CSCE 548 Secure Software Development Use Cases Misuse
- Slides: 11
CSCE 548 Secure Software Development Use Cases Misuse Cases
Reading Required: – Mc. Graw: Chapter 8 – I. Alexander, Misuse Cases: Use Cases with Hostile Intent, IEEE Software, vol. 20, no. 1, pp. 58 -66, Jan. /Feb. 2003. http: //www. computer. org/portal/web/csdl/doi/10. 1109/MS. 2003. 11 59030 Recommended” – Pauli and Xu, Misuse Case-Based Design and Analysis of Secure Software Architecture, http: //cs. ndsu. edu/~dxu/publications/paulixu-ITCC 05. pdf – Steven and Peterson, Defining Misuse within the Development Process, http: //csdl. computer. org/dl/mags/sp/2006/06/j 6081. pdf l Next lecture: – Reliability CSCE 548 - Farkas 2
Application of Touchpoints External Review 6. Security Requirements 2. Risk Analysis 4. Risk-Based Security Tests 3. Penetration Testing 1. Code Review (Tools) 5. Abuse cases Requirement and Use cases Architecture and Design CSCE 548 - Farkas 2. Risk Analysis Test Plans Code Tests and Test Results 7. Security Operations Feedback from the Field 3
Misuse Cases Software development: making software do something – Describe features and functions – Everything goes right l Need: security, performance, reliability – Service level agreement – legal binding l How to model non-normative behavior in use cases? – Think like a bad guy l CSCE 548 - Farkas 4
Software Vendor Accountability SLA for specific, measurable criteria: l Proper implementation of security features l Looking for known security flaws and confirming that they are not present l Passing third party validation and verification l Use of source code analysis tools CSCE 548 - Farkas 5
Checking for Known Vulnerabilities l Need tool l Possible attacks and attack types l How the software behaves if something goes WRONG l What motivates an attacker? CSCE 548 - Farkas 6
Misuse Cases l Extends use case diagrams l Represent actions the system should prevent l Represent together – Desired functionalities – Undesired actions emergent property must be built in from the ground up l Making explicit trade offs l Security: CSCE 548 - Farkas 7
Misuse Cases l Analyze system design – Assumptions – Failure of assumptions – Attack patterns l Software and requirements that is used also going to be attacked l What can a bad guy do and how to react to malicious use CSCE 548 - Farkas 8
Misuse Case Development Team work – software developers and security experts l Identifying and documenting threats l Creating anti-requirements: how the system can be abused l Creating attack model l – Select attack pattern relevant to the system – Include anyone who can gain access to the system CSCE 548 - Farkas 9
l Link to slides on Ian Alexander’s paper on Misuse Cases: Use Cases with Hostile Intent, www. cse. msstate. edu/~allen/cse 8990 sp 07/Lectures/Presentations/cln 11_021507. ppt CSCE 548 - Farkas 10
Next Class l Software Reliability l B. Littlewood, P. Popov, L. Strigini, "Modelling software design diversity - a review", ACM Computing Surveys, Vol. 33, No. 2, June 2001, pp. 177 -208, http: //portal. acm. org/citation. cfm? doid=384 192. 384195 CSCE 548 - Farkas 11
Computer misuse act cases
System vision document
Practical threat analysis
One night a theater sold 548
Cis548
Round off to the nearest hundred 695
Transformador trihal
Criminal cases vs civil cases
Use and misuse of statistics
Use case and user story
Writing effective use cases by alistair cockburn
Use case diagram cheat sheet
