Chapter 20 Software Development Security

Question 1

Describe programming languages.

Answer 1

Computers understand binary code. This is known as machine language. Each CPU chipset has its own machine language, and no human can decipher it without assistance.

Assembly language is a higher-level alternative that uses mnemonics to represent the basic instruction set of a CPU, but it still requires hardware-specific knowledge and can be tedious–adding two numbers can take 5 or 6 lines of code.

Programmers use high-level languages. C, Java, and Fortran are compiled languages. You have to run them through a compiler to convert them into an executable file designed for use on a specific OS. Generally speaking, you can’t directly view the code, although experts use decompilers to take the binary executables and convert them back into source code, whereas dissassembly turns it to assembly language.

Runtime environments allow the portable execution of code across different OS. Java is an example of this. Users run the Java VM on their systems and may then rely on that runtime to execute Java code.

Python, R, JavaScript, and VBScript are interpreted languages. Programmers distribute the source code, which contains the original instructions. When end users execute the program, it automatically triggers the use of an interpreter to execute thes ource code.

Compiled code is less prone to third party manipulation, but it’s also easier for a malicious programmer to embed backdoors.

Question 2

What are software libraries?

Answer 2

Developers often rely on shared software libraries with reusable code. These libraries can be used for everything from text manpulation to machine learning, and help improve efficiency. Many are open source, although some are sold or maintained internally. The Heartbleed vulnerability struck the OpenSSL library in 2014. Important to know the origins of source code and any vulnerabilities that could result.

Question 3

What is an integrated development environment?

Answer 3

Integrated development environments (IDE) provide programmers with a single environment to write code, test it, debug, and complie it. RStudio Desktop IDE is an example.

Question 4

What is object oriented programming?

Answer 4

C++, Java, and .NET are among the languages that support OOP. Other programming styles, such as functional programming and scripting, focus on the flow of the program itself. OOP focuses on the objects involved. Think of it as a group of objects that can be requested to perform certain operations. They work together to provide functionality.

OOP has the potential to be more reliable and able to reduce propagation. Better suited to modeling or mimicking the real world. For example, a banking program might have three object classes (accounts, account holders, and employees). When a new account is created, a new copy of the apporpriate object is created with the correct details. The account object might have methods to add funds, deduct funds, close the account, and transfer ownership. There can be subclasses or other objects, like savings accounts.

From a security POV, OOP provides a black box approach to abstraction. users need to know the details of an object’s interface but don’t need to know the inner workings of the object to use it effectively.

Common terms:

–Message; Communication to or input of an object
–Method: Internal code that defines the actions an object performs in response to a message
–Behavior: Results or output exhibited by an object. The results of a message being processed through a method
–Class: A collection of the common methods from a set of objects that contain their methods
–Instance: Objects that are examples of classes that contain their methods
–Inheritancce: Occurs when methods from a class (parent or superclass) are inherited by another subclass (child) or object
–Delegation: Forwarding of a request by an object to another object or delegate. Happens when an object does not have a method to handle a message
–Polymorphism: Characteristic of an object that allows it to respond with different behaviors to the same message or method because of varying external conditions
–Cohesion: Strength of the relationship between the purposes of the methods within the same class. When all methods have similar purposes, there is high cohesion.
–Coupling: Level of interaction between objects. Lower coupling means less interaction.

Question 5

What is the systems development lifecycle?

Answer 5

All systems development processes should have several activities in common.

–Conceptual definition
–Functional requirements definition
–Control specifications development
–Design review
–Coding
–Coding review walk-through
–System test review
–Maintenance and change management

Question 6

What is the conceptual definition?

Answer 6

Creating the basic concept statement. Agreed on by all stakeholders (developers, customers, and management) that states the purpose of the project as well as the general requirements. very high level, not longer than two paragraphs. Security requirements are also high level; you might identify the classification of the data and the applicable handling requirements.

Question 7

What is the functional requirements definition?

Answer 7

Specific system requirements are listed, and developers begin to think about how parts of the system work together to meet the functional requirements. The deliverable is a functional requirements document that lists specific requirements. Three major characteristics:

–Input: data provided to a function
–Behavior: what actions the system should take in response to the input
–Output: the data provided

Question 8

What is the control specifications definition?

Answer 8

Controls should be designed into the earliest stages of development. useful to have a specifications development phase. comes after the functional development; continues as design and design review happen.

–need adequate access controls
–Maintain confidentiality through encryption and data protection
–Provide an audit trail to enforce individual accountability and a detective mechanism
–Address availability and fault tolerance as appropriate

Question 9

Describe design review.

Answer 9

After the functional and control specifications are done, let the developers do their thing. They will determine how the various parts of the system will work together. Design management team sets specific tasks for varoius times and establishes initial timelines. Once the formal design documents are ready, a review meeting should happen to ensure everyone is in agreement.

Question 10

What is the waterfall model?

Answer 10

Traditionally has seven stages of development. as each stage is completed, you move to the next one. The feedback loop characteristic is that, as you find defects, you go backward.

–System requirements
–Software requirements
–Preliminary design
–Detailed design
–Code and debug
–Testing
–O&M

Each phase should have validation and verifiation. Verfication evaluates based on specifications, while validations evaluates based on real-world requirements.

The iterative waterfall process allows you to go one step back to address defects discovered.

Question 11

What is the spiral model?

Answer 11

Allows for multiple iterations of a waterfall-style process. It is a metamodel, aka model of models. each loop of the spiral results in a new system prototype. Theoretically, the entire waterfall process is repeated in each cycle. The idea is that developers return to the planning stages as changing technical demands and customer requirements necessitate the evolution of a system. The waterfall model focuses on large-scale efforts to deliver a finished system, whereas the spiral model involves iterating through a series of increasingly ““finished”” prototypes.

Question 12

Describe the Agile software development process.

Answer 12

Has been gaining popularity. Developers prefers something that does not rely on rigid models but instead emphasizes the needs of customers and quickly developing new functionality.

Core philosophy:
–individuals and interactions over processes and tools
–working software ovver comprehensive documentation
–customer collaboration over contract negotiation
–responding to change over following a plan

12 principles that support the philosophy:
–Highest priority is to satisfy the customer through early and continuous delivery of valuable software
–Welcome changing requirements, even late in development. Agile processes harness change for the customer’s competitive advantage
–Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale
–Business people and developers must work together daily throughout the project
–Build projects around motivated individuals. Give them the environment and support they need, and trust them to get the job done
–The most efficient and effective way to convey information is face-to-face
–Working software is the primary measure of progress
–Agile processes promote sustainable development. The sponsors, developers, and users should be able to maintain a constant pace indefinitely
–Continuous attention to technical excellence and good design enhances agility
–Simplicity (art of maximizing work not done) is essential
–Best architectures, requirements, and designs emerge from self-organizing teams
–At regular intervals, the team reflects on how to become more effective, and adjusts accordingly

Agile is a philosophy and not a methodology. Specific methodologies include Scrum, Kanban, Rapid Application Development, Agile Unified Process, Dynamic Systems Development Model, and Extreme Program. Scrum is most popular. Scrum has daily syncs where the team gets together so each member can say what they did, what they plan to do next, and any obstacles. The scrum master runs these meetings; he or she is responsible for helping the team move forward. Work is organized into short sprints, usually between 1 and 4 weeks. There are short-term objectives for each sprint. At the beginning, the team gathers to plan the work that will be done. At the end, there should be.a fully functioning product. Subsequent sprints bring more functionality.

Question 13

What is the capability maturity model?

Answer 13

CMU SEI introduced. Idea is that the quality of software depends on the quality of the development process. Does not explicitly mention security.

Level 1: Initial. Little or no defined software development process
Level 2: Repeatable. Basic lifecycle management processes introduced. Repeatable results are expected. Key process areas are requirements management, software project planning, software project tracking and oversight, software subcontract management, software quality assurance, and software configuration management
Level 3: Defined. Developers act based on formal, documented processes. All projects take place within these confines. Key areas are organizational process focus, organizational process definition, training, integrated software management, product engineering, intergroup coordination, and peer reviews.
Level 4: Managed. Quantitative measures are introduced. Quantitative process management and software quality management are the key areas.
Level 5: Optimizing. Process for continuous improvement. Key areas are defect prevention, technology change management, and process change management.

CMM has been superseded by the Capability Maturity Model Integration (CMMI). Same 5 stages, Level 4 is qualitatively managed. CMM focuses on isolated processes, while CMMI focuses on the integration of processes.

Question 14

What is the software assurance maturity model?

Answer 14

Open source project maintained by OWASP. It seeks to provide a framework for integrating security services into the software development and maintenance process. It divides the proces into five business functions:

–Governance. Activities to manage the software development process. Includes practices for strategy, metrics, policy, compliance, education, and guidance.
–Design. Processes to define software requirements and create software. Includes threat modeling, threat assessment, security requirements, and security architecture.
–Implementation. Building and deploying software components and managing flaws in those components. Includes the secure build, secure deployment, and defect management practices.
–Verification. Set of activities that confirm code meets business and security requirements. Includes architecture assessment, requirements-driven testing, and security testing.
–Operations. Actions to maintain security after code is released. Includes incident management, environment management, and operational management.

Question 15

What is the IDEAL model?

Answer 15

SEI also developed IDEAL, which implements many of the SW-CMM attributes. Has five phases.
–Initiating. Business reasons behind changes are outlined, support is built for the initiative, and the appropriate infrastructure is put in place.
–Diagnosing. Engineers analyze the current state of the organization and make general recommendations for change.
–Establishing. Organization takes the general recommendatins from the diagnosing phase and develops a specific plan of action to achieve those changes.
–Acting. Organiztion develops soluations and tests, refines, and implements them.
–Learning. Continuous assessment to determine whether the desired goals have been achieved and propose new actions as needed.

Question 16

What is PERT?

Answer 16

Gantt chart shows the interrelationships ovver time between projects and schedules

Program Evaluation Review Technique (PERT) is a project-scheduling tool used to judge the size of a software product in development and calculate the standard deviation for risk assessment. PERT relates the lowest possible size, the most likely size, and the highest possible size of each component. The PERT chart clearly shows dependencies between different project tasks. Managers can use these size estimates and dependencies to better manage time and schedule tasks.

Question 17

How should the change and configuration management process work?

Answer 17

Once software has been released into production, users will inevitably request new features, bug correction, and other changes to code. There needs to be a regimented process for managing these changes.

Three basic components:
–Request Control: Provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.
–Change Control. Used by developers to re-create the situation created by the user and to analyze the appropriate changes to remedy the situation. Provides an organized framework within which multiple developers can crate and test a solution. Should include conforming to quality control restrictions, developing tools for update or change deployment, properly documenting any coded changes, and restricting the effectives of new code to minimize security issues.
–Release Control. Once changes are finalized, they must be approved for release. This includes a double-check to ensure any code inserted during the programming process is removed. Also includes user acceptance testing.

Security administrators should be aware of the importance of software configuration management (SCM). It is used to control the version of software throughout an organization and to formally track and control changes to the software configuration. Four main components:
–Configuration identification: During the process, administrators document the configuration of covered software products throughout the organization.
–Configuration control: Ensures changes to software versions are made in accordance with the change control and configuration management policies. updates can be made only from authorized distributions.
–Configuration status accounting: Formalized procedures are used to track all authorized changes that can take place.
–Configuration audit: Periodic check to make sure the actual production environment is consistent with accounting records.

Question 18

What is a code repository?

Answer 18

Provide several functions to support development. They serve as a central storage point for developers to place their source code. Some, like Github, Bitbucket, and SourceForge, also provide version control, bug tracking, web hosting, release managemment, and communications functions that support software development. Repositories are often integrated with code mangement tools; git is tightly integrated with github.

Code repositories are broader than code libraries. Libraries are packages of code that may be shared. Repositories provide the tools for shared software development. Respositories can be used to manage and distribute code libraries.

Code repositories are good but can have security risks. Developers must control access to their repositories. Some may allowe public access, but others be carefully designed. Improperly granted read access can let people see things they shouldn’t; improper write access means they can tamper with the code. Particularly important not to include API keys.

Question 19

What are relational databases?

Answer 19

Consists of flat two-dimensional tables made up of rows and columns. Each table looks similar to a spreadsheet file. Row and column structure provides for one-to-one data mapping. The main building block of the relational database is the table. Each table contains related records. A sales database might have one table that shows contact info for each client, one that shows info for each salesperson, and one that shows records of orders for each customer.

Each table contains a number of attributes, or fields. Each attribute corresponds to a column. Rows are known as tuples. Number of rows in the relation are known as cardinality, and number of columns is the degree. The domain of an attribute is the set of allowable values that the attribute can take.

Cardinality is like a deck of cards on a desk, with each card being a row. Degree is like a wall thermometer in a column.

Question 20

Describe the keys used in relational databases?

Answer 20

Relationships between tables are defined to identify related records. Records are identified using a variety of keys. Keys are a subset of fields and used to uniquely identify records. Also used to join tables.

Four types:

–Candidate keys. A subset of attributes used to uniquely identify any record in a table. No two records in a table should ever contain the same values for all attributes composing a candidate key. Each table may have one or more candidate keys, which are chosen from column headings.
–Primary keys. Selected from the set of candidate keys for a table to be used to uniquely identify the records in a table. Each table has only one primary key, selected by the database designer. The RDBMS enforces the uniqueness of primary keys by disallowing the insertion of multiple records with the same primary key.
–Alternate keys. Any candidate key not selected as the alternate key.
–Foreign key. Used to enforce relationships between two tables, aka referential integrity. Ensures that if one table contains a foreign key, it corresponds to a still-existing primary key in the other table. It makes certain that no record/tuple/row contains a reference to a primary key of a nonexistent record/tuple/row.

Question 21

What is SQL?

Answer 21

All relational databases use a standard language, SQL, to provide users with a consistent interface for the storage, retrieval, and modification of data and for the administrative control of the DBMS. Each vendor uses a slightly different version of SQL, but they all support a core feature set.

SQL’s primary security feature is having granular authorization.

SQL itself is divided into two distinct components: the Data Definition Langauge (DDL), which allows for the creation and modification of the database’s structure (aka scheme); and the Data Manipulation Language (DML), which allows users to interact with the data.

Question 22

What are object relational databases/

Answer 22

Object-relational databases combine relational databases with object-oriented programming. True object-oriented databases (OODBs) benefit from ease of code reuse, ease of troubleshooting analysis, and reduced overall maintenance. OODBs are also better suited that other database for supporting complex applications with multimedia, CAD, video, graphics, and expert systems.

Question 23

Describe database normalization.

Answer 23

To assist with having well-organized databases, deveopers have defined several levels of organization known as normal forms. The most common are 1NF, 2NF, and 3NF. Each adds requirements to reduce redundancy in tables, eliminate misplaced data, and peform other housekeeping. A 2NF table must first be 1NF compliant, a 3NF table must first be 2NF compliant, etc.

Question 24

What is the role of transactions in databases?

Answer 24

Relational databases support the explicit and implicit use of transactions to ensure data integrity. Each transaction is a discrete set of SQL instructions that should either succeed or fail as a group. It’s all or nothing. Example: if you transfer money between accounts, you can’t have a situation where you add money to one account, but the transaction removing money from a second account fails.

When a transaction successfully finishes, it has been ““committed”” to the database and cannot be undone. COMMIT is the formal command for this, but it can be implicit. ROLLBACK to the abort command if you have a failure.

Relational databases have four required characteristics. Together, these are known as the ACID model.

Atomicity: Transactions are all or nothing.
Consistency: All transactions must be consistent with the database’s rules, both at the beginning and end of the transaction.
Isolation: Transactions operate separately from each other. If a database receives two transactions that modify the same data, one must be completed before the other can go forward.
Durability: Once a transaction has been committed, it must be preserved.

Question 25

What is aggregation?

Answer 25

SQL provides a number of functions that combine records from one or more tables into useful information. This is aggregation.

Can cause security vulnerabilities. Aggregation attacks are used to collect information that is low-level when separate but can be combined into something of higher value. Example: an individual personnel transfer would probably not be classified, but if someone can count the total number of transfers to a base, you can see how many troops are based there.

Question 26

What is inference?

Answer 26

Similar to data aggregation. Inference attacks involve combining several pieces of nonsensitive information to gain access to data of a higher classification. However, it is based on human deductive abilities instead of raw mathematical capabilities of modern databases. Example–although a clerk might not known someone’s individual salary, if someone can see the total amount spent on salary the day before and after someone is hired, you can deduce how much the new hire makes. Important to maintain vigilence over permissions. Consider blurring data. If you round the salary data, the clerk could not accurately determine the salaries.

Question 27

What is semantic integrity?

Answer 27

Semantic integrity ensures that user actions don’t violate any structural rules. Also checks that all stored data types are within valid domian ranges, ensures only logical values exist, and confirms that the system complies with any and all uniqueness constraints.

Question 28

How do you apply granular controls to a database?

Answer 28

Another common security feature is that objects can be controlled granularly within the database. Content-dependent access control is one example. It is based on the contents or payload being accessed. This increases overhead because decisions are made on an object-by-object basis. Cell suppression is the concept of hiding individual database fields or cells or imposing more security restrictions on them. Context-dependent access control is discussed with content-dependent because they are similar. Context-dependent evaludates the big picture. Key factor is how each object or packet relates to the overall activity or communications.

Question 29

What is polyinstantion?

Answer 29

Administrators can use database partitoning to subvert aggregation and inference vulnerabilities. This splits a single database into multiple parts, each with distinct security.

Polyinstantation occurs when two or more rows in the same relational database appear to have identical primary key elents, but contain different data for use at different classification levels. Can be used as a defense against inference attacks, but introduces additional storage costs. Example, a table that has the location of various naval ships on patrol, and this is considered Secret. However, one ship is doing something TS. Just making that one ship’s location TS, and limiting access, would let everyone know it was up to something. So you could have one entry that shows the true location at TS and a fake one at Secret.

Just putting false data in to throw people off is known as noise and perturbation.

Question 30

What is Open Database Connectivity?

Answer 30

ODBC is a database feature that allows applications to communicate with different types of databases without having to be directly programmed to do so. ODBC acts as a proxy between application and back-end database drivers, giving application programmers greater freedom in creating solutions without having to worry about the back-end database system.

Question 31

What are alternatives to SQL?

Answer 31

Class of databases that use models other than the relational model. There are many different types, including:
–Key/value stores are the simplest. Information is stored in key/value pairs. The key is an indiex used to identity a record. useful for high-speed applications and very large datasets where the rigid structure of a relational model would require significant overhead.
–Graph databases store data in a graph format, using nodes to represent objects and edges to represent relationships. useful for representing a network.
–Document stores are similar to key/value stores, but the type of information is typically more complex and is in the form of a document. Often XML and JSON.

Question 32

What are neural networks?

Answer 32

Chains of computational units are used to try to imitate the biological reasoning process. A long chain of computational decisions is created that feed into each other. They are an extension of ML and also known as deep learning or cognitive systems. They show great potential to advance AI. Benefits include linearity, input-output mapping, and adaptivity. Benefits are evidence in voice recognition, face recognition, weather prediction, and the exploration of models of thinking and consciousness. Typically involve many layers of summation, each of which requires weighting information to reflect its relative importance. The network is trained with inputs for which the answer is known. The algorithm works backward to determine proper weights for each mode. This is known as the Delta rule or learning rule.