Chapter 2 - Secure Software Requirements

Question 1

What quality attributes should secure software have?

Answer 1

Reliability
Resiliency
Recoverability

Question 2

What is Reliability?

Answer 2

An attribute of secure software. The software functions as it is expected to.

Question 3

What is Resiliency?

Answer 3

An attribute of secure software. The software doesn’t violate any security policy and can withstand the actions of threat agents and user errors.

Question 4

What is Recoverability?

Answer 4

The software can restore operations to what the business expects by containing and limiting damage caused by threats that materialize.

Question 5

What is a RTM?

Answer 5

Requirements Traceability Matrix

Question 6

What are some internal sources of software requirements?

Answer 6

Policies
Standards
Guidelines
Patterns
Practices

Question 7

What are some external sources of software requirements?

Answer 7

Regulations
Compliance initiatives
Geographical requirements

Question 8

Who is ultimately responsible for software risk?

Answer 8

The business owner.

Question 9

What are confidentiality requirements?

Answer 9

Those that address protection against disclosure of data or information that are personal or sensitive to unauthorized individuals.

Question 10

What are the two broad data classifications?

Answer 10

Public and non-public

Question 11

What is another name for public data?

Answer 11

`Directory information

Question 12

What are the most common forms of covert secret writing?

Answer 12

Steganography and digital watermarking.

Question 13

What is masking?

Answer 13

A weak form of confidentiality protection in which original information is askterisked or Xed out.

Question 14

What are the three methods for which confidentiality requirements need to be developed?

Answer 14

In transit
In processing
In storage

Question 15

What are integrity requirements?

Answer 15

Requirements that address reliability assurance and prevention of unauthorized modification.

Question 16

What do integrity controls assure?

Answer 16

Reliability (the software does what it should), accuracy, completeness, and consistency.

Question 17

What is even parity?

Answer 17

Addition of a parity bit to data such that there is an even number of 1 bits in the data.

Question 18

What is odd parity?

Answer 18

Addition of a parity bit to data such that there is an odd number of 1 bits in the data.

Question 19

What is the strongest form of data integrity?

Answer 19

Hashing.

Question 20

What are availability requirements?

Answer 20

those software requirements that ensure the protection against destruction of the software system and/or data, thereby assisting in the prevention against DoS to authorized users.

Question 21

What are availability requirements?

Answer 21

those software requirements that ensure the protection against destruction of the software system and/or data, thereby assisting in the prevention against DoS to authorized users.

Question 22

What is MTD?

Answer 22

Maximum Tolerable Downtime

Question 23

What is RTO?

Answer 23

Recovery Time Objective

RTO is the amount of time by which the system or software needs to be restored back to the expected state of business operations for authorized business users when it goes down.

Question 24

Where should MTD and RTO be stated?

Answer 24

The SLA (Service Level Agreeemnt)

Question 25

What is BIA?

Answer 25

Business Impact Analysis. A qualitative or quantitiative analysis of the cost of failure of the software to operate. This can include loss of credibility, confidence, or brand reputation.

Question 26

What is a single point of failure?

Answer 26

Having no redundancy capabilities

Question 27

What is replication?

Answer 27

Master/slave or primary/secondary scheme in which there is one master or primary node and updates are propagated to the slaves or secondary node either actively or passively.

Question 28

What is active/active replication?

Answer 28

Active/active replication implies that updates are made to both the master and slave systems at the same time.

Question 29

What is active/passive replication?

Answer 29

the updates are made to the master node first and then the replicas are pushed the changes subsequently.

Question 30

What is authentication?

Answer 30

Validating an entity's claim. Typically identity claims or credentials are validated against a trusted source.

Question 31

What are the most common forms of authentication?

Answer 31

``` Anonymous Basic Digest Integrated Client certificates Forms Tokens Smart cards Biometrics ```

Question 32

What is anonymous authentication?

Answer 32

No prompting for credentials. Implies unlinkability (no way to link a user or system to their actions). Generally avoid unless there's a reason to have it.

Question 33

What is Basic Authentication

Answer 33

HTTP BasicAuth. Credentials are transmitted in base 64. Avoid, because easily decoded.

Question 34

What is Digest Authentication?

Answer 34

Challenge/response. Does not send credentials in clear text, but sends a hash of the original credential. Can't be asily spoofed.

Question 35

What is Integrated Authentication?

Answer 35

NTLM authentiation, or NT challenge/response.

Question 36

What is Client Certificate based authentication?

Answer 36

X509 client certificates.

Question 37

What is Forms authentication?

Answer 37

Web forms. Back end can be anything.

Question 38

What is token-based authentication?

Answer 38

Issue a token upon verification. Particularly useful in SSO.

Question 39

What is smart card based authentication?

Answer 39

Smart cards provide ownership-based (something you have) authentication.

Question 40

What is biometric authentication?

Answer 40

This form of authentication uses biological characteristics (something you are) for providing the identity’s credentials. Biological features such as retinal blood vessel patterns, facial features, and fingerprints are used for identity verification purposes.

Question 41

What is a Type I error?

Answer 41

False rejection. A legitimate user/enrollee is denied access.

Question 42

What is a Type II error?

Answer 42

False acceptance. Someone who isn't a legitimate user is granted access.

Question 43

What is CER?

Answer 43

Crossover Error Rate. The point where the false rejection rate equals the false acceptance rate (FRR == FAR).

Question 44

What is a subject?

Answer 44

An entity requesting access to an object.

Question 45

What is an object?

Answer 45

Something that will be acted upon by a subject.

Question 46

What is CRUD?

Answer 46

Create, Read, Update, Delete. Common actions subects take upon objects.

Question 47

What are the types of access control models?

Answer 47

``` DAC NDAC MAC RBAC Resource Based Access Control ```

Question 48

What is DAC

Answer 48

Discretionary Access Control. The owner of the object decides who gets access.

Question 49

What is NDAC?

Answer 49

Like DAC, in that access to objects is based on the subject, but it is unavoidably imposed on all subjects. Doesn't rely on the subject complying with security policies.

Question 50

What is MAC?

Answer 50

Restricted access to objects based on the security classification of the object. Sensitivity is represented by a label. AKA, clearance model. Commonly implemented as "Rule based access control"

Question 51

What is RoleBAC?

Answer 51

Role Based Access Control. Access to objects by job function. Permissions are never assigned to users, only to roles.

Question 52

What is a Role Hierarchy?

Answer 52

Roles organized is a parent-child relationship.

Question 53

What is the difference between a role and a group?

Answer 53

A group is a collection of users, not a collection of permissions. A role is a common job where everybody gets the same permissions.

Question 54

What is ResourceBAC?

Answer 54

Resource Based Access Control Works when users may not be known in advance. Delegation. Kerberos works this way. Successful authentication gets you a ticket that is delegated the privileges and rights to invoke downstream servies. Trusted Subsystem Model

Question 55

What is the Trusted Subsystem Model

Answer 55

access request decisions are granted based on the identity of a resource that is trusted instead of user identities.. Primarily Web applications. User logs into a web application, which may have permission to access a database.

Question 56

What are the minimum requirements for auditing?

Answer 56

Identify of the subject Action (what they did) Object on which the action was performed Timestamp

Question 57

What does session management do for us?

Answer 57

Relieves the obligation to authenticate upon each access requiest.

Question 58

What risk does session management post?

Answer 58

Session hijacking.

Question 59

What is the problem with verbose error message?

Answer 59

Information disclosure.

Question 60

What is a TOC/TOU attack?

Answer 60

Race conditions, basically. TOC = Time of Check. TOU = Time Of Use.

Question 61

What properties need to be fulfilled for a race condition to occur?

Answer 61

Concurrency, shared object, and a change of state.

Question 62

What is the concurrency property?

Answer 62

At least two threads must be executing concurrently.

Question 63

What is the shared object property?

Answer 63

Two concurrent threads must be accessing the same object.

Question 64

What is the change of state property?

Answer 64

At least one of the two threads accessing the same object must alter the state of the object.

Question 65

How do you prevent race conditions?

Answer 65

Avoid race windows Atomic operations Mutual Exclusion

Question 66

What is a race window?

Answer 66

the window of opportunity when two concurrent threads race against one another trying to alter the same object

Question 67

What are atomic operations?

Answer 67

the entire process is completed using a single flow of control and that concurrent threads or control flow against the same object is disallowed.

Question 68

What are mutual exclusions?

Answer 68

Object locking to prevent multiple threads from accessing the same resource.

Question 69

What should you determine during the requirements gathering phase for archive information?

Answer 69

Location, duration, format.

Question 70

What is Canonicalization?

Answer 70

the process of converting data that has more than one possible representation into a standard canonical form.

Question 71

What is PNE?

Answer 71

Protection Needs Elicitation Determination of security requirements.

Question 72

What are the steps in PNE?

Answer 72

1. Engage the customer 2. Information management modeling 3. Identify least privilege applications 4. Conduct threat modeling and analysis 5. Prioritize based on customer needs 6. Develop information protection policy 7 Seek customer acceptance

Question 73

What methods can be used for PNE?

Answer 73

``` Brainstorming Surveys and Questionanaires Policy decomposition Data classification Subject-object matrix use and misuse case modelling ```

Question 74

What is brainstorming?

Answer 74

An unstructured, quick method to glean security requirements. Characterized by just recording ideas, not challenging them.

Question 75

What is policy decomposition?

Answer 75

Breaking high level mandates into detailed security requirements.

Question 76

What are the steps in the policy decomposition process?

Answer 76

``` Policy documents (internal external) to High level objectives to Security requirements to Software security requirements ```

Question 77

What is data classification?

Answer 77

The conscious effort to assign a level of sensitivity to data assets based on potential impact upon disclosure, alteration, or destruction.

Question 78

What is the objective of data classification?

Answer 78

To lwoer hte cost of data protection and maximize the return on investment where data are protected.

Question 79

In data classification, what tasks is the business or data owner responsible for?

Answer 79

Ensure that information assets are appropriately classified Validate that security controls are implemented as needed by reviewing the classification periodically. Define authorized lists of users and access criteria Ensure appropriate backup and recovery mechanisms are in place. Delegate as needed classification responsibiilty, access approval, backup, and recovery to a data custodian.

Question 80

In data classification, what tasks is the business or data custodian responsible for?

Answer 80

* Perform the information classification exercise * Perform backup and recovery * Ensure records retention is in place

Question 81

What is ILM

Answer 81

Information Lifecycle Management.

Question 82

What is ILM

Answer 82

Information Lifecycle Management.

Question 83

What is a Subject-Object Matrix?

Answer 83

A Subject–Object Matrix is used to identify allowable actions between subjects and objects based on use cases. A Subject–Object Matrix is a two-dimensional representation of roles and components. The subjects or roles are listed across the columns and the objects or components are listed down the rows. A Subject–Object Matrix is a very effective tool to generate misuse cases. Once a Subject–Object Matrix is generated, by inversing the allowable actions captured in the Subject–Object Matrix, one can determine threats, which, in turn, can be used to determine security requirements.

Question 84

What is SQUARE?

Answer 84

Security Quality Requirements Engineering methodology. 9 steps that generate a final deliverable of categorized and prioritized security requirements

Question 85

What is a RTM?

Answer 85

Requirements Traceability Matrix. final deliverable of categorized and prioritized security requirements

Question 86

What are the benefits of a RTM?

Answer 86

Avoid scope creep Assure design satisfies the specified security requirements Ensures implementation doesn't deviate from secure design Provides a basis for defining test cases