CIS 6614 meeting -*- Outline -*- * Introduction ** Who introduce self and meet everyone have them write names on board ------------------------------------------ Instructor: Gary T. Leavens HEC 329 Leavens@ucf.edu 407-823-4758 All the course materials are on Webcourses@UCF Office Hours: also on Zoom and by appointment ------------------------------------------ handouts: course syllabus page up to schedule ** subject matter *** what is security? Q: Did you lock your apartment when you left this morning? Your car? Q: Do you use the same key for your apartment and your car? Q: Do you use a password manager to track your online passwords? using the same password across multiple systems is a common problem according to "The Art of Penetration Testing" Q: Do you use two-factor authentication? Q: What is some software that you rely on in your daily life? Q: Is there software that UCF relies on? NASA? Q: What does it mean for software to be secure? ... traditionally: Confidentiality Integrity Authentication Anything else? Yes: privacy, enforcement of policies A common checklist to prevent is STRIDE: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service (see https://owasp.org/www-pdf-archive/STRIDE_Reference_Sheets.pdf) Q: What is a good everyday analogy for security? ... warfare: it also has human/creative adversaries and attacks prisons: layers of defenses, integrity and authentication are key immune system: adaptive defense *** security bugs Q: Is there a difference between (normal) bugs and security bugs? ... security bugs may be more severe security bugs often cross layers To prevent security bugs, can't trust the user, unlike conventional bugs. Worse, attackers will be adversarial: actively trying to subver the software. Q: What are some false reasons people have for feeling secure? ... perhaps they don't believe they will be a target as they don't own anything valuable or keep anything valuable online But: is your reputation valuable? Are your friendhships valuable? *** approaches to preventing security bugs Q: Is it possible to completely prevent security bugs? ... unknown, but most people believe it isn't anecdote: safe in Hollywood home installed in wall Q: What do analgous situations in everyday life teach us? ... the military uses defense in depth (e.g., military forts like Constantinople, St. Augustine) the body's immune system uses an adaptive defense Q: When is the best, least expensive, time to find and prevent security bugs? ... before the software is written (i.e., during architecture or design) certainly before the software goes into use (e.g., before a release) Q: What are worse times to prevent bugs and why are they worse? ... after the software is designed (changing the design may be costly/hard) after the software is in use (getting clients to change it is costly/hard and can damage reputation) Q: What approaches to preventing security problems are in use? ... - code reviews - penetration testing - checking for known problems - design system to minimize damage when security bugs are exploited (sandboxes, privilage separation) Q: How much do these approaches cost? ... code review could take several hours of expert developer time Q: Which approaches give assurance that no new security problems will happen in the future? ... None of these Q: Why is that? ... They don't handle new attacks (zero-day attacks) They are subject to human frailty (lack of attention, etc.) They rely on people's experience (only) Q: Which of these approaches prevents bugs at the best time? ... none, because they don't completey prevent bugs! but they do try to prevent them at a good time (before deployment) ** Plan of course (syllabus) - overview - historical security bugs - threat modeling - mitigation - program analysis = static analysis - symbolic execution - experimental evaluation of tools - fuzz testing - taint analysis and information flow security - memory attacks - memory attack defenses - reference monitors (CFI, XFI) - web attacks - XSS and CSP - injection attacks - semantic logic bugs in web services - use of Alloy to model concurent systems and protocols - project presentations summary and review at the end Q: Would you make any changes to the plan? ** Objectives *** summary In one sentence, the main objective is that you will be able to recommend ways to improve an enterprise's software system safety. *** details **** Objectives ------------------------------------------ OBJECTIVES - [Strategize] plan a strategy to to assure software safety - [Design] Design a set of mitigations to the likely and important threats - [Implement] Implement a tool to support a secure development process - [Evaluate] Evaluate the adequacy of a threat model and mitigations ------------------------------------------ **** Outcomes ------------------------------------------ OUTCOMES - [Plan] plan a strategy for protecting a software system against important threats - [Architect] create a plan for processes and tools that will protect a system - [Judge] Give well-reasoned critical judgment about strategy, architencture, tool implementations ------------------------------------------ ** How I'll run the course *** Grading ------------------------------------------ GRADING Final Grade based on: Homework: 45% Project: 55% ------------------------------------------ No exams! There will be 4-6 homeworks *** Reduced Seat Time Section ------------------------------------------ COURSE OPERATION Section 0R01, mode RS: 1. Review the material before meetings On webcourses in the Modules Readings Videos Do the: Quizzes Assignments (some are discussions) 2. Come to class with questions 3. Discuss and think ------------------------------------------ *** Web section ------------------------------------------ COURSE OPERATION Online seciton 0W61, mode W: 1. Follow the Webcourses modules A module every week Readings Videos Do the: Quizzes Assignments (some are discussions) 2. Ask questions: Discussions Office Hours: HEC 329 and Zoom Email or Webcourses messages ------------------------------------------ pace: we'll try to uncover and explore carefully want deep understanding of that material (semantics) for homework, we'll be flexible, *** red tape prerequisites: CIS 4615 (Secure Software Development and Assurance) No textbook required, although I recommend 2 on the about page (mostly for background). ------------------------------------------ TEXTBOOKS RECOMMENDED Matt Bishop. Computer Security: Art and Science. Addison-Wesley Professional, 2002. M. Howard, D. LeBlanc, and J. Viega. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. McGraw-Hill, 2010. ISBN: 978-0-07-162676-7. ------------------------------------------ We will also have some readings. ** summary Q: any other questions about the course?