FIT3173: Introduction to Software Security
Dr Fariha Department of Software Systems and Cybersecurity
Faculty of Information Technology
Copyright By PowCoder代写 加微信 powcoder
Learning Outcomes of This Lecture
• Put software security into perspective
• Define the concepts of vulnerability, threat, attack, and countermeasure • Understand why software security is important?
• Know why is it important to develop secure software from the start?
Computer Security
• Developers are concerned with correctness
• Software operates as intended, achieving desired behaviour
• Security is concerned with preventing undesired behaviour
• Considers an enemy/opponent/hacker/adversary who is maliciously trying to circumvent any protective measures you put in place
Undesired Behaviour • Stealing information:
• Corporate secrets (product plan, source code, IP, …)
• Personal information (health record, credit card number, address, …) • Modifying information or functionality:
• Destroying records (accounts, logs, files, …)
• Installing unwanted software (spyware, botnet client, ransomware, …) • Denying access:
• Unable to access a website, database, cloud drive…
Security Requirement • CIATriad:
• Confidentiality: information is not made available or disclosed to unauthorised
individuals, entities, or processes
• Integrity: software maintains and assures the accuracy and completeness of data over its entire life-cycle
• Availability: information must be available when it is needed • Assured protection on information, aka data
• Prevent unauthorised access, use, disclosure, disruption, modification, inspection, recording or destruction of information
Software – a program consists of data and instructions that manipulate the data
• Operating systems
• Stand-alone applications
• Web applications
• Server side: Gmail, Amazon, Online banking; Client side: Internet Explorer, Chrome, Firefox
• Mobile applications
• Embedded software (built into special-purpose hardware platforms)
• Smart/Chip cards (Bank debit/credit), Cars, TVs, Playstations, Cameras, • Software components
• Libraries, e.g., STL, OpenSSL; Frameworks, e.g., Apache Thrift, Tensorflow
Software Security
• Software security is about the secure design and implementation of
• Focus of study
• the code (secure implementation)
• the design (threat modelling)
• the workflow (secure software development cycle)
Where does software security fit?
Definitions of Common Terms • Threat
• A potential dangerous event that if occurs, breaches a desirable security property of a system, e.g., stealing/transferring money from a user’s online bank account
• Attacker
• A malicious entity with a motive to realise a threat on a system (i.e. attack the system), e.g., a bank theft criminal organisation
• Vulnerability
• A weakness in a system is exploitable by an attacker to realise a threat, e.g., an online bank server storing user passwords in a publicly accessible server
Why software security matters?
Heartbleed
• Buffer overflow bug in OpenSSL cryptographic library
• Allows attacker to read server private keys
• 17% of “secure” Internet servers worldwide estimated to be vulnerable (500 Million servers!!)
• Simple patch, but huge cost of patching all these servers
Target credit-card attacks
• 40 Million CC numbers stolen
• 90 lawsuits filed against Target
• Target spent $61 Million responding to breach
• Target profits fell in holiday period by 46%
Meltdown and spectre attacks
• Leverage side channels during execution of different application processes
Attacks on Bitcoin exchange
Australian Data Breach
• Personal information of federal public servants is exposed online by a third-party contractor
• A misconfigured Amazon S3 bucket.
Australian Data Breach Privacy Laws
• Australian Parliament enacted the Privacy Amendment (Notifiable Data Breaches) Bill 2016
• Australian organisations will now have to publicly disclose any data breaches.
• Penalties for non-disclosure range from $360,000 for responsible individuals to $1.8 million for organisations.
Why is software security a problem?
• Many vulnerabilities are being exploited
• Strong incentives for finding and exploiting vulnerabilities
• Financial (black market for vulnerabilities/malware)
• Large numbers of software vulnerabilities are being discovered
Political/Espionage (cyber warfare/intelligence)
• Made worse by increasing software
• Complexity (millions of code lines)
• Connectivity (more potential threats, zero-day vulnerabilities) • Extendability (online updates)
Published Vulnerabilities
Source: NIST National Vulnerability Database (NVD): http://web.nvd.nist.gov/
Vulnerability Type Changes
Source: NIST National Vulnerability Database (NVD): http://web.nvd.nist.gov/
Common Vulnerabilities • Implementation vulnerability (coding “bug”)
• Incorrect code implementation of the design functionality
• Easy to spot in code and detectable by automatic vulnerability scanning tools, e.g. buffer overflow, incorrect input validation
• Design vulnerability (insecure protocol)
• Flaw in the logic / protocol of the software, e.g., incorrect use of cryptography, unauthorised access to shared resources
• Detectable at the design stage from design specifications
• Not easy to automate detection (”correct” implementation)
• Sometimes a bad tradeoff of usability over security
Attackers: who are they?
• Criminals seeking gain or hiding criminal activities
• Insiders (employees) seeking revenge or financial gain
• Hackers driven by intellectual challenge
• Operators/users who make mistakes
• Organised terrorist groups or nation states trying to influence national policy
• Foreign agents seeking information for economic, political, or military purposes
Compromised software can lead to
• Loss of productivity, e.g., DoS attacks, loss of data
• Loss of trust: “It’s hard to build and easy to lose: a single violation of trust can destroy years of slowly accumulated credibility.” –
• Loss of money
• Loss of business due to loss of trust or competitive advantage • Expense of fixing the damage
• Expense of fixing security vulnerabilities
Secure Software
• Secure software continues to function correctly under malicious attacks – Graw
• When a program is executed, the state of a number of objects may change
• A program is said to be secure if new states of the objects modified by the program are collective in an acceptable (safe) state
• Safety: a good (acceptable) state can only be transformed into another good state, even in the presence of adversarial (intentionally malicious) user behaviour
Secure Software
• This has to happen every time when you use that software • DEPENDABILITY
• Or you need to guarantee that this will happen • RELIABILITY
• Dependability/Reliability: safety guaranteed every time the software is used
• SAFETY, DEPENDABILITY(RELIABILITY) ->Trustworthiness
• The reality is …
• Most technologists acknowledge this undertaking’s importance, but they need some help in understanding how to tackle it.
All of software is broken… there is an infinite source of bugs and flaws..
Considering Security
• The adversary will actively attempt to find vulnerabilities in rare feature interactions and edge cases
• For a typical user, (accidentally) finding a bug will result in a crash.
• An adversary will work to find a bug and exploit it to achieve her goals.
• An adversary is not a normal user!
• To ensure security, we must eliminate vulnerabilities and design flaws, and/or make them harder to exploit.
Recap: Unit Learning Outcomes
• This unit mainly focuses on secure software development • Design software systems that should be secure
• Write code that should be secure
• Review code that should be secure
• Test code that should be secure
Week 2 Buffer Overflow and Memory Exploits
• Understand the importance of buffer overflow attacks
• Describe and analyse how buffer overflow works
• Know how to prevent and mitigate buffer overflows
• Understand other known memory exploits, i.e., format string vulnerabilities, integer overflow, read overflow
Week 3 Memory Defence and Secure Implementation
• Understand the meaning of memory safety
• Analyse violations of temporal safety and spatial safety
• Understand the meaning of type safety
• Know how to adopt secure coding principles and rules in programming • Evaluate the vulnerability of command injection and race condition
Week 4 Common Cryptographic Pitfalls
• Understand how to use cryptographic hash functions properly in different application contexts
• Know the properties of poor and good random number generator
• Problematic software implementations that can and have been exploited to break cryptography solutions
• Learn modes of AES (Advanced Encryption Standard) and Padding Oracle Vulnerability
Week 5 Introduction to Intel Software Guard Extensions
• Know the threat models and security guarantees of Intel SGX
• Understand how SGX-based applications work
• Learn security services provided by SGX
• Employ the basic programming model of SGX
• Understand the methodology of side-channel attacks against SGX
• Case study (optional): advanced networked system built by SGX
• Lightbox: Full-stack Protected Stateful Middlebox at Lightning Speed
Week 6 Security Testing
• Know what is security testing and why is it different from functionality testing?
• Understand security testing approaches
• Risk-based security testing
• Source code review (i.e. white-box testing)
• Penetration testing (i.e. black-box testing) and Grey-box testing
• Know how to use testing tools
• Test specific types of applications
• Develop security test plans
Week 7 Web Application Security I
• Review the basics of Web
• Understand the significance of web security and threats in Web
• Evaluate the security of web cookies and understand session hijacking • Know how SQL injection works
• Analyse the vulnerability of second-order SQL injection
• Know the countermeasures against SQL injection
Week 8 Web Application Security I
• Understand How the Cross-Site Request Forgery (CSRF) attack works • Identify CSRF vulnerability in real-world web applications
• Know how to apply defences against CSRF
• Understand how the cross-site scripting (XSS) attack works
• Identify XSS vulnerability in real-world web applications • Know how to apply defences against XSS
Week 10 Secure Software Development & Threat Modelling
• Understand secure software development Lifecycle process
• Know the definition of threat modelling and how to apply threat modelling • Identify threats using data flow diagram
• Analyse design flaws and code errors during design and implementation • Apply secure software development principles
Week 11 Trusted Execution environments: beyond Intel SGX
• The overall concept of trusted computing
• Trusted execution environment beyond intel processors
• The ARM trustzone
• Security Tokens, Trust on the embedded systems domain
• Week 9 special lecture on IoT and software security • Week 12 Software security in a nutshell (unit review)
Thank you all.. Q/A?
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com