Domain 8: Software Development Security Flashcards
Types of programming languages
- Interpreted Languages: such as Python, R, and Javascript. This is where the source code itself is distributed and the interpreter executes the source code on their system.
- Compiled Languages: Such as C and Java, they must be compiled before use in an executable
Key phases of SDLC
5 Key Phases:
- Initiation
- Development/acquisition
- Implementation/assessment
- Operation/maintenance
- Disposal
What is initiation (SDLC)?
Process of determining feasibility, cost, risk analysis, getting management approval, and establishing basic security objectives
What is development/acquisition phase (SDLC)?
Define security architecture, perform risk assessment, determine initial security controls and countermeasures, and document security controls and concept of operations
What is implementation/assessment (SDLC)?
Test, evaluate and deploy the new system into operations. This includes performing a security assessment to determine security posture, implementing corrective actions to weak security controls, and getting certification and accreditation for the new system.
What is the software development life cycle? (conceptually)
A process designed for the planning, creating, testing, and deploying of an information system.
What is operations/maintenance phase (SDLC)?
System maintenance, includes readiness review to ensure everything is ready to go. Also focuses on configuration management and change control.
What is disposal phase (SDLC)?
System is decommissioned or taken out of operations for termination, upgrade, or replacement. Focus is on the planning for the transfer, protection, or proper destruction of documentation, hardware, and/or software.
Three key phases of Change Management process?
- Request control,
- Change control
- Release control
Explain Request Control
Provides an organisation framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritise tasks
Explain Change Control (Change Management)
Provides an organised framework within which multiple developers can create and test a solution prior to rolling it out into a production environment.
Explain Release Control (Change Management)
Once the changes are finalised, they must be approved for release through the release control procedure. Focus is on removing programming aides (such as back doors) and ensure acceptance testing is performed before release.
What is the purpose of the Configuration Management Process?
Used to control the version(s) of software used throughout an organisation and formally track and control changes.
Define Configuration Identification (Configuration Management process)
Administrators document the configuration of covered software products throughout the organisation
Define Configuration Control (Configuration Management process)
Ensures that changes to software versions are made in accordance with the change control and configuration management policies. Updates can be made only from authorised distributions in accordance with these policies.
Configuration Status Accounting
Formalised procedures are used to keep track of all authorised changes that take place.
What is a Configuration Audit?
Periodic configuration audit should be conducted to ensure that the actual production environment is consistent with the accounting records and that no unauthorised configuration changes have taken place.
Define Software Capability Maturity Model (SW CMM)
It is a 5 level software development maturity model that describes procedures, principles, and practices that underlie software development process maturity.
Define 5 levels of SW CMM
- Initiating: competent people, informal processes, ad-hoc, absence of formal process
- Repeatable: project management processes, basic life-cycle management processes
- Defined - engineering processes, presence of basic life-cycle management processes and reuse of code, use of requirements management, software project planning, quality assurance, configuration management practices.
- Managed: product and process improvement, quantitatively controlled
- Optimising: continuous process improvement works with an IDEAL model
Define IDEAL model
Organizational improvement tool/model, including:
I: Initiate, begin effort. Outline business reasons behind change, support is built for the initiative, and the appropriate infrastructure is put in place.
D: Diagnose, perform assessment of current state and make recommendations.
E: Establish an action plan
A: Implement action plan, including develops solutions and then tests, refines, and implements them.
L: Leverage assessments, and continuously improve
Define Gantt Chart and PERT
Gantt Charts are a bar chart for project planning timings (including when things are planned to happen). While, PERT is Program Evaluation Review Technique for project scheduling used to judge the size of a software product in development and calculate the standard deviation (SD) for risk assessment. PERT is used to direct improvements to project management and software coding in order to produce more efficient software.
Define DevOps
An approach which aims to resolve issues by bringing the three functions of Software Development, Quality Assurance, and IT Operations together. It is not focused on security.
Types of Software Development Models
- Simplistic: model of continual steps in order
- Waterfall: System Requirements –> Software Requirements –> Analysis –> Program Design –> Coding –> Testing –> Operations and Maintenance
- Waterfall including Validation and Verification (V&V):. Validation = doing the right job, and verification=doing the job right. This model allows the validation and verification of software at all levels during production.
- Spiral Model: Encapsulates a number of iterations of the Waterfall model, including, determining objectives, alternatives, and constraints –> evaluate alternatives, identify and resolve risks –> plan next phases –> and develop and verify next-level product.
- Cleanroom: write code correctly first time, quality through design
Agile Software Development
It is an approach to delivering software, with working software being a primary measure of success
Define database
General mechanism for defining, storing and manipulating data without writing specific programs
DBMS
Database Management System, is a suite of software programs that maintains and provides controlled access to data components stored in rows and columns of a table
Types of databases
Hierarchical= tree (sons with only one parent), one to many relationship
Network=tree (all interconnected)
Relational= one-to-one relationships, has has tuples and attributes (rows and columns)
DDL and DML
DDL=Data definition language which defines strucutre and schema
DML=Data Manipultion Manguage: view, manipulate, and use the database via VIEW, ADD, MODIFY, SORT, and DELETE commands
Degree of DB
Number of attributes (columns) in table
Tuple
Row or record
DDE
Dynamic Data Exchange: enables applications to work in a client/server model by providing the inter-process communications mechanism (IPC)
DCL
Data control language: subset of SQL used to control access to data in a database, using GRANT and REVOKE statements
Semantic integrity
Makes sure that the structural and semantic rules are enforced on all data types, logical values that could adversely affect the structure of the database. Only allows allowable data to be entered into a row.
Referential integrity
All foreign keys reference existing primary keys
Candidate Key
An attribute (column) that is a unique identifier, that could be chosen to be a primary key
Primary Key
A unique attribute to identify a record in a database.
Foreign Key
Represents a record in another table
Main components of DB
Schemas (blueprints), tables, and views
Incorrect summaries
When one transaction is using an aggregate function to summarise data stored in a DB while a second transaction is making modifications to a DB
Dirty reads
When one transactions reads a value from a DB that was written by another transaction that did not commit
Lost updates
When one transaction writes a value to the DB that overwrites a value needed by transactions that have earlier precedence
Dynamic Lifetime Objects
Objects created on the fly by software in a OOP environment. An object is preassembled code that is a self-contained module.
ODBC
Open database connectivity is a DB feature that allows applications to communicate with different types of DBs without having to be directly programmed for interaction with each type. ODBC acts as a proxy
Multilevel security
Keeping data with different security requirements separate
Database contamination
Mixing data with different classification levels andor need to know requirements and is a significant challenge.
Database partitioning
process of splitting a single database into multiple parts, each with a unique and distinct security level or type of content
Polyinstantiation
Occurs when two or more rows in the same relational database table appear to have identical primary key elements but contain different data for use at differing classification levels. it is often used as a defense against inference attacks
What is the ACID Model? (conceptually)
Critical database theory model to create reliable databases
Atomicity
Database transactions must be atomic - they must be an ‘all or nothing’ affair. If any part of the transaction fails, the entire transaction must be rolled back as if it never occurred.
Consistency
All transactions must begin operating in an environment tht is consistent with all of the database’s rules (for example, all records must have a unique primary key).
Isolation
Transactions operate separately from each other, in order.
Durability
Database transactions must be durable, once they are committed to the database, they must be preserved, such as through the use of backups
Expert Systems: Knowledge Management
Embody accumulated knowledge of experts on a particular subject and apply it in a consistent fashion to enter decisions. Expert system = inference engine + knowledge base - degree of uncertainty
Two components of expert system
Knowledge base and inference engine
Knowledge base
Set of rules such as if-then statements
Inference system
Analyses information in the knowledge base to arrive at the appropriate decision.
Two modes of expert systems
Forward Chaining: acquires info and comes to a conclusion
Backward Chaining: backtracks to determine IF a hypothesis is correct
Neural Networks
Use complex computations to replace partial functions of the human mind and works with weighted inputs. Single Layer = only one level of summoning codes
Multi Layer = more levels of summoning codes
Programming Languages Generations
5 Generations, including:
- Include all machine languages
- Include all assembly languages
- Include all compiled languages
- Attempt to approximate natural languages and include SQL, for DBs
- Allow programmers to create code using visual interfaces.
Programming Languages tools
Compiler: translates higher level program into an executable file
Interpreter: reads higher level code, one line at the time to produce machine instructions
Assembler: converts machine-code into binary machine instructions.
Object oriented security
Behave as a black box, as they are encapsulated to perform an action. Can be substituted if they have compatible operations. it can store objects like video and pictures
Encapsulation for Software development
Only data it needs, no accidental access to data
Message
Communication to object to perform an action
Method
Code that defines an action an object performs in response to a message
Behaviour
Results exhibited by an object in response to a message
Class
Collection of methods that defines the behaviour of objects
Instance
Objects are instances of classes that contain their methods
Inheritance
Allows a subclass to access methods belonging to a superclass
Polymorphism
Objects of many different classes that are related by some common super class. When different subclasses may have different methods using the same interfaces that respond differently
Object Orientation: Requirements Analysis (OORA)
Defines classes of objects and their interactions
OOA, Analysis
Understanding and modelling a particular problem Domain Analysis (DA) seeks to identify classes and objects that are common to all applications in a domain
OOD, Design
Objects are the basic units, and instances of classes
OOP, Programming
Employment of objects and methods. If class = airplane, objects like fighter plane, cargo plane, passenger plane can be created. Method would be what a plane would do with a message like: climb, dive, and roll.
Object Request Brokers
Middlewear that acts as locators and distributors of the objects acros networks
CORBA: Standard
Broker architecture enables programmes wittten in different languages and using different platforms and OS’s through Interface Definition Languae
Common Object Model
Support exchange of objects amongst programs. This used to be called OLE. DCOM is the network variant.
Conclusion
Object Orientation supports reuse of objects and reduces development risk, natural in its representation of real world entities
Cohesion
Ability to perform without use of other programs, strength of the relationship between the purposes of methods within the same class
High cohesion
Without use of other modules
Low cohesion
Must interact with other modules
Coupling
Effect on other modules. Level of interaction between objects
High coupling
Module largely affects many more modules
Low coupling
Doesnt affect many other modules
Abstraction
Fundamental principle of OOP. Users of an object (or OS component) doesnt necessarily need to know the details of how the object works; they need to know just the proper syntax for using the object and the type of data that will be returned as a result
Seperation of privilege
Builds on principle of least privilege. Requires the use of granular access permissions; that is, different permissions for each type of privileged operation. Allows admins to do certain privileged functions, without complete access to system.
Process isolation
Requires that the OS provide separate memory spaces for each process’s instructions and data. It also requires that the OS enforce those boundaries, preventing one process from reading or writing data that belongs to another process. This prevents unauthorised data access, and protects the integrity of processes.
Layering processes
Implementstrucutre similar to the ring model
Hardware segmentation
Similar to process isolation, by seperating physical hardware
Covert Channels
A way to receive information in an unauthorised manner, information flood that is not protected by a security mechanism.
2 Types of Covert Channels
- Storage Covert Channel: Processes communicate via storage space on the system. For example, writing to storage by one process and reading by another of lower security level.
- Covert Timing Channel: One process relays to another by modulating its use of system resources. Typing rhythm of Morse Code is an example.
Mobile Code: Java
Sandboxes, no warnings, programs are compiled to bytecode
Mobile Code: ActiveX
Authenticode, relies on digital signatures, annoying dialogs people click away
Malicious Code; Virus
Inserts or atteches itself to file, and is spread through infected media
Worm
Reproduces on its own without user action
Logic Bomb/Code bomb
Executes when a certain event happens (like accessing a bank account or employee being fired) or a data/time occurs
Trojan Horse
Program disguised as a useful program/tool
Hoaxes
False warnings like
Remote Access Trojan (RAT)
Remote control programs that have the malicious code and allow for unauthorised remote access, back orifice, sub even, net bus
Buffer Overflow
Excessive information provided to a memory buffer without appropriate bounds checking which can result in an elevation of privilege. if executable code is loaded into the overflow, it will be run as if it were the program. . Must be corrected in code
Backdoor
Program installed by an attacker to enable him to come back at a later date without going through proper authorisation channels, maintenance hook for developers
Countermeasures
EAL6 systems have less than EAL3 systems because covert channels are normally a flaw in design
LOKI
Tool used for covert channel that writes data directly after the ICMP header.
Botnet
Thousands of zombie computers
Directory Traversal Attack
Attacker attempts to force the web application to navigate up the file hierarchy and retrieve a file that should not normally be provided to a web user.
Macro virus
Most common in office productivity documents, .doc/.docx.
Trojans
Pretends to do one thing, while performing another
MDM
Software solution to manage the myriad mobile devices that employees use to access company resources. The goals of MDM are to improve security, provide monitoring, enable remote management, and support troubleshooting.
Collisions
Two different files produce the same result from a hashing operation
Boot sector
Moves or overwrites the boot sector with the virus code
System infector
Infects BIOS command, or other system files. It is often a memory resident virus
Phlashing
Malicious variation of official BIOS or firmware is installed that introduces remote control or other malicious features into a device
Compression
Append to executables
Companion Virus
Specific type of virus where the infected code is stored not in the host program, but in a separate ‘companion files’
Stealth Virus
Hides modification to files or boot records and itself
Multipart virus
Infects both boot sector and executable files, becomes resident first in memory and then infects the boot sector and finally the entire system, uses two or more propagation mechanisms
Self-garbling virus
Attempts to hide by garbling its code; as it spreads, it changes the way its code is encoded
Polymorphic virus
Self garbling virus that changes its pattern each time it spreads
Macro virus
Usually written in Word Basic, VBScript and used with MS Office
Resident virus
Virus that loads when a program loads in memory
Resident virus
Virus that loads when a program loads in memory
Master Boot Record
MBR virus attacks the MBR, and virus is stored on another part of memory that is loaded at boot-up
Non-resident virus
Attached to .exe
Signature Based Anti Virus
Cannot detect new malware, relies on knowledge of existing malware
Heuristic behaviour based Anti Virus
Can detect behavior of misbehaving files
Protected Domain
Execution and memory space assigned to each process
Trusted Computer Base
Combination of protection systems within a computer system, which includes the hardware, software and firmware that are trusted to enforce the security policy
Security Kernel
Hardware, software, firmware, elements of TCB that implement the reference monitor concept - must be isolated from reference monitor
Reference Monitor
Isolation, completeness and verifiability, that compares the security labels of subjects and objects
Multistate systems
Capable of implementing a much higher level of security. These systems are certified to handle multiple security levels simultaneously by using specialised mechanisms.
Protection Rings
4 Protection Rings
Ring 0: OS Kernel. Kernel manages the HW and supplies fundamental services that the HW does not provide.
Ring 1: Remaining parts of OS
Ring 2: I/O drivers and utilities
Ring 3: Applications and programs
Layers 1 and 2 contain device drivers but are not normally implemented in practice. Layer 3 contains user applications. Layer 4 does not exist.
CSRF (XSRF)
Cross Site Request Forgery, attacks exploit the trust that sites have in a user’s browser by attempting to force the submission of authenticated request to third party sites
Cross Site Scripting
Uses reflected input to trick a user’s browser into executing untrusted code from a trusted site
Session Hijacking
Attempt to steal previously authenticated sessions but do not force the browser to submit request
SQL injection
Directly attacks a DB through a web app
BSOD
When Windows crashes into a dangerous failure and enters a full secure state (reboot)
Patch management system
Prevents outages from known attacks by ensuring systems are patched. Patches aren’t available for new attacks
Threat modelling
Reduces the number of security related design and coding flaws, reduce severity of non-security related flaws, not to reduce number of threat vectors
Open system
One with published APIs that allow third parties to develop products to interact with it
Closed system
One that is propeitary with no third-party product support, does not define if its code can be viewed
Open source
Coding stance that allows others to view the source code of a program, distributed free or for a fee
Closed source
Is an opposing coding stance that keeps source code confidential. Can be reverse engineered or decompiled
Verification
Evaluates the product against specifications
Validation
Evaluates how well the product satisfies real-world requirements
