1 / 50

Research Topic Enhancing Agile Development Approach for Cloud-service Ecosystem Security and Dependability

Research Topic Enhancing Agile Development Approach for Cloud-service Ecosystem Security and Dependability. S. Hassan Adelyar PhD Student Institute of informatics, Tallinn University February 2014. Contents. Problem Area Introduction & Related Definitions

ted
Télécharger la présentation

Research Topic Enhancing Agile Development Approach for Cloud-service Ecosystem Security and Dependability

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research Topic Enhancing Agile Development Approach for Cloud-service Ecosystem Security and Dependability S. Hassan Adelyar PhD Student Institute of informatics, Tallinn University February 2014

  2. Contents • Problem Area • Introduction & Related Definitions • Problem area & Information Society • Major Policies & Strategies • Group Activity • Problem Area Challenges • Our Possible Contribution • References

  3. Problem Area • Agile digital services development processes are used by industry to produce functionallycorrect digital services as quickly as possible. • However, agility in the digital services development process does not embracesecure- and dependablepractices.

  4. Securityand dependability are important and critical properties of digital services. • But achieving security and dependability in digital services is a challenging task.

  5. The aim of this research is to enhance the Agile Development Approach for CloudServices Ecosystem with a special focus on the quality goals of security and dependability.

  6. Introduction Related Definitions • Software systems are commoncomponents of our daily life. • The successof software systems depends greatly on its security and dependability. • Therefore, security and dependability are important because so many critical functions have come to be completely dependent on software system. • This makes software a very high-valuetarget for attackers, whose motives may be malicious, criminal, or adversarial.

  7. Software security has threeaspects which are the preservation of the confidentiality, integrity, and availability of the software. • Confidentialityrefers to the prevention of unauthorizeddiscovery and leak of information. • Integritymeans the prevention of unauthorizedmodification of information. • Availabilityis the prevention of unauthorizeddamageor denial of access or services (AlgirdasAvizienis, 2004).

  8. Dependability is the ability of software to deliver trustedservices to its users. • Dependability includes the securityaspects(CIA) plus reliability, maintainability and safety. • Reliabilityis the ability of software to deliver services as specified.

  9. Maintainabilityis software feature that allows the software to emerge new requirements and can be adapted to new changes. • Safetyis the ability of software to operate without disastrousfailure (AlgirdasAvizienis, 2004).

  10. Threat: • Any entity, circumstance or event with the potential to adverselyimpactthe software system or component through its unauthorizedaccess, destruction, modification, and/or denial of service (Algirdas, 2004). • Vulnerability: • Weakness in a software system that could be exploited by an attacker. Bugs and flawscollectivelyform the basis of most software vulnerabilities (Algirdas, 2004).

  11. Today many software industries use agile development methods for developing software. • Microsoft, one of the world wide popular software-company, also uses agile software development methods to build their applications (Microsoft, 2009). • The reason for the broad usage of agile development methods by software industries refer to the flexibility of agile methods for developing todaysoftware systems. • Agiledevelopment methods allow software developer to incorporate the new requirements into the software in a flexible and quick manner.

  12. Majorfeatures of agile development include the iterative and incremental development, reflective process improvement, and customerparticipation. • However, these methods do notembracesecureservice-development practices, and to some extent, security and dependability has not been given the attention it needs when developing digitalservices with agile methods (Bejan, 2011).

  13. Therefore, security is the main concern with agile methods. Since agile process do impose limitations on the software development process. • Some of the limitations of agile development methods are: • It is no longer possible to create a completepicture of a product as all requirements are not yet known. • This lack of a complete overview prevents some common securityengineeringprocess from being performed in agile project.

  14. Problem area & Information Society • During the last twodecades, we have moved from merely using software, to relying on it, and ultimately becoming dependent on software systems, for our day to day lives. • We depend on software for many jobs, business and dailywork. • Software is at the root of all common computer securityproblems. If your software misbehaves, a number of diverse sorts of problems can crop up: reliability, availability, and safety.

  15. Malicioushackers don’t create securityvulnerabilities; they simply exploit them. Securityvulnerabilities arethe result of bad software design and implementation. • Softwareflaws and defects can cause software to behave incorrectly and unpredictably, even when it is used purely as its designersintended.

  16. Generally we need software security to protect assets: • Human life • Information • Money • Intangibles assets, such as an organization’sconfidence and publicreputation.

  17. Software is also used in safetycritical areas such as medicine, transportation, nuclearpower generation, and nationaldefense. • Such areas are safetycritical, and extremely sensitive to errors. • The smallestflaw could have upsetting consequences that can lead to significant damage, including the loss of life.

  18. We note that software may not be the onlycause of all accidents but the causes are a combination of both software and human errors. • Here are twoexamples for the role of safety-critical software.

  19. In September1993, a plane landed at Warsawairport in Poland during a thunder-storm (Sommerville, 2011). • For nineseconds after landing, the brakes on the computer-controlledbraking system did not work. The brakingsystem had notrecognized that the plane had landedand assumed that the aircraft was still airborne. • A safetyfeature on the aircrafthad stopped the deployment of the reversethrustsystem, which slows down the aircraft, because this can be dangerous if the plane is in the air.

  20. The planeranoffthe end of the runway, hit an earth bank, and caughtfire. • The inquiry into the accident showed that the braking system software had operatedaccording to its specification. There were noerrors in the program. • However, the software specification was incomplete and had not taken into account a raresituation, which arose in this case. The softwareworked but the systemfailed.

  21. Shutdown of Atlanta International Airport (Vidroha, 2009): • One of the world’sbusiestairports, both in terms of passengers, and number of flights. • The alertness of the securityscreeners is tested by the random appearance of artificialbombs or other suspicious hard-to-detect devices on the X-ray machine displays, followed by a briefdelay, then a message indicating that it was a test.

  22. On April19, 2006, an employee of the TransportationSecurityAdministrationidentified the image of a suspicious device, but did notrealize it was part of the routinetesting for securityscreeners because the softwarefailed to indicate such a test was underway. • As a result, the airportauthorities evacuated the security area for twohours while searching for the suspicious device, causing more than 120flightdelays, and forcing many travelers to wait outside the airport.

  23. Policies & Strategies • Computersystemssecurity and dependability also rely on countermeasures at the OS,networktechnologies, database, and webserver levels. • But relying only on this type of security has twoimportantshortcomings. • Firstthe security of the application depends completely on the robustness of the wall of protections that surround it. • Secondly, the defense itself has exploitable development faults and other weaknesses as the application software they are protecting (Karen Goertzel, 2008).

  24. Therefore, softwarespecification, design and implementation as the major steps of software development are essential for successful and secure software system. • Errorin these phases will continue to other phases of the software.

  25. Threats to software may be present throughout its lifecycle, during its development, deployment, and operation. • For software in development and deployment, most threats will be insider threats which come from the software’s developers, testers, configurationmanagers, and installers or administrators. • The threats they pose may be unintentional, intentional but non-malicious, or intentional and malicious.

  26. Unintentionalthreats can occur during the development, deployment and operation of the software. • For example the developer may ignore some specification or the programmer may ignore the developer consideration during the coding. • Intentionalthreats can be malicious or not malicious. Intentional but notmalicious threats can be from the developer, programmer or operators. • For example the programmer may ignorefunctionality during coding because of timeline.

  27. Intentionaland malicious threats can also be from the developer, programmer or operators. For exampleprogrammer may intentionally include exploitableflaws and backdoor in the code. • For developing a secure software the securitypractices should be added to the whole software development lifecycle. • The key elements of a secure SDLC process are:

  28. Adequaterequirements: • Elicitation, derivation, and specification of requirements includes adequate, completerequirements for constraints on the software’s functionality and behavior as well as non-functional requirements pertaining to development and evaluationprocesses, operationalconstraints, etc., to ensure the software’s security and dependability.

  29. Adequatearchitecture and design: • The architecture and design are carefully reviewed to ensure that they reflectcorrectdeveloperassumptions about all possible changes that might arise in the software’s environment.

  30. Securecoding: • Includes both coding and integration of softwarecomponents. Coding follows securecodingpractices and adheres to secure codingstandards. Staticsecurityanalysis of code is performed iteratively throughout the codingprocess, to ensure that security issues are found and eliminated before code is released for unit testing and integration.

  31. Securitytesting: • Appropriate security-oriented reviews and tests are performed throughout the SDLC. Tests plans include scenarios include abnormal conditions among “anticipatedconditions” under which the software may operate, and test criteria include those that enable the tester to determine whether the software satisfies its requirements for security and dependability.

  32. Secureconfigurationmanagement systems and processes: • Securesoftware configuration management and version/change control of the development artifacts (sourcecode, specifications, test results, etc.) as a countermeasure against subversion of those artifacts by malicious developers, testers, or other SDLC “insiders”.

  33. Secure sustainment: • Maintenance, vulnerabilitymanagement, and patch issuance and distribution conform to secure sustainmentprinciples and practices. Software customers are encouraged to apply patches and keep software updated, to minimize unnecessary exposure of vulnerabilities.

  34. Group Activity • Software Security Challenges: • List the main challenges against secure software development (15 Minutes). • Present your work (3 Minutes). {5*3 = 15 Minutes}

  35. Problem Area Challenges • Allsystems that involve software are complex and complex systems introduce multiplerisks. • Today software system contains a hugenumber of codelines which make difficult to analyze the logic and working manner of the program. • For example the WindowsXP operating system had 40millionlines of code (Greg Hoglund, 2004).

  36. The complexity is however notonly due to size, but also the structure of the software. • In such a large system vulnerabilities remain invisible to unsuspecting users until it is toolate. • In addition to this the system complexity is continuouslyrising which makes it difficult to plan for security, as it is an environment that is constantlychanging.

  37. Programmersoften have to face not only the complexity of their own businessdomain, such as banking, but they also have to deal with concerns such as security. • Even techniques of object-oriented software engineering and componentbased software improved the problem of complexity, but the security concerns have proven difficult to modularize due to their pervasive nature (Greg Hoglund, 2004).

  38. Unlikehardware, software is easily extendable and more functionality can be added to the software. • and extensiblesystems are particularly susceptible to hiddenrisk and malicious functionality problems. • The risk of intentionalintroduction of malicious behavior increases drastically. • The risk of introducing unintentional vulnerabilities. • Programmers can modify systems software that is initially installed on the machine.

  39. Usersmay incorrectly install a program that introduces unacceptable risk. • Useraccidentally propagate a virus by installing new programs or softwareupdates.

  40. One significant problem is the fact that computernetworksare becoming ubiquitous. • The growingconnectivity of computers through the Internethas increased both the number of attackvectorsand the ease with which an attack can be made. • Moreand more computers, ranging from home PCsto systemsthat control criticalinfrastructures, are being connected to the Internet. • Furthermore, people, businesses, and governments are increasinglydependent on network-enabled communication.

  41. Diversityin the form of vulnerabilities and threats. Someone is deliberately trying to break the system. It is virtuallyguaranteed presence of flaws and defects. • Software are developed in differentphases, by differentpeople. • Effected by different environments such as hardware, software, and stakeholders. • Therefore, it needs continuous efforts and related work.

  42. Our Possible Contribution • Agile software development methods have become increasingly popular. • These methods take a lessformal approach to software development which emphasize on smallteams, iterativedevelopment and quickcustomerfeedback. • This is also important to include security engineering activities when applying agile methods.

  43. Usingagile methods the system is developed by producing individualcomponents of functionality, then integrating these components together. • However, softwaresecurity is a whole-systemproperty, and even if individualcomponents are secure, the combination of those components will not necessarily result in a measurablysecure software system (Karen Goertzel, 2008).

  44. Therefore, there is a perceptiontoday that agilemethods do not create secure code, and, on furtheranalysis, the perception is reality. • Due to the broadusage of agile methods this perceptionneeds to change. • But the only way the perception and reality can change is by actively taking steps to integratesecurity and dependability requirements into agile development methods (Microsoft, 2009).

  45. The aim of this research is to enhance the agile development method for building secure and dependablecloud-services ecosystem.

  46. Our possible contribution is the objective of our research: • To evaluatesecurity and dependability requirements dynamically in agile development method for building secure and dependable cloudservicesecosystem. • To identifyvulnerabilities in agile development method for building secure and dependable cloud-services ecosystem. • To avoidsecurity- and dependabilityerrors caused by service-developer mistakes in carrying out agile methods while building cloud-services ecosystem.

  47. The expectedresult from the firstobjective will be a dynamicallytested and evaluatedagile development method for building secure and dependable cloud services ecosystem. • After completingthe secondpart of our research we expect to identifyvulnerabilities in agile development approach in order to build secure and dependable cloud-services ecosystem. • By completingthe thirdpartof our research, we contribute to the enhancement of agile development approach through avoidingservice-developer mistakes.

  48. References • AlgirdasAvizienis, Fellow, IEEE, Jean-Claude Laprie, Brian Randell, & Carl Landwehr, Senior Member, IEEE. Basic Concepts and Taxonomy of Dependable and Secure Computing, 2004. • Ian Sommerville, Software Engineering Ninth Edition, Addison-Wesley, USA, 2011. • VidrohaDebroy and Andrew Restrepo. The Role of Software in Recent Catastrophic Accidents Department of Computer Science University of Texas at Dallas, IEEE, Annual Technology Report, 2009.

  49. Karen Mercedes Goertzel, Security in the Software Lifecycle, Department of Homeland Security, National Cyber Security Division, 2006. • Bryan Sullivan, Practices for Secure Development of Cloud Applications, Cloud Security Alliance, 2013.

  50. Thank You

More Related