dilemma and design
play

Dilemma and Design CSM27 Computer Security Dr Hans Georg Schaathun - PowerPoint PPT Presentation

Dilemma and Design CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2007 Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 1 / 30 The session Outline The session 1 Security Design 2 Security and


  1. Dilemma and Design CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2007 Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 1 / 30

  2. The session Outline The session 1 Security Design 2 Security and Simplicity The fundamental dilemma Design Decisions Attack trees 3 Attack trees Exercises Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 2 / 30

  3. The session Session objectives Realise how difficult security is. Realise how easy security is. Consider some general design decisions which have to be made Understand how (much) security depends on both software features, physical features, and organisational structure and policy. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 3 / 30

  4. Security Design Outline The session 1 Security Design 2 Security and Simplicity The fundamental dilemma Design Decisions Attack trees 3 Attack trees Exercises Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 4 / 30

  5. Security Design Security and Simplicity Outline The session 1 Security Design 2 Security and Simplicity The fundamental dilemma Design Decisions Attack trees 3 Attack trees Exercises Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 5 / 30

  6. Security Design Security and Simplicity How difficult is security? Which is the most challenging? Building a secure system? Securing a built system? Why? Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 6 / 30

  7. Security Design Security and Simplicity How difficult is security? Which is the most challenging? Building a secure system? Securing a built system? Why? Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 6 / 30

  8. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  9. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  10. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  11. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  12. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  13. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  14. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  15. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  16. Security Design Security and Simplicity Secure design No features ⇒ no security holes. Only add secure features. Default is always ‘access denied’. Access given when demonstrateably necessary. Need-to-know policy Security is maintained during the design and building. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 8 / 30

  17. Security Design Security and Simplicity Secure design No features ⇒ no security holes. Only add secure features. Default is always ‘access denied’. Access given when demonstrateably necessary. Need-to-know policy Security is maintained during the design and building. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 8 / 30

  18. Security Design Security and Simplicity Secure design No features ⇒ no security holes. Only add secure features. Default is always ‘access denied’. Access given when demonstrateably necessary. Need-to-know policy Security is maintained during the design and building. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 8 / 30

  19. Security Design Security and Simplicity Secure design No features ⇒ no security holes. Only add secure features. Default is always ‘access denied’. Access given when demonstrateably necessary. Need-to-know policy Security is maintained during the design and building. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 8 / 30

  20. Security Design Security and Simplicity Secure design No features ⇒ no security holes. Only add secure features. Default is always ‘access denied’. Access given when demonstrateably necessary. Need-to-know policy Security is maintained during the design and building. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 8 / 30

  21. Security Design Security and Simplicity Adding features to the box Feature-oriented design Users must be able to add data Security-oriented design Authorised users and nobody else must be able to add data. We only add features if we can maintain security Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 9 / 30

  22. Security Design Security and Simplicity Adding features to the box Feature-oriented design Users must be able to add data Security-oriented design Authorised users and nobody else must be able to add data. We only add features if we can maintain security Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 9 / 30

  23. Security Design Security and Simplicity Adding features to the box Feature-oriented design Users must be able to add data Security-oriented design Authorised users and nobody else must be able to add data. We only add features if we can maintain security Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 9 / 30

  24. Security Design The fundamental dilemma Outline The session 1 Security Design 2 Security and Simplicity The fundamental dilemma Design Decisions Attack trees 3 Attack trees Exercises Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 10 / 30

  25. Security Design The fundamental dilemma Product and System Product is a software package designed for general use in a variety of systems. System is a specific IT installation, with a particular purpose and operational environment. A secure product can be deployed insecurily in a system. A system can incorporate non-standard security requirements of a particular application. Secure products can be mass-produced Security affects many users. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 11 / 30

  26. Security Design The fundamental dilemma The fundamental dilemma The users Require security No security expertise The expert Security expertise Unfamiliar of the application and local requirements Who can capture the local security requirements? Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 12 / 30

  27. Security Design The fundamental dilemma The fundamental dilemma The users Require security No security expertise The expert Security expertise Unfamiliar of the application and local requirements Who can capture the local security requirements? Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 12 / 30

Recommend


More recommend