Title:
Engineering safe and secure software systems
Personal Author:
Series:
Artech House information security and privacy series
Publication Information:
Norwood, M.A. : Artech House, c2013
Physical Description:
326 p. : ill. ; 24 cm.
ISBN:
9781608074723
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010301462 | QA76.9.A25 A93 2013 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Offers a detailed understanding of software systems engineering from both security and safety perspectives. This book explains how processes relevant to the creation and operation of software systems should be determined and improved, how projects should be managed, and how products can be assured.
Author Notes
C. Warren Axelrod is the president of C. Warren Axelrod, LLC. He is also a senior consultant with Delta Risk LLC and the research director for financial services for the U.S. Cyber Consequences Unit. He was chief privacy officer and business information security officer for U.S. Trust and a senior information technology and information security executive at such companies as HSBC Securities, Bank of America, and Pershing LLC. He has contributed to numerous conferences and seminars, and has published extensively. Dr. Axelrod is a coeditor of Enterprise Information Security and author of Privacy and Outsourcing Information Security (Artech House 2009, 2004). He holds a Ph.D. in managerial economics from Cornell University, as well as a B.Sc. in electrical engineering and an M.A. in economics and statistics from Glasgow University. He is certified as a CISSP and CISM.
Table of Contents
| Preface | p. xvii |
| Foreword | p. xxi |
| 1 Introduction | p. 1 |
| Preamble | p. 1 |
| Scope and Structure of the Book | p. 3 |
| Acknowledgments | p. 4 |
| Endnotes | p. 5 |
| 2 Engineering Systems | p. 7 |
| Introduction | p. 8 |
| Some Initial Observations | p. 8 |
| Deficient Definitions | p. 11 |
| Rationale | p. 12 |
| What are Systems? | p. 13 |
| Deconstructing Systems Engineering | p. 16 |
| What Is Systems Engineering? | p. 19 |
| Systems Engineering and the Systems Engineering Management Process | p. 20 |
| The DoD Text | p. 22 |
| Another Observation | p. 22 |
| More on Systems Engineering | p. 23 |
| The Systems Engineering Process (SEP) | p. 23 |
| Summary and Conclusions | p. 26 |
| Endnotes | p. 26 |
| 3 Engineering Software Systems | p. 29 |
| Introduction | p. 29 |
| The Great Debate | p. 31 |
| Some Observations | p. 32 |
| Rationale | p. 33 |
| Understanding Software Systems Engineering | p. 34 |
| Deconstructing Software Systems Engineering | p. 34 |
| What Is Software? | p. 35 |
| What Are Software Systems? | p. 36 |
| Are Control Software Systems Different? | p. 42 |
| What is Software Systems Engineering? | p. 42 |
| The Software Systems Engineering Process | p. 44 |
| Steps in the Software Development Process | p. 44 |
| Omissions or Lack of Attention | p. 48 |
| Nonfunctional Requirements | p. 48 |
| Testing Nonfunctional Attributes | p. 49 |
| Verification and Validation | p. 49 |
| Creating Requisite Functional and Nonfunctional Data | p. 52 |
| Resiliency and Availability | p. 55 |
| Decommissioning | p. 56 |
| Summary and Conclusions | p. 56 |
| Endnotes | p. 57 |
| 4 Engineering Secure and Safe Systems, Part I | p. 59 |
| Introduction | p. 59 |
| The Approach | p. 60 |
| Security Versus Safety | p. 60 |
| Four Approaches to Developing Critical Systems | p. 63 |
| The Dependability Approach | p. 64 |
| The Safety Engineering Approach | p. 65 |
| The Secure Systems Approach | p. 67 |
| The Real-Time Systems Approach | p. 68 |
| Security-Critical and Safety-Critical Systems | p. 68 |
| Summary and Conclusions | p. 70 |
| Endnotes | p. 70 |
| 5 Engineering Secure and Safe Systems, Part 2 | p. 73 |
| Introduction | p. 73 |
| Approach | p. 75 |
| Reducing the Safety-Security Deficit | p. 76 |
| Game-Changing and Clean-Slate Approaches | p. 77 |
| A Note on Protection | p. 81 |
| Safety-Security Governance Structure and Risk Management | p. 83 |
| An Illustration | p. 83 |
| The General Development Life Cycle | p. 84 |
| Structure of the Software Systems Development Life Cycle | p. 86 |
| Life Cycle Processes | p. 89 |
| Governance Structure for Systems Engineering Projects | p. 92 |
| Risks of Security-Oriented Versus Safety-Oriented Software Systems | p. 94 |
| Expertise Needed at Various Stages | p. 95 |
| Summary and Conclusions | p. 95 |
| Endnotes | p. 96 |
| 6 Software Systems Security and Safety Risk | p. 99 |
| Introduction | p. 99 |
| Understanding Risk | p. 100 |
| Risks of Determining Risk | p. 100 |
| Software-Related Risks | p. 101 |
| Motivations for Risk Mitigation | p. 103 |
| Defining Risk | p. 104 |
| Assessing and Calculating Risk | p. 105 |
| Threats Versus Exploits | p. 107 |
| Threat Risk Modeling | p. 111 |
| Threats from Safety-Critical Systems | p. 114 |
| Creating Exploits and Suffering Events | p. 116 |
| Vulnerabilities | p. 119 |
| Application Risk Management Considerations | p. 120 |
| Subjective vs. Objective vs. Personal Risk | p. 121 |
| Personalization of Risk | p. 122 |
| The Fallacies of Data Ownership, Risk Appetite, and Risk Tolerance | p. 122 |
| The Dynamics of Risk | p. 124 |
| A Holistic View of Risk | p. 125 |
| Summary and Conclusions | p. 126 |
| Endnotes | p. 128 |
| 7 Software System Security and Safety Metrics | p. 131 |
| Introduction | p. 131 |
| Obtaining Meaningful Data | p. 133 |
| Defining Metrics | p. 133 |
| Differentiating Between Metrics and Measures | p. 135 |
| Software Metrics | p. 138 |
| Measuring and Reporting Metrics | p. 140 |
| Metrics for Meeting Requirements | p. 143 |
| Risk Metrics | p. 146 |
| Consideration of Individual Metrics | p. 146 |
| Security Metrics for Software Systems | p. 150 |
| Safety Metrics for Software Systems | p. 151 |
| Summary and Conclusions | p. 152 |
| Endnotes | p. 153 |
| 8 Software System Development Processes | p. 157 |
| Introduction | p. 157 |
| Processes and Their Optimization | p. 158 |
| Processes in Relation to Projects and Products/Services | p. 159 |
| Some Definitions | p. 161 |
| Chronology of Maturity Models | p. 164 |
| Security and Safety in Maturity Models | p. 165 |
| FAA Model | p. 165 |
| The +SAFE VI .2 Extension . | p. 167 |
| The +SECURE V1.3 Extension | p. 167 |
| The CMMI® Approach | p. 167 |
| General CMMI® | p. 167 |
| CMMI® for Development | p. 168 |
| Incorporating Safety and Security Processes | p. 169 |
| +SAFE V1.2 Comparisons | p. 169 |
| +SECURE V1.2 Comparisons | p. 172 |
| Summary and Conclusions | p. 173 |
| Endnotes | p. 175 |
| 9 Secure SSDLC Projects in Greater Detail | p. 177 |
| Introduction | p. 177 |
| Different Terms, Same or Different Meanings | p. 178 |
| Creating and Using Software Systems | p. 180 |
| Phases and Steps of the SSDLC | p. 182 |
| Summary and Conclusions | p. 191 |
| Endnotes | p. 193 |
| 10 Safe SSDLC Projects in Greater Detail | p. 195 |
| Introduction | p. 195 |
| Definitions and Terms | p. 196 |
| Hazard Analysis | p. 198 |
| Software Requirements Hazard Analysis | p. 199 |
| Top-Level Design Hazard Analysis | p. 200 |
| Detailed Design Hazard Analysis | p. 201 |
| Code-Level Software Hazard Analysis | p. 201 |
| Software Safety Testing | p. 201 |
| Software/User Interface Analysis | p. 202 |
| Software Change Hazard Analysis | p. 203 |
| The Safe Software System Development Lifecycle | p. 204 |
| Combined Safety and Security Requirements | p. 207 |
| Summary and Conclusions | p. 208 |
| Endnotes | p. 209 |
| 11 The Economics of Software Systems' Safety and Security | p. 211 |
| Introduction | p. 211 |
| Closing the Gap | p. 212 |
| Technical Debt | p. 214 |
| Application of Technical Debt Concept to Security and Safety | p. 215 |
| System Obsolescence and Replacement | p. 217 |
| The Responsibility for Safety and Security by Individuals and Groups | p. 218 |
| Basic Idea | p. 218 |
| Extending the Model | p. 219 |
| Concept and Requirements Phase | p. 219 |
| Design and Architecture Phase | p. 222 |
| Development | p. 223 |
| Verification | p. 224 |
| Validation | p. 224 |
| Deployment, Operations, Maintenance, and Technical Support | p. 225 |
| Decommissioning and Disposal | p. 226 |
| Overall Impression | p. 226 |
| Methods for Encouraging Optimal Behavior | p. 226 |
| Pricing | p. 227 |
| Chargeback | p. 227 |
| Costs and Risk Mitigation | p. 228 |
| Management Mandate | p. 228 |
| Legislation | p. 229 |
| Regulation | p. 229 |
| Standards and Certifications | p. 229 |
| Going Forward | p. 230 |
| Tampering | p. 231 |
| Tamper Evidence | p. 231 |
| Tamper Resistance | p. 232 |
| Tamperproofing | p. 232 |
| A Brief Note on Patterns | p. 234 |
| Conclusions | p. 236 |
| Endnotes | p. 238 |
| Appendix A Software Vulnerabilities, Errors, and Attacks | p. 239 |
| Ranking Errors, Vulnerabilities, and Risks | p. 240 |
| The OWASP Top Security Risks | p. 241 |
| The CWE/SANS Most Dangerous Software Errors | p. 244 |
| Top-Ranking Safety Issues | p. 244 |
| Enumeration and Classification | p. 246 |
| WASC Threat Classification | p. 248 |
| Summary and Conclusions | p. 250 |
| Endnotes | p. 250 |
| Appendix B Comparison of IS0/IEC 12207 and CMMP®-DEV Process Areas | p. 253 |
| Appendix C Security-Related Tasks in the Secure SSDLC | p. 257 |
| Task Areas for SSDLC Phases | p. 258 |
| Involvement by Teams and Groups for Secure SSDLC Phases | p. 262 |
| A Note on Sources | p. 288 |
| Endnotes | p. 288 |
| Appendix D Safety-Related Tasks in the Safe SSDLC | p. 289 |
| Task Areas for Safe SSDLC Phases | p. 289 |
| Levels of Involvement | p. 309 |
| A Note on Sources | p. 309 |
| Endnotes | p. 313 |
| About the Author | p. 315 |
| Index | p. 317 |
