复旦大学：《信息安全》教学课件_12-13 Software Security

Information Security 12 Software Security Chapter 3 in security in computing Charles p pfleeger, Shari Lawrence pfleeger Pearson edition 復里大软件学院 LiT

1 LiJT Information Security 12 Software Security Chapter 3 in Security in Computing, Charles P. Pfleeger, Shari Lawrence Pfleeger, Pearson Edition

Why Software? Why is software as important to security as crypto, access control and protocols? Virtually all of information security is implemented in software If your software is subject to attack, your security is broken Regardless of strength of crypto access control or protocols Software is a poor foundation for security 復里大软件学院 LiT

2 LiJT Why Software? • Why is software as important to security as crypto, access control and protocols? • Virtually all of information security is implemented in software • If your software is subject to attack, your security is broken – Regardless of strength of crypto, access control or protocols • Software is a poor foundation for security

What does it mean? secure program: means different things to different people is it secure if? takes too long to break through security controls runs for a long time without failure t conforms to specification free from all faults 復里大软件学院 LiT

3 LiJT What does it mean? • “secure” program: means different things to different people • is it secure if ? – takes too long to break through security controls – runs for a long time without failure – it conforms to specification – free from all faults

ete Fixing Faults - Testing · Which is better: finding and fixing 20 faults in a module? finding and fixing 100 faults 復里大软件学院 LiT

4 LiJT Fixing Faults - Testing • which is better: – finding and fixing 20 faults in a module? – finding and fixing 100 faults ' ' ' ?

Fixing Faults · Which is better finding and fixing 20 faults in a module? finding and fixing 100 faults finding 100 could mean you have better testing methods OR code is really bad 100 were just the tip of the iceberg software testing literature finding many errors early probably find many more 5 復里大软件学院 LiT

5 LiJT Fixing Faults • which is better: – finding and fixing 20 faults in a module? – finding and fixing 100 faults ' ' ' ? • finding 100 could mean – you have better testing methods – OR • code is really bad • 100 were just the tip of the iceberg – software testing literature: • finding many errors early → probably find many more

foti Fixing Faults: penetrate and patch think of security after program has been broken release a patch why is this bad? 6 復里大软件学院 LiT

6 LiJT Fixing Faults: penetrate and patch • think of security after program has been broken • release a patch • why is this bad?

foti Fixing Faults: penetrate and patch think of security after program has been broken release a patch why is this bad? 入侵 eg Unicode MS00-057 漏洞漏洞 补丁 发现分析 发布 时间 復里大软件学院 LiT

7 LiJT Fixing Faults: penetrate and patch • think of security after program has been broken • release a patch • why is this bad? • eg. Unicode,MS00-057 入 侵 时间 漏洞发现 漏洞分析 补丁发布

oO Fixing Faults: penetrate and patch why is this bad? product was broken in the first place developers can only fix problems that they know about patches often only fix symptom they re not cure people don t bother applying the patches patches can have holes patches tell the bad guys where the problems are might affect program performance or limit functionality more expensive than making it secure from the beginning 8 復里大软件学院 LiT

8 LiJT • why is this bad? – product was broken in the first place – developers can only fix problems that they know about – patches often only fix symptom. they're not cure – people don't bother applying the patches – patches can have holes – patches tell the bad guys where the problems are – might affect program performance or limit functionality – more expensive than making it secure from the beginning Fixing Faults: penetrate and patch

Software Issues Normal users Attackers Find bugs and flaws Actively look for bugs by accident and flaws · Hate bad software · Like bad software but must learn to and try to make it live with it misbehave · Must make bad Attack systems thru software work bad software 9 復里大软件学院 LiT

9 LiJT Software Issues Attackers • Actively look for bugs and flaws • Like bad software … • …and try to make it misbehave • Attack systems thru bad software “Normal ” users • Find bugs and flaws by accident • Hate bad software … • …but must learn to live with it • Must make bad software work

Complexity Complexity is the enemy of security Paul Kocher, Cryptography Research, Inc system Lines of code loc) Netscape 17,000,000 Space shuttle 10.000.000 Linux 1500.000 Windows XP 40,000.000 Boeing 777 7,000.000 a new car contains more loc than was required to land the apollo astronauts on the moon 10 復里大软件学院 LiT

10 LiJT Complexity • “Complexity is the enemy of security”, Paul Kocher, Cryptography Research, Inc. Netscape 17,000,000 Space shuttle 10,000,000 Linux 1,500,000 Windows XP 40,000,000 Boeing 777 7,000,000 system Lines of code (LOC) • A new car contains more LOC than was required to land the Apollo astronauts on the moon