Software Security

26, Feb. 20141

Research Topic

Enhancing Agile Development Approach for Cloud-service Ecosystem Security and Dependability

S. Hassan AdelyarPhD Student

Institute of informatics, Tallinn University

February 2014

Software Security

26, Feb. 20142

Contents

I. Problem Area

II. Introduction & Related Definitions

III. Problem area & Information Society

IV. Major Policies & Strategies

V. Group Activity

VI. Problem Area Challenges

VII. Our Possible Contribution

VIII. References

 

Software Security

26, Feb. 20143

Problem Area

Agile digital services development processes are used by industry to produce functionally correct digital services as quickly as possible.

However, agility in the digital services development process does not embrace secure- and dependable practices.

Software Security

26, Feb. 20144

Security and dependability are important and critical properties of digital services.

But achieving security and dependability in digital services is a challenging task.

Software Security

26, Feb. 20145

The aim of this research is to enhance the Agile Development Approach for Cloud Services Ecosystem with a special focus on the quality goals of security and dependability.

Software Security

26, Feb. 20146

Introduction Related Definitions

Software systems are common components of our daily life.

The success of software systems depends greatly on its security and dependability.

Therefore, security and dependability are important because so many critical functions have come to be completely dependent on software system.

This makes software a very high-value target for attackers, whose motives may be malicious, criminal, or adversarial.

Software Security

26, Feb. 20147

Software security has three aspects which are the preservation of the confidentiality, integrity, and availability of the software.

Confidentiality refers to the prevention of unauthorized discovery and leak of information.

Integrity means the prevention of unauthorized modification of information.

Availability is the prevention of unauthorized damage or denial of access or services (Algirdas Avizienis, 2004).

Software Security

26, Feb. 20148

Dependability is the ability of software to deliver trusted services to its users.

Dependability includes the security aspects (CIA) plus reliability, maintainability and safety.

Reliability is the ability of software to deliver services as specified.

Software Security

26, Feb. 20149

Maintainability is software feature that allows the software to emerge new requirements and can be adapted to new changes.

Safety is the ability of software to operate without disastrous failure (Algirdas Avizienis, 2004).

Software Security

26, Feb. 201410

Threat: Any entity, circumstance or event with the potential to

adversely impact the software system or component through its unauthorized access, destruction, modification, and/or denial of service (Algirdas, 2004).

Vulnerability: Weakness in a software system that could be exploited

by an attacker. Bugs and flaws collectively form the basis of most software vulnerabilities (Algirdas, 2004).

Software Security

26, Feb. 201411

Today many software industries use agile development methods for developing software.

Microsoft, one of the world wide popular software-company, also uses agile software development methods to build their applications (Microsoft, 2009).

The reason for the broad usage of agile development methods by software industries refer to the flexibility of agile methods for developing today software systems.

Agile development methods allow software developer to incorporate the new requirements into the software in a flexible and quick manner.

Software Security

26, Feb. 201412

Major features of agile development include the iterative and incremental development, reflective process improvement, and customer participation.

However, these methods do not embrace secure service-development practices, and to some extent, security and dependability has not been given the attention it needs when developing digital services with agile methods (Bejan, 2011).

Software Security

26, Feb. 201413

Therefore, security is the main concern with agile methods. Since agile process do impose limitations on the software development process.

Some of the limitations of agile development methods are: It is no longer possible to create a complete picture of a

product as all requirements are not yet known. This lack of a complete overview prevents some

common security engineering process from being performed in agile project.

Software Security

26, Feb. 201414

Problem area & Information Society

During the last two decades, we have moved from merely using software, to relying on it, and ultimately becoming dependent on software systems, for our day to day lives.

We depend on software for many jobs, business and daily work.

Software is at the root of all common computer security problems. If your software misbehaves, a number of diverse sorts of problems can crop up: reliability, availability, and safety.

Software Security

26, Feb. 201415

Malicious hackers don’t create security vulnerabilities; they simply exploit them. Security vulnerabilities are the result of bad software design and implementation.

Software flaws and defects can cause software to behave incorrectly and unpredictably, even when it is used purely as its designers intended.

Software Security

26, Feb. 201416

Generally we need software security to protect assets: Human life Information Money Intangibles assets, such as an organization’s

confidence and public reputation.

Software Security

26, Feb. 201417

Software is also used in safety critical areas such as medicine, transportation, nuclear power generation, and national defense.

Such areas are safety critical, and extremely sensitive to errors.

The smallest flaw could have upsetting consequences that can lead to significant damage, including the loss of life.

Software Security

26, Feb. 201418

We note that software may not be the only cause of all accidents but the causes are a combination of both software and human errors.

Here are two examples for the role of safety-critical software.

Software Security

26, Feb. 201419

In September 1993, a plane landed at Warsaw airport in Poland during a thunder-storm (Sommerville, 2011).

For nine seconds after landing, the brakes on the computer-controlled braking system did not work. The braking system had not recognized that the plane had landed and assumed that the aircraft was still airborne.

A safety feature on the aircraft had stopped the deployment of the reverse thrust system, which slows down the aircraft, because this can be dangerous if the plane is in the air.

Software Security

26, Feb. 201420

The plane ran off the end of the runway, hit an earth bank, and caught fire.

The inquiry into the accident showed that the braking system software had operated according to its specification. There were no errors in the program.

However, the software specification was incomplete and had not taken into account a rare situation, which arose in this case. The software worked but the system failed.

Software Security

26, Feb. 201421

Shutdown of Atlanta International Airport (Vidroha, 2009):

One of the world’s busiest airports, both in terms of passengers, and number of flights.

The alertness of the security screeners is tested by the random appearance of artificial bombs or other suspicious hard-to-detect devices on the X-ray machine displays, followed by a brief delay, then a message indicating that it was a test.

Software Security

26, Feb. 201422

On April 19, 2006, an employee of the Transportation Security Administration identified the image of a suspicious device, but did not realize it was part of the routine testing for security screeners because the software failed to indicate such a test was underway.

As a result, the airport authorities evacuated the security area for two hours while searching for the suspicious device, causing more than 120 flight delays, and forcing many travelers to wait outside the airport.

Software Security

26, Feb. 201423

Policies & Strategies

Computer systems security and dependability also rely on countermeasures at the OS, network technologies, database, and web server levels.

But relying only on this type of security has two important shortcomings.

First the security of the application depends completely on the robustness of the wall of protections that surround it.

Secondly, the defense itself has exploitable development faults and other weaknesses as the application software they are protecting (Karen Goertzel, 2008).

Software Security

26, Feb. 201424

Therefore, software specification, design and implementation as the major steps of software development are essential for successful and secure software system.

Error in these phases will continue to other phases of the software.

Software Security

26, Feb. 201425

Threats to software may be present throughout its life cycle, during its development, deployment, and operation.

For software in development and deployment, most threats will be insider threats which come from the software’s developers, testers, configuration managers, and installers or administrators.

The threats they pose may be unintentional, intentional but non-malicious, or intentional and malicious.

Software Security

26, Feb. 201426

Unintentional threats can occur during the development, deployment and operation of the software.

For example the developer may ignore some specification or the programmer may ignore the developer consideration during the coding.

Intentional threats can be malicious or not malicious. Intentional but not malicious threats can be from the developer, programmer or operators.

For example the programmer may ignore functionality during coding because of timeline.

Software Security

26, Feb. 201427

Intentional and malicious threats can also be from the developer, programmer or operators. For example programmer may intentionally include exploitable flaws and backdoor in the code.

For developing a secure software the security practices should be added to the whole software development life cycle.

The key elements of a secure SDLC process are:

Software Security

26, Feb. 201428

Adequate requirements: Elicitation, derivation, and specification of

requirements includes adequate, complete requirements for constraints on the software’s functionality and behavior as well as non-functional requirements pertaining to development and evaluation processes, operational constraints, etc., to ensure the software’s security and dependability.

Software Security

26, Feb. 201429

Adequate architecture and design: The architecture and design are carefully reviewed to

ensure that they reflect correct developer assumptions about all possible changes that might arise in the software’s environment.

Software Security

26, Feb. 201430

Secure coding: Includes both coding and integration of software

components. Coding follows secure coding practices and adheres to secure coding standards. Static security analysis of code is performed iteratively throughout the coding process, to ensure that security issues are found and eliminated before code is released for unit testing and integration.

Software Security

26, Feb. 201431

Security testing: Appropriate security-oriented reviews and tests are

performed throughout the SDLC. Tests plans include scenarios include abnormal conditions among “anticipated conditions” under which the software may operate, and test criteria include those that enable the tester to determine whether the software satisfies its requirements for security and dependability.

Software Security

26, Feb. 201432

Secure configuration management systems and processes: Secure software configuration management and

version/change control of the development artifacts (source code, specifications, test results, etc.) as a countermeasure against subversion of those artifacts by malicious developers, testers, or other SDLC “insiders”.

Software Security

26, Feb. 201433

Secure sustainment: Maintenance, vulnerability management, and patch

issuance and distribution conform to secure sustainment principles and practices. Software customers are encouraged to apply patches and keep software updated, to minimize unnecessary exposure of vulnerabilities.

Software Security

26, Feb. 201434 Group Activity

Software Security Challenges: List the main challenges against secure software

development (15 Minutes). Present your work (3 Minutes). {5*3 = 15 Minutes}

Software Security

26, Feb. 201435

Problem Area Challenges

All systems that involve software are complex and complex systems introduce multiple risks. Today software system contains a huge number of code

lines which make difficult to analyze the logic and working manner of the program.

For example the Windows XP operating system had 40 million lines of code (Greg Hoglund, 2004).

Software Security

26, Feb. 201436

The complexity is however not only due to size, but also the structure of the software.

In such a large system vulnerabilities remain invisible to unsuspecting users until it is too late.

In addition to this the system complexity is continuously rising which makes it difficult to plan for security, as it is an environment that is constantly changing.

Software Security

26, Feb. 201437

Programmers often have to face not only the complexity of their own business domain, such as banking, but they also have to deal with concerns such as security.

Even techniques of object-oriented software engineering and component based software improved the problem of complexity, but the security concerns have proven difficult to modularize due to their pervasive nature (Greg Hoglund, 2004).

Software Security

26, Feb. 201438

Unlike hardware, software is easily extendable and more functionality can be added to the software. and extensible systems are particularly susceptible to

hidden risk and malicious functionality problems. The risk of intentional introduction of malicious behavior

increases drastically. The risk of introducing unintentional vulnerabilities. Programmers can modify systems software that is

initially installed on the machine.

Software Security

26, Feb. 201439

Users may incorrectly install a program that introduces unacceptable risk.

User accidentally propagate a virus by installing new programs or software updates.

Software Security

26, Feb. 201440

One significant problem is the fact that computer networks are becoming ubiquitous. The growing connectivity of computers through the

Internet has increased both the number of attack vectors and the ease with which an attack can be made.

More and more computers, ranging from home PCs to systems that control critical infrastructures, are being connected to the Internet.

Furthermore, people, businesses, and governments are increasingly dependent on network-enabled communication.

Software Security

26, Feb. 201441

Diversity in the form of vulnerabilities and threats. Someone is deliberately trying to break the system. It is virtually guaranteed presence of flaws and defects.

Software are developed in different phases, by different people.

Effected by different environments such as hardware, software, and stakeholders.

Therefore, it needs continuous efforts and related work.

Software Security

26, Feb. 201442 Our Possible Contribution

Agile software development methods have become increasingly popular.

These methods take a less formal approach to software development which emphasize on small teams, iterative development and quick customer feedback.

This is also important to include security engineering activities when applying agile methods.

Software Security

26, Feb. 201443

Using agile methods the system is developed by producing individual components of functionality, then integrating these components together.

However, software security is a whole-system property, and even if individual components are secure, the combination of those components will not necessarily result in a measurably secure software system (Karen Goertzel, 2008).

Software Security

26, Feb. 201444

Therefore, there is a perception today that agile methods do not create secure code, and, on further analysis, the perception is reality.

Due to the broad usage of agile methods this perception needs to change.

But the only way the perception and reality can change is by actively taking steps to integrate security and dependability requirements into agile development methods (Microsoft, 2009).

Software Security

26, Feb. 201445

The aim of this research is to enhance the agile development method for building secure and dependable cloud-services ecosystem.

Software Security

26, Feb. 201446

Our possible contribution is the objective of our research: To evaluate security and dependability requirements

dynamically in agile development method for building secure and dependable cloud services ecosystem.

To identify vulnerabilities in agile development method for building secure and dependable cloud-services ecosystem.

To avoid security- and dependability errors caused by service-developer mistakes in carrying out agile methods while building cloud-services ecosystem.

Software Security

26, Feb. 201447

The expected result from the first objective will be a dynamically tested and evaluated agile development method for building secure and dependable cloud services ecosystem.

After completing the second part of our research we expect to identify vulnerabilities in agile development approach in order to build secure and dependable cloud-services ecosystem.

By completing the third part of our research, we contribute to the enhancement of agile development approach through avoiding service-developer mistakes.

Software Security

26, Feb. 201448 References

Algirdas Avizienis, Fellow, IEEE, Jean-Claude Laprie, Brian Randell, & Carl Landwehr, Senior Member, IEEE. Basic Concepts and Taxonomy of Dependable and Secure Computing, 2004.

Ian Sommerville, Software Engineering Ninth Edition, Addison-Wesley, USA, 2011.

Vidroha Debroy and Andrew Restrepo. The Role of Software in Recent Catastrophic Accidents Department of Computer Science University of Texas at Dallas, IEEE, Annual Technology Report, 2009.

Software Security

26, Feb. 201449

Karen Mercedes Goertzel, Security in the Software Lifecycle, Department of Homeland Security, National Cyber Security Division, 2006.

Bryan Sullivan, Practices for Secure Development of Cloud Applications, Cloud Security Alliance, 2013.

Software Security

26, Feb. 201450

Thank You