Developing secure software

Building secure software requires a well-selected combination of security testing techniques during the whole software development lifecycle.     

A framework for secure execution of software

The protection of software applications is one of the most important problems to solve in information security because it has a crucial effect on other security issues. We can find in the literature many research initiatives that have tried to solve this problem, many of them based on the use of tamperproof hardware tokens. This type of solution depends on two basic premises: (i) increasing the physical security by using tamperproof devices and (ii) increasing the complexity of the analysis of the software. The first premise is reasonable. The second one is certainly related to the first one. In fact, its main goal is that the pirate user not be able to modify the software to bypass an operation that is crucial: checking the presence of the token. However, experience shows that the second premise is not realistic because analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis process are not enough to discourage an attacker with average resources.In this paper, we review the most relevant works related to software protection, present a taxonomy of those works, and, most important, introduce a new and robust software protection scheme. This solution, called SmartProt, is based on the use of smart cards and cryptographic techniques, and its security relies only on the first of the premises given above; that is, SmartProt has been designed to avoid attacks based on code analysis and software modification. The entire system is described following a lifecycle approach, explaining in detail the card setup, production, authorization, and execution phases. We also present some interesting applications of SmartProt as well as the protocols developed to manage licences. Finally, we provide an analysis of its implementation details.     

Building secure software: better than protecting bad software

Software is the biggest problem in computer security today. Most organizations invest in security by buying and maintaining a firewall, but they go on to let anybody access multiple Internet-enabled applications through that firewall. These applications are often remotely exploitable, rendering the firewall impotent (not to mention the fact that the firewall is often a piece of fallible software itself). Real attackers exploit software.     

Design notations for secure software: a systematic literature review

In the past 10 years, the research community has produced a significant number of design notations to represent security properties and concepts in a design artifact. These notations are aimed at documenting and analyzing security in a software design model. The fragmentation of the research space, however, has resulted in a complex tangle of different techniques. Hence, practitioners are confronted with the challenging task of scouting the right approach from a multitude of proposals. Similarly, it is hard for researchers to keep track of the synergies among the existing notations, in order to identify the existing opportunities for original contributions. This paper presents a systematic literature review that inventorizes the existing notations and provides an in-depth, comparative analysis for each.     

A tour of secure software engineering solutions for connected vehicles

The growing number of vehicles daily moving on roads increases the need of protecting the safety and security of passengers, pedestrians, and vehicles themselves. This need is intensified when considering the pervasive introduction of Information and Communication Technologies (ICT) systems into modern vehicles, because this makes such vehicles potentially vulnerable from the point of view of security. The convergence of safety and security requirements is one of the main outstanding research challenges in software-intensive systems. This work reviews existing methodologies and solutions addressing security issues in the automotive domain with a focus on the integration between safety and security aspects. In particular, we identify the main security issues with vehicular communication technologies and existing gaps between state-of-the-art methodologies and their implementation in the real world. Starting from a literature survey and referring to widely accepted standards of the domain, such as AUTOSAR and ISO 26262, we discuss research challenges and set baselines for a holistic secure-by-design approach targeting safety and security aspects all along the different phases of the development process of automotive software.     

适于软硬件实现的安全轻量S盒的设计

随着物联网的发展,轻量级分组密码算法的设计显得尤为重要。S盒是对称密码算法的关键部件。许多加密算法的硬件实现过程易受侧信道攻击,门限实现是一种基于秘密共享和多方计算的侧信道攻击对策。通过简单地对三次布尔函数中的变量进行循环移位,构建密码性质最优的4×4安全轻量S盒,并且为所构造的S盒设计了门限实现方案来抵御侧信道攻击,该方案是可证安全的。该方法构造的S盒的四个分量函数的实现电路相同,极大地降低了硬件实现的复杂度。给定S盒的一个分量,其余的三个分量可通过该分量的循环移位获得,这样大大降低硬件实现成本,易于快速软件实现。     

A novel framework for software defined based secure storage systems

The Software Defined Systems (SDSys) paradigm has been introduced recently as a solution to reduce the overhead in the control and management operations of complex computing systems and to maintain a high level of security and protection. The main concept behind this technology is around isolating the data plane from the control plane. Building a Software Defined System in a real life environment is considered an expensive solution and may have a lot of risks. Thus, there is a need to simulate such systems before the real-life implementation and deployment. In this paper we present a novel experimental framework as a virtualized testbed environment for software defined based secure storage systems. Its also covers some related issues for large scale data storage and sharing such as deduplication. This work builds on the Mininet simulator, where its core components, the host, switch and the controller, are customized to build the proposed experimental simulation framework. The developed emulator, will not only support the development and testing of SD-based secure storage solutions, it will also serve as an experimentation tool for researchers and for benchmarking purposes. The developed simulator/emulator could also be used as an educational tool to train students and novice researchers.     

Building more secure software with improved development processes

The author draws on experiences gained as a member of Microsoft's central security team to outline some basic best practices for the software development process. These practices benefitted Microsoft products released since the inception of its Trustworthy Computing initiative in 2002. The points are a subset of the security development lifecycle process implemented at Microsoft.     

Security patterns modeling and formalization for pattern-based development of secure software systems

Pattern-based development of software systems has gained more attention recently by addressing new challenges such as security and dependability. However, there are still gaps in existing modeling languages and/or formalisms dedicated to modeling design patterns and the way how to reuse them in the automation of software development. The solution envisaged here is based on combining metamodeling techniques and formal methods to represent security patterns at two levels of abstraction to fostering reuse. The goal of the paper is to advance the state of the art in model and pattern-based security for software and systems engineering in three relevant areas: (1) develop a modeling language to support the definition of security patterns using metamodeling techniques; (2) provide a formal representation and its associated validation mechanisms for the verification of security properties; and (3) derive a set of guidelines for the modeling of security patterns within the integration of these two kinds of representations.     

一种快速安全的工控软件报表生成方法

DDE是目前绝大多数工控软件所采用的实现报表功能的通信方式，但这种方式使控制系统在实时性和安全性上都存在着不足。本文提出一种利用ODBC接口实现报表打印功能的方法。这一方法不仅改善了系统的实时性和安全性，而且报表设计更加灵活方便。     

Cetratus: A framework for zero downtime secure software updates in safety-critical systems

Safety-critical systems are evolving into complex, networked, and distributed systems. As a result of the high interconnectivity among all networked systems and of potential security threats, security countermeasures need to be incorporated. Nonetheless, albeit cutting-edge security measures are adopted and incorporated during the system development, such as latest recommended encryption algorithms, these protection mechanisms may turn out obsolete because of the long operational periods. New security flaws and bugs are continuously detected. Software updates are then essential to restore the security level of the system. However, system shutdowns may not be acceptable when high availability is required. As expressed by the European Union Agency for Network and Information Security (ENISA) “the research in the area of patching and updating equipment without disruption of service and tools” is needed. In this article, a novel live updating approach for zero downtime safety-critical systems named Cetratus is presented. Cetratus, which is based on a quarantine-mode execution and monitoring, enables the update of non-safety-critical software components while running, without compromising the safety integrity level of the system. The focus of this work lies on the incorporation of leading-edge security mechanisms while safety-related software components will remain untouched. Other non-safety-related software components could also be updated.     

安全数据采集系统层次化通用软件体系结构研究

根据模型驱动体系结构方法学的思想,提出了一种安全数据采集系统(SC-DAS)的层次化通用软件体系结构.该体系结构分为数据采集通讯层、可信网络接入层以及安全网络传输层等三层,以及客户端、客户端可信代理、信息流策略执行点,策略决策点以及数据服务器5个子系统.详细的介绍了各层包含的主要协议、相关交互模型以及各个子系统的功能.该体系结构可以有效地确保安全数据采集系统的安全性,并为系统的软件复用和快速开发提供了体系层面上的支持.     

基于安全协处理器保护软件可信运行框架

软件可信运行是许多应用领域的基础,但恶意主机问题使得很难保证一个软件可信运行.在传统的基于硬件加密平台保护软件可信运行机制中,运行于安全硬件中的代码和运行于主机中的代码不在同一个执行上下文中,因此难以给用户提供完善的保护策略.为此,提出了一种新的基于安全协处理器保护软件可信运行的框架,在该框架下,软件设计者可以根据待保护软件特点和自身要求定制更加完善和灵活的保护.     

Threat-driven modeling and verification of secure software using aspect-oriented Petri nets

Design-level vulnerabilities are a major source of security risks in software. To improve trustworthiness of software design, this paper presents a formal threat-driven approach, which explores explicit behaviors of security threats as the mediator between security goals and applications of security features. Security threats are potential attacks, i.e., misuses and anomalies that violate the security goals of systems' intended functions. Security threats suggest what, where, and how security features for threat mitigation should be applied. To specify the intended functions, security threats, and threat mitigations of a security design as a whole, we exploit aspect-oriented Petri nets as a unified formalism. Intended functions and security threats are modeled by Petri nets, whereas threat mitigations are modeled by Petri net-based aspects due to the incremental and crosscutting nature of security features. The unified formalism facilitates verifying correctness of security threats against intended functions and verifying absence of security threats from integrated functions and threat mitigations. As a result, our approach can make software design provably secured from anticipated security threats and, thus, reduce significant design-level vulnerabilities. We demonstrate our approach through a systematic case study on the threat-driven modeling and verification of a real-world shopping cart application.     

一种软件生产过程的复用技术模型研究

体系结构设计在软件开发整个过程中扮演着重要角色。软件复用是提高软件开发效率和改善软件质量的一项重要技术。基于上述原因,提出了软件开发过程的复用技术模型。     

The role of expert systems in producing log interpretation software

Abstract: Log interpretation science is a controversial and rapidly changing domain. Designing interpretation models is a highly experimental process which involves trials with a computer program as an integral part of the design. Therefore conventional software engineering techniques, which require a complete specification of the problem before the program is written, are often not applicable or fail to produce high quality software. The development of expert systems has provided the techniques, tools, and capabilities to let us seek alternate methods to produce log interpretation software: exploratory programming environments and automatic programming systems. An exploratory programming environment combines the power of interactive graphics and programming tools to merge the design and programming tasks into a single process where model and program develop together. An automatic programming system will embody the knowledge of the programming process and of some log interpretation heuristics to produce log processing programs from interactive specifications expressed in familiar terms. These facilities will allow log interpretation model designers, who are non-computer specialists, to produce high quality software as the end result of a model design.     

When security meets software engineering: a case of modelling secure information systems

Although security is a crucial issue for information systems, traditionally, it is considered after the definition of the system. This approach often leads to problems, which most of the times translate into security vulnerabilities. From the viewpoint of the traditional security paradigm, it should be possible to eliminate such problems through better integration of security and software engineering. This paper firstly argues for the need to develop a methodology that considers security as an integral part of the whole system development process, and secondly it contributes to the current state of the art by proposing an approach that considers security concerns as an integral part of the entire system development process and by relating this approach with existing work. The different stages of the approach are described with the aid of a real-life case study; a health and social care information system.