T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A eXtreme Security Engineering K O N S T A N T I N B E Z N O S O V D E P A R T M E N T O F E L E C T R I C A L A N D C O M P U T E R E N G I N E E R I N G http://www.ece.ubc.ca/~beznosov/
What’s security engineering? Development/integration of “security- intensive” solutions Examples – Smart card device – Enterprise security 2 31 October 2003 eXtreme Security Engineering @ BizSec
What’s “good enough security”? • “good enough” risk analysis Customer is comfortable with • “good enough” requirements engineering • “good enough” modeling • “good enough” design, development, composition • “good enough” testing • “good enough” assurance 3 31 October 2003 eXtreme Security Engineering @ BizSec
Premises and beliefs • Customers cannot afford and/or don’t want “absolute security” – “good enough security” cannot be defined well enough a priory – No “good enough common criteria”! • Uncertainty and change are inevitable in security engineering projects – “how to manage”, not “how to limit” 4 31 October 2003 eXtreme Security Engineering @ BizSec
Key points • “good enough security” – don’t define a priory – define as you go – let the customer(s) “define” and change it • How? • eXtreme Security Engineering (XSE) – adoption of XP – benefits • project success rate • customer satisfaction • “define” and adjust “good enough security” just-in-time • position (i.e., speculation) 5 31 October 2003 eXtreme Security Engineering @ BizSec
Reasoning • Why XP? – ASD/XP • “good enough” software • short feedback loop – software eng. ≈ security eng. – iterative and incremental development (IID) in non-software manufacturing • XSE applicability – scope – anticipated dificulties 6 31 October 2003 eXtreme Security Engineering @ BizSec
What’s XP? small releases planning game user stories metaphor simple design tests refactoring pair programming continuous integration collective ownership onsite customer 7 31 October 2003 eXtreme Security Engineering @ BizSec
How short is feedback loop in XP? 8 31 October 2003 eXtreme Security Engineering @ BizSec
Why software eng. ≈ security eng.? 1. A system’s users seldom know exactly what they want and cannot articulate all they know. 2. Even if we could state all requirements, there are many details that we can only discover once we are well into implementation. 3. Even if we knew all these details, as humans, we can master only so much complexity. 4. Even if we could master all this complexity, external forces lead to changes in requirements, some of which may invalidate earlier decisions. Parnas and Clements, “A Rational Design Process: How and Why to Fake It” 9 31 October 2003 eXtreme Security Engineering @ BizSec
What’s XSE applicability scope? • nonsafety-critical projects – volatile requirements – development teams • small • skilled • collocated • Boehm and Turner – size, criticality, dynamism, personnel, culture – incorporate agile and plan-driven approaches 10 31 October 2003 eXtreme Security Engineering @ BizSec
Anticipated difficulties • analysis and testing • refactoring – COTS and hardware – “distributed undo” • “no map” 11 31 October 2003 eXtreme Security Engineering @ BizSec
Conclusions • adoption of XP to security eng. • “embrace” changes – extremely short feedback loop – higher success rate – better customer satisfaction • customers drive “good enough security” • benefits and applicability extrapolated from XP • expected difficulties • idea/speculation 12 31 October 2003 eXtreme Security Engineering @ BizSec
Recommend
More recommend
