Engineering Secure Software

The course takes a software development perspective to the challenges of engineering software systems that are secure. This course addresses design and implementation issues critical to producing secure software systems. The course deals with the question of how to make the requirements for confidentiality, integrity, and availability integral to the software development process from requirements gathering to design, development, configuration, deployment, and ongoing maintenance.

Many security problems are caused by bad software practices that leave software vulnerable to attack. Other software vulnerabilities are caused by deficiencies in modeling of security requirements, architecture, and design issues. The class will cover emerging software life-cycle practices that address both categories of security problems in a unified way.

The class will emphasize on:

1. Computer security fundamentals
   
   
2. New methods for gathering and formalizing security requirements
   
   
3. Advanced techniques for mapping security requirements into design specifications
   
   
4. Secure software implementation, deployment and ongoing management.
   

PRE-REQUISTES

Fundementals of Software Engineering, UML, Data Structures, experience using the Java programming language. The programming project will be in Java, using J2EE techniques.

BOOK

Reading material will be supplied in class

PROJECT

The objective is to apply security-engineering techniques to the electronic voting problem with special emphasis on e-voting in the state of Massachusetts. The students are tasked to use techniques they learned in class to evolve an e-voting software framework that I am developing. The challenge is two fold: 1) How to develop e-vote software that is secure, safe, and survivable? 2) How to deliver the required level of trust and assurance in the system?

The projects are team oriented and the students are expected to be on campus to attend team meetings.

GRADING

Analysis and design project (%25), Development project (%20), Presentations (%25), Final exam (%25)

OUTLINE

1. Defining computer security, the principles of secure software, trusted computing base, etc.
   
   
2. The Access Control Model. Background and history, the discretionary access control model defined data access vs. process. Access control mechanisms are based on ACM. These include access control lists and capabilities.
   
   
3. Security policy formation. Confidentiality, integrity, hybrid policy models, and security policy connection to trust.
   
   
4. Role-based Security as an alternative to access control mechanisms, its definition, relationship to other security models, and its application in implementing secure software systems.
   
   
5. Understanding and engineering security requirements. Asset-based and risk driven approaches to security requirements. Risk and vulnerability analysis, functional vs nonfunctional requirements and connection to security requirements, unified approaches to security, safety, and survivability of systems.
   
   
6. System and software architecture. A unified way of mapping security and other nonfunctional requirements to software components, which are executable and aligned with security requirements.
   
   
7. Identification and authentication. Issues in implementing an Identification and authentication subsystem.
   
   
8. Security development frameworks. Examples include the Java Authentication and Authorization Security Model. Capability-based security frameworks. Leakage of rights issues are addressed.
   
   
9. Software Assurance Defined. Special emphasis is given to trust issues vis-à-vis the e-voting problem.
   
   
10. Auditing techniques with applications to the non-repudiation problems.
    
    
11. Managing complexity in integrating security in enterprise-scale software