active/active replication implies that updates are made to both the master and slave systems at the same time.
What is active/passive replication?
the updates are made to the master node first and then the replicas are pushed the changes subsequently.
What is authentication?
Validating an entity’s claim. Typically identity claims or credentials are validated against a trusted source.
What are the most common forms of authentication?
Anonymous Basic Digest Integrated Client certificates Forms Tokens Smart cards Biometrics
What is anonymous authentication?
No prompting for credentials. Implies unlinkability (no way to link a user or system to their actions). Generally avoid unless there’s a reason to have it.
What is Basic Authentication
HTTP BasicAuth. Credentials are transmitted in base 64. Avoid, because easily decoded.
What is Digest Authentication?
Challenge/response. Does not send credentials in clear text, but sends a hash of the original credential. Can’t be asily spoofed.
What is Integrated Authentication?
NTLM authentiation, or NT challenge/response.
What is Client Certificate based authentication?
X509 client certificates.
What is Forms authentication?
Web forms. Back end can be anything.
What is token-based authentication?
Issue a token upon verification. Particularly useful in SSO.
What is smart card based authentication?
Smart cards provide ownership-based (something you have) authentication.
What is biometric authentication?
This form of authentication uses biological characteristics (something you are) for providing the identity’s credentials. Biological features such as retinal blood vessel patterns, facial features, and fingerprints are used for identity verification purposes.
What is a Type I error?
False rejection. A legitimate user/enrollee is denied access.
What is a Type II error?
False acceptance. Someone who isn’t a legitimate user is granted access.
What is CER?
Crossover Error Rate. The point where the false rejection rate equals the false acceptance rate (FRR == FAR).
What is a subject?
An entity requesting access to an object.
What is an object?
Something that will be acted upon by a subject.
What is CRUD?
Create, Read, Update, Delete. Common actions subects take upon objects.
What are the types of access control models?
DAC NDAC MAC RBAC Resource Based Access Control
What is DAC
Discretionary Access Control. The owner of the object decides who gets access.
What is NDAC?
Like DAC, in that access to objects is based on the subject, but it is unavoidably imposed on all subjects. Doesn’t rely on the subject complying with security policies.
What is MAC?
Restricted access to objects based on the security classification of the object.
Sensitivity is represented by a label.
AKA, clearance model.
Commonly implemented as “Rule based access control”
What is RoleBAC?
Role Based Access Control. Access to objects by job function. Permissions are never assigned to users, only to roles.
What is a Role Hierarchy?
Roles organized is a parent-child relationship.
What is the difference between a role and a group?
A group is a collection of users, not a collection of permissions.
A role is a common job where everybody gets the same permissions.
What is ResourceBAC?
Resource Based Access Control
Works when users may not be known in advance. Delegation. Kerberos works this way. Successful authentication gets you a ticket that is delegated the privileges and rights to invoke downstream servies.
Trusted Subsystem Model
What is the Trusted Subsystem Model
access request decisions are granted based on the identity of a resource that is trusted instead of user identities..
Primarily Web applications. User logs into a web application, which may have permission to access a database.
What are the minimum requirements for auditing?
Identify of the subject
Action (what they did)
Object on which the action was performed
Timestamp
What does session management do for us?
Relieves the obligation to authenticate upon each access requiest.
What risk does session management post?
Session hijacking.
What is the problem with verbose error message?
Information disclosure.
What is a TOC/TOU attack?
Race conditions, basically. TOC = Time of Check. TOU = Time Of Use.
What properties need to be fulfilled for a race condition to occur?
Concurrency, shared object, and a change of state.
What is the concurrency property?
At least two threads must be executing concurrently.
What is the shared object property?
Two concurrent threads must be accessing the same object.
What is the change of state property?
At least one of the two threads accessing the same object must alter the state of the object.
How do you prevent race conditions?
Avoid race windows
Atomic operations
Mutual Exclusion
What is a race window?
the window of opportunity when two concurrent threads race against one another trying to alter the same object
What are atomic operations?
the entire process is completed using a single flow of control and that concurrent threads or control flow against the same object is disallowed.
What are mutual exclusions?
Object locking to prevent multiple threads from accessing the same resource.
What should you determine during the requirements gathering phase for archive information?
Location, duration, format.
What is Canonicalization?
the process of converting data that has more than one possible representation into a standard canonical form.
What is PNE?
Protection Needs Elicitation
Determination of security requirements.
What are the steps in PNE?
- Engage the customer
- Information management modeling
- Identify least privilege applications
- Conduct threat modeling and analysis
- Prioritize based on customer needs
- Develop information protection policy
7 Seek customer acceptance
What methods can be used for PNE?
Brainstorming Surveys and Questionanaires Policy decomposition Data classification Subject-object matrix use and misuse case modelling
What is brainstorming?
An unstructured, quick method to glean security requirements. Characterized by just recording ideas, not challenging them.
What is policy decomposition?
Breaking high level mandates into detailed security requirements.
What are the steps in the policy decomposition process?
Policy documents (internal external) to High level objectives to Security requirements to Software security requirements
What is data classification?
The conscious effort to assign a level of sensitivity to data assets based on potential impact upon disclosure, alteration, or destruction.
What is the objective of data classification?
To lwoer hte cost of data protection and maximize the return on investment where data are protected.
In data classification, what tasks is the business or data owner responsible for?
Ensure that information assets are appropriately classified
Validate that security controls are implemented as needed by reviewing the classification periodically.
Define authorized lists of users and access criteria
Ensure appropriate backup and recovery mechanisms are in place.
Delegate as needed classification responsibiilty, access approval, backup, and recovery to a data custodian.
In data classification, what tasks is the business or data custodian responsible for?
- Perform the information classification exercise
- Perform backup and recovery
- Ensure records retention is in place
What is ILM
Information Lifecycle Management.
What is ILM
Information Lifecycle Management.
What is a Subject-Object Matrix?
A Subject–Object Matrix is used to identify allowable actions between subjects and objects based on use cases.
A Subject–Object Matrix is a two-dimensional representation of roles and components. The subjects or roles are listed across the columns and the objects or components are listed down the rows. A Subject–Object Matrix is a very effective tool to generate misuse cases. Once a Subject–Object Matrix is generated, by inversing the allowable actions captured in the Subject–Object Matrix, one can determine threats, which, in turn, can be used to determine security requirements.
What is SQUARE?
Security Quality Requirements Engineering methodology. 9 steps that generate a final deliverable of categorized and prioritized security requirements
What is a RTM?
Requirements Traceability Matrix.
final deliverable of categorized and prioritized security requirements
What are the benefits of a RTM?
Avoid scope creep
Assure design satisfies the specified security requirements
Ensures implementation doesn’t deviate from secure design
Provides a basis for defining test cases
