Course Introduction

and Syllabus
Discussion
Dr. Nada Hany Sherief
Agenda

1. Course Introduction and Syllabus Discussion

 Course Overview
 Learning Objectives
 Course Prerequisites
 Grading Policy
 Course Schedule
 Course Policies (e.g., late submissions, academic integrity)
2. Software Security Concepts
 Important Terminology (Threats, Vulnerabilities, Attacks)
 Security Goals (Confidentiality, Integrity, Availability)
 Definition of Software Security
 Security Models (e.g., Bell-LaPadula, Biba, Clark Wilson)
 Learning Objectives

1 2 3 4 5 6
Understand software Understand software Experiment with and Understand secure Apply secure software Experiment with and
security concepts security problems and measure software software architecture development life cycle apply software
threats to security security through and software security security and testing
estimation and metrics assurance
Course Overview

1. Course Introduction and Syllabus Discussion

2. Software Security Concepts
3. Software Security Problems
4. Threats to Security
5. Software Security Metrics
6. Software Security Estimation
7. 7th Week Assessment
8. Secure Software Architecture
9. Software Security Assurance
10.Secure Software Development Process
11.Software Security Testing
12.12th Week Assessment
13.Implementing Security Testing: Case Study
14.Implementing Software Security: Case Study
15.Project Presentations
Course Grading System
7th week
20 marks on exam
12th week 10 marks on section
10 marks on exam
10 marks on section

Continuous Assessment
Final Exam 10 marks on Quizzes
and Assignments
40 marks on exam
Course Lecturer’s Contact

E-mail: Office hours:

[email protected] Sunday 10:00 – 12:00
Wednesday 10:00 – 12:00
Course Policies

• Attendance will be taken every class and will be reported.

• Official excuse for any class absence must be presented within one week
after that class.
• Students are expected to regularly check the course Google Classroom for
lecture notes and updates.
• It is important that any work submitted is your own. Plagiarism and/or collusion
will result in a possible disciplinary action.
• All group members should attend the final project discussion with the course
teaching assistant Ms. Salma Yasser. Absence of any group member will be taken
with penalty.
• Any late submissions will be taken with penalty.
• No coursework will be accepted after the 15th week, not even with penalty.
Software Security
Concepts
Dr. Nada Hany Sherief
Important Terminology: Threats
• A threat is any potential occurrence,
malicious or otherwise, that could
harm an asset.
• In other words, a threat is any bad
thing that can happen to your assets.
Important Terminology: Attacks
• An attack is an action that exploits a
vulnerability or enacts a threat.
• Examples of attacks include sending
malicious input to an application or
flooding a network in an attempt to
deny service.
• To summarize, a threat is a potential
event that can adversely affect an
asset, whereas a successful attack
exploits vulnerabilities in your system.
Important Terminology: Vulnerabilities
• A vulnerability is a weakness that
makes a threat possible.
• This may be because of poor design,
configuration mistakes, or inappropriate
and insecure coding techniques.
• Weak input validation is an example of
an application layer vulnerability, which
can result in input attacks.
Software Security vs. Application
Security
• Software Security: a way to defend
against software exploits by building
software to be secure (McGraw
Exploiting Software)
• Application Security: a way to defend
against software exploits in a post-facto
way after deployment is complete
(McGraw Exploiting Software)
The
Foundations
of Security:
CIA triad
 Confidentiality

• Confidentiality: Ensuring that information is only accessible to

authorized individuals.
• Example:
• Government agencies handle a wide variety of classified
documents, each with different levels of sensitivity. Here are some
common examples:
• Nuclear weapon designs
• Critical military plans
• Sensitive diplomatic communications
• Advanced technology information
• Classified research data
Confidentiality Measures

Government agencies must implement security measures to prevent the

unauthorized disclosure of classified documents. These measures typically
include:
• Classification Systems: Establishing clear guidelines for classifying
documents based on their sensitivity.
• Access Controls: Implementing strict access controls to limit access to
classified information to authorized personnel.
• Encryption: Encrypting sensitive data to protect it from unauthorized access.
• Secure Storage: Storing classified documents in secure locations.
• Personnel Security: Conducting thorough background checks on personnel
who handle classified information.
• Incident Response: Having a plan in place to respond to security breaches
and other incidents involving classified information.
Integrity

• Integrity: Ensuring that information is accurate and has not been

modified or tampered with.
• Example
• Data integrity in financial systems is crucial to ensure the accuracy,
reliability, and consistency of financial data. Here are some
examples:
• Verify that account balances are accurate and reflect all
transactions.
• Ensure that account data is consistent across different systems
and databases
Integrity Measures

• User access controls are a

group of administration practices
that restricts access to the
systems, to only those that
require access.
 • File permissions are core to the security
Integrity model used by Linux systems.
Measures • They determine who can access files and
directories on a system and how.
Integrity Measures
Integrity Measures
• Version control may be used to
prevent erroneous changes or
accidental deletion by authorized
users becoming a problem.
Integrity Measures
Integrity Measures
• A checksum is like a unique
fingerprint of a file that can be
used to verify whether two files
are identical.
• Each time you run a checksum; a
number string is created for each
file.
• Even if one byte of data has been
altered or corrupted, that string
will change.
Integrity Measures
• Backups or redundancies must
be available to restore the
affected data to its correct state.
Availability

• Availability refers to the ability of users to access and use those

resources when they need them. It ensures that information and
services are accessible, usable, and uninterrupted.
• Examples:
• E-commerce websites: Customers should be able to access
and use online stores without interruptions.
• Banking systems: Customers should be able to access their
accounts and perform transactions at any time.
• Healthcare systems: Patients and healthcare providers should
be able to access medical records and information when needed.
Availability Measures

1. Redundancy:
• Hardware redundancy: Having multiple copies of hardware
components to ensure that if one fails, the system can continue
to operate.
• Software redundancy: Having multiple copies of software
components to ensure that if one fails, the system can continue
to operate.
• Data redundancy: Having multiple copies of data to ensure that
if one copy is lost, the data can be recovered.
Availability Measures

2. Fault Tolerance:
• Error detection and correction: Implementing mechanisms to
detect and correct errors in hardware, software, or data.
• Automatic failover: Automatically switching to a backup system
or component in case of a failure.
3. Load Balancing:
• Distributing workload across multiple servers or components to
prevent overload and improve performance.
4. Firewalls:
• Implementing firewalls to protect systems from unauthorized
access and malicious traffic. Firewalls can help to prevent DoS
attacks and other threats that can impact availability.
Security
Models
Bell-LaPadula:

Example: A military
Bell-LaPadula: A database should use the
confidentiality model that Bell-LaPadula model to
restricts information flow to ensure that sensitive
prevent unauthorized information is only
disclosure. accessible to authorized
personnel.
About Bell-LaPadula

• This Model was invented by Scientists David Elliot

Bell and Leonard .J. LaPadula.
• Thus, this model is called the Bell-LaPadula Model.
• This is used to maintain the Confidentiality of Security.
• In this model the classification of Subjects(Users) and
Objects(Files) are organized in a non-discretionary fashion,
with respect to different layers of secrecy.
Bell - LaPadula Model
Bell - LaPadula Model Rules
• SIMPLE CONFIDENTIALITY RULE:
• The Subject can only Read the files on the Same Layer of Secrecy
and the Lower Layer of Secrecy but not the Upper Layer of Secrecy,
due to which we call this rule as NO READ-UP
• STAR CONFIDENTIALITY RULE:
• The Subject can only Write the files on the Same Layer of Secrecy
and the Upper Layer of Secrecy but not the Lower Layer of Secrecy,
due to which we call this rule as NO WRITE-DOWN
• STRONG STAR CONFIDENTIALITY RULE:
• Strong Star Confidentiality Rule is highly secured and strongest
which states that the Subject can Read and Write the files on the
Same Layer of Secrecy only and not the Upper Layer of Secrecy or
the Lower Layer of Secrecy, due to which we call this rule as NO
READ WRITE UP DOWN
Case Study: Applying
the Bell-LaPadula
Model in a University
Scenario

• A university is implementing a new online learning platform

that stores sensitive student data, such as grades,
transcripts, and personal information. The university wants
to ensure that this data is protected from unauthorized
access and disclosure.
Applying the Bell-LaPadula Model:

1. Define Security Levels:

• Top Secret: Sensitive administrative data, such as faculty
salaries and budget information.
• Secret: Student grades, transcripts, and personal information.
• Confidential: Course materials, announcements, and general
information.
• Unclassified: Publicly accessible information, such as news and
events.
Applying the Bell-LaPadula Model:

2. Assign Security Labels to Subjects and Objects:

• Subjects: Students, faculty, and administrators.
• Objects: Files, documents, and databases containing sensitive
information.
Enforce the Bell-LaPadula Rules:

• Simple Confidentiality Rule (No Read-Up):

• Students can only access information at their own security level
or below. For example, a student cannot access top-secret
administrative data.
• Faculty and staff can access information at their own security
level or below, but they cannot access information at higher
security levels.
Scenario 1: Student Access
•Subject: Student
•Objects: Grades, transcripts, course materials, student
information
•Security Levels: Secret, Confidential, Unclassified
•Rules:
•Students can read files at their own security level (e.g., their
grades, transcripts).
•Students cannot read files at higher security levels (e.g., other
students' grades, administrative data).
Scenario 2: Faculty Access
• Subject: Faculty
• Objects: Student grades, course materials, administrative data
• Security Levels: Secret, Confidential, Unclassified
• Rules:
• Faculty can read files at their own security level and below
(e.g., student grades, course materials).
• Faculty cannot read files at higher security levels (e.g., top-
secret administrative data).
Scenario 3: Administrator Access

•Subject: Administrator
•Objects: All levels of data
•Security Levels: Top Secret, Secret, Confidential, Unclassified
•Rules:
•Administrators can read files at all security levels.
Enforce the Bell-LaPadula Rules:

• Star Confidentiality Rule (No Write-Down):

• Students cannot write to files at lower security levels. For
example, a student cannot modify their own grades.
• Administrators can write to files at their own security level not
lower.
Scenario 1: Student Access
•Subject: Student
•Objects: Grades, transcripts, course materials, student
information
•Security Levels: Secret, Confidential, Unclassified
•Rules:
•Students can write to files at their own security level (e.g., their
registration information).
•Students cannot write to files at lower security levels (e.g.,
modify their own grades or transcripts).
Scenario 2: Faculty Access
• Subject: Faculty
• Objects: Student grades, course materials, administrative data
• Security Levels: Secret, Confidential, Unclassified
• Rules:
• Faculty can write to files at their own security level not below
(e.g., their students’ grades, their course materials).
• Faculty normally cannot write to files at higher security levels
(e.g., top-secret administrative data).
E.g. Department Financial Data (Restricted Write Up)
Scenario 3: Administrator Access

•Subject: Administrator
•Objects: All levels of data
•Security Levels: Top Secret, Secret, Confidential, Unclassified
•Rules:
•Administrators must adhere to the Bell-LaPadula rules to
prevent unauthorized disclosure.
Enforce the Bell-LaPadula Rules:

• Strong Star Confidentiality Rule (No Read-Write Up-Down):

• This rule is generally not applicable in a classroom setting, as it
would be too restrictive for students and faculty to perform their
normal tasks.
 Example Scenarios:

1 2 3
Student Access: A student Faculty Access: A faculty Administrator Access: An
can access their own grades member can access student administrator can access all
(Secret) and course materials grades (Secret), course levels of data, including top-
(Confidential) but cannot materials (Confidential), and secret administrative
access other students' grades administrative data relevant information. However, they
or sensitive administrative to their role (e.g., course must adhere to the Bell-
data (Top Secret). rosters, grading policies). LaPadula rules to prevent
unauthorized disclosure.
Advantages of Bell-LaPadula Model
• Helps to ensure that security measures are consistent and effective.
• Clearly defines the goal of confidentiality and provides specific rules for
achieving it.
• Can be applied to a wide range of systems and applications, from military
databases to commercial software.
Disadvantages of Bell-LaPadula Model
• The Bell-LaPadula model can be complex to implement and understand,
especially for organizations that are not familiar with formal security
models.
• The Star Confidentiality Rule can be overly restrictive in scenarios where
data needs to flow downward in a hierarchical structure.
• The rules can hinder collaboration between users at different security
levels. For instance, a researcher working on a classified project may need
to share findings with colleagues at a lower security level to get feedback
or assistance.
Questions

Thanks!