Exercise #23: Program Slicing Review

Slide Note
Embed
Share

Explore the necessity of multi-function analysis in real-world programs. Consider human factors and security processes for software development. Learn about retrofitted security solutions and vulnerabilities in practice.

marija
marija Follow

Uploaded on Mar 06, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. EXERCISE #23 PROGRAM SLICING REVIEW Write your name and answer the following on a piece of paper Draw the forward slice from line 2 in following program: 1

  2. ADMINISTRIVIA AND ANNOUNCEMENTS

  3. SSDLC EECS 677: Software Security Evaluation Drew Davidson

  4. 4 CLASS PROGRESS WE VE EXPLORED FORMAL TECHNIQUES TO GUARANTEE ABSENCE OF CERTAIN EXPLOITS In practice, these tools are part of a larger discipline of secure software development We ll (briefly) explore some of these concepts

  5. 5 LAST TIME: PROGRAM SLICING REVIEW: LAST LECTURE EXTRACTASUB-PROGRAMOFINTEREST BASEDONONE (ORMORE) STATEMENTS Forward slice Capture all code influenced by a given statement Backwards slide Capture all code that influences a given statement

  6. 6 OVERVIEW WE VE SEEN THE NECESSITY OF MULTI- FUNCTION ANALYSIS IN REAL-WORLD PROGRAMS TIME TO CONSIDER HOW IT IS DONE

  7. LECTURE OUTLINE Human Factors of Security Security as Process The Secure Software Development Lifecycle

  8. 8 SECURING SOFTWARE IS HARD! HUMAN FACTORS OF SECURITY SURPRISING THREAT MODELS SECURITY-DEFICIENTTOOLING

  9. 9 BOLT-ON SECURITY LIFECYCLES ATTEMPTINGTORETROFITASECURITY SOLUTIONONTOALEGACYSYSTEM Sometimes necessary Ideally avoided

  10. 10 VULNERABILITIES IN THE WILD HUMAN FACTORS OF SECURITY

  11. 11 VULNERABILITIES IN THE WILD HUMAN FACTORS OF SECURITY

  12. LECTURE OUTLINE Human Factors of Security Security as Process The Secure Software Development Lifecycle

  13. 13 PROCESS IS PROGRESS SECURITY AS PROCESS

  14. 14 CORPORATE SNAKE OIL SECURITY AS PROCESS

  15. 15 LIFECYCLES

  16. 16 SECURITY VS USABILITY SECURITY AS PROCESS A FUNDAMENTALTENSION Occurs within the implementation of software, occurs within the processes guiding software development CONSIDERWHATWEOWEUSERS Negative externalities

  17. LECTURE OUTLINE Human Factors of Security Security as Process The Secure Software Development Lifecycle

  18. 18 THE REGULAR SDLC LIFECYCLES SOFTWARE DEVELOPMENT LIFE CYCLE Requirement analysis Design Development Testing and verification Deployment Maintenance and evolution The circle of (software) life

  19. 19 AGILE DEVELOPMENT SDLC: LIFECYCLES

  20. 20 RISK ASSESSMENT AND THREAT MODELS THE SSDLC COMPONENTS COMPANIONTO REQUIREMENT PHASE Functional requirement: User must verify their own contact information Security consideration: Mechanism misuse - Users may attempt to access the contact information of others - Users may attempt to subvert the verification mechanism for harassment

  21. 21 SECURITY DESIGN REVIEW THE SSDLC COMPONENTS COMPANIONTOTHE DESIGN PHASE Cancel my account Functional requirement: Page should retrieve user s name, email, etc. from customer_info table in database Security concern: Verify that user has a valid session token before retrieving information from database Destroy the database CONSIDER SECURITY DESIGN PRINCIPLES Principle of least privilege: Do entities in the system have exactly the privileges they need? Bad design for a button panel

  22. 22 (AUTOMATED) CODE ANALYSIS THE SSDLC COMPONENTS COMPANIONTO DEVELOPMENT Apply best practices - Accessing databases via read-only parameterized queries - Validating user queries before processing them - Chaos Engineering Secure programming - Assume a function might be misused - Check arguments for reasonable values - Canonicalize data

  23. 23 SECURITY TESTING AND CODE REVIEW THE SSDLC COMPONENTS COMPANIONTO VERIFICATION Ensure proper use of APIs - Crypto library invocations - Holistic audits Test the test suite: - Evaluate the coverage of your suite - Ensure treatment of critical functionality Value automation: - Repeatability / reproducibility - Static analysis! - Monkey testing

  24. 24 SECURITY ASSESSMENT AND CONFIGURATION THE SSDLC COMPONENTS COMPANIONTO MAINTENANCE AND EVOLUTION Logging Capture the behavior of the system (expected AND unexpected) Metrics Articulate needs of the system, measure expectations against reality Auditing Periodic retrospective analysis over codebase and configuration

  25. WRAP-UP Human Factors of Security Security as Process The Secure Software Development Lifecycle

Related


Network Slicing with OAI 5G CN Workshop Overview

Network Slicing with OAI 5G CN Workshop Overview

justice
Understanding Toolpaths and Slicing in 3D Printing

Understanding Toolpaths and Slicing in 3D Printing

aren677
Exercise Prescription Certificate Course 2014/15 Session 4: Exercise Recommendations for Persons with Special Needs & Motivating Your Clients

Exercise Prescription Certificate Course 2014/15 Session 4: Exercise Recommendations for Persons with Special Needs & Motivating Your Clients

male_mey
R7 Network Slicing Model Proposal and Structure Overview

R7 Network Slicing Model Proposal and Structure Overview

elysia
Introduction to Network Slicing in 5G Workshop

Introduction to Network Slicing in 5G Workshop

levon
Overview of Network Slicing and Features in 3GPP 5G Use Case Team

Overview of Network Slicing and Features in 3GPP 5G Use Case Team

banks
Understanding String Indexing and Slicing in Python

Understanding String Indexing and Slicing in Python

naih_86
Hazmat Release Reunification Tabletop Exercise Overview

Hazmat Release Reunification Tabletop Exercise Overview

zenon
Understanding Exercise Physiology Fundamentals

Understanding Exercise Physiology Fundamentals

rave_496
Campus Resilience Program Exercise Starter Kit - Hurricane Tabletop Exercise

Campus Resilience Program Exercise Starter Kit - Hurricane Tabletop Exercise

aire
EXERCISE ADDICTION AND DISORDERED EATING IN ADOLESCENTS

EXERCISE ADDICTION AND DISORDERED EATING IN ADOLESCENTS

bodhi
Senior Wellness Presentation: Managing Diabetes Through Exercise

Senior Wellness Presentation: Managing Diabetes Through Exercise

aubin
Principles and Frameworks for Exercise Prescription Certificate Course Session 2

Principles and Frameworks for Exercise Prescription Certificate Course Session 2

holt
Threat Assessment Tabletop Exercise Overview

Threat Assessment Tabletop Exercise Overview

snyder_m
Proposal for Enhancing Security in RRC Connection Setup Procedure

Proposal for Enhancing Security in RRC Connection Setup Procedure

alby
Network Slicing Joint Proposal and Management Functions Overview

Network Slicing Joint Proposal and Management Functions Overview

hamza
Understanding Strings in Python Programming

Understanding Strings in Python Programming

kenna
Understanding 5G RAN Network Slicing and Architecture

Understanding 5G RAN Network Slicing and Architecture

murphycase
Exploring Network Slicing in Future 5G Networks

Exploring Network Slicing in Future 5G Networks

lad_yah
The Design and Implementation of the Warp Transactional Filesystem

The Design and Implementation of the Warp Transactional Filesystem

genz_r
Campus Resilience Program Exercise Starter Kit - Active Shooter Tabletop Exercise

Campus Resilience Program Exercise Starter Kit - Active Shooter Tabletop Exercise

kenn_1
Exercise Evaluation Training

Exercise Evaluation Training

teddy
Impact of Stress and Exercise on Body Weight and Food Intake in Rats

Impact of Stress and Exercise on Body Weight and Food Intake in Rats

zechariah
High School Tabletop Exercise Briefing for Active Shooter Situation

High School Tabletop Exercise Briefing for Active Shooter Situation

paj

More Related Content