- The application is designed to resist attacks.
- The software is configured to resist attacks.
Three controls to enhance system security
- Vulnerability avoidance
- Attack detection and neutralization
- Exposure limitation and recovery
Stages of preliminary risk assessment
- Asset value assessment/exposure assessment
- Threat identification/attack assessment
- Control identification
- Security requirements definition
- Primarily a human and social issue
Security trade off
- More secure system, less usable
Protection issues in system design
- How should the system be organized so that critical assets can be protected against an external attack?
Distribution issues in system design
- How should system assets be distributed so that the effects of a successful attack are minimized?
Design guidelines for secure systems engineering:
- Base security decisions on an explicit security policy.
- Avoid a single point of failure.
- Use redundancy and diversity to reduce risk.
- Validate all inputs.
- The system is analyzed against known types of attack.
- An external team is contracted to discover security flaws in a system.
- Tools are used to exhaustively test some features of a system, such as the strength of passwords.
- A system is formally verified against a formal security specification.
- Allows attacker to gain access to an asset
- Make part or all of a system unavailable
- Attacker tampers with a system asset
- Insert false information in the system