SAS ‘04
Reducing Software Security Risk
through an Integrated Approach
David P. Gilliam and John D. Powell
1
Acknowledgement
NOTE:
This research was carried out at the Jet
Propulsion Laboratory, California Institute of
Technology, under a contract with the
National Aeronautics and Space
Administration
The work was sponsored by the NASA Office
of Safety and Mission Assurance under the
Software Assurance Research Program lead
by the NASA Software IV&V Facility
This activity is managed locally at JPL through
the Assurance and Technology Program Office
2
Current Collaborators
David Gilliam – Principle Investigator, JPL
John Powell – JPL Software Engineer
Matt Bishop – Associate Professor of
Computer Science, University of
California at Davis
Eric Haugh – UC Davis Researcher
http://rssr.jpl.nasa.gov
3
Goal
Reduce security risk to the computing
environment by mitigating vulnerabilities
in the software development and
maintenance life cycles
Provide an instrument and tools to help
avoid vulnerabilities and exposures in
software
To aid in complying with security
requirements and best practices
4
Problem
Lack of Experts: Brooks – “No Silver Bullet”
is still valid (IEEE Software Engineering,
1987)
Poor Security Requirements
Poor System Engineering
Leads to poor design, coding, and testing
Cycle of Penetrate and Patch
Piecemeal Approach to Security Assurance
5
Reducing Software Security Risk
Through an Integrated Approach
NASA
• Software Vulnerabilities Expose IT Systems and
Infrastructure to Security Risks
• Goal: Reduce Security Risk in Software and
Protect IT Systems, Data, and Infrastructure
•Security Training for System Engineers and Developers
V m atrix
•Software Security Checklist for end-to-end life cycle
A ttack s n ot in th e w ild
•Software Security Assessment Instrument (SSAI)
PBT
•Security Instrument Includes:
C1 C2 C3 C4
•Model-Based Verification
MC A nd_1 A nd_2
•Property-Based Testing
•Security Checklist
D iscovered a ttack s n ot b een seen in th e w ild
S a fe U n sa fe
K n o w n attack s for V m atrix / P B T Lib aries
•Vulnerability Matrix
T echno lo g y Inte gratio n S oftw are C o m p on en t R elation sh ip s
•Collection of security tools 6
Womb-to-Tomb Process
Coincides with Organizational Polices and Requirements
Software Lifecycle Integration
Software Security Checklist
Phase 1
Provide instrument to integrate security as a formal approach to the
software life cycle
Requirements Driven
Phase 2:
External Release of Software
Release Process
Vulnerability Matrix – NASA Top 20
Security Assurance Instruments
Early Development – Model Checking / FMF
Implementation – Property Based Testing
Security Assessment Tools (SATs)
Description of available SATs
Pros and Cons of each and related tools with web sites
Notification to Users and Functional Areas when Software
or Systems are De-Commissioned
7
Current Work
Model-Based Verification of SSL Protocol
Report Submitted to IV&V Center
Integration of Security into Software
Quality Improvement (SQI) at JPL
Inclusion of Security in Life Cycle Process
Security Risk Assessment – Potential Use of
Defect Detection and Prevention Tool
Formal Verification of Patchlink Patch
Management Software Agent
Used in All NASA Centers
8
Note on Future Work
Training Course for SSC and Use of Security
Assessment Tools
Experts and Expert Center Available to Assist
with the Instrument and Tools
Integrate with Deep Space Mission Systems
(DSMS)
Verifying SSL and use in DSMS
Potential to Verify Space Link Extension (SLE)
Protocol
Potential to Verify Space Communication Protocol
Standard (SCPS) implementations
Developing an Approach to Project Life Cycle
Security Risk Assessment at JPL
9
FOR MORE INFO...
David Gilliam
JPL
400 Oak Grove Dr., MS 144-210
Pasadena, CA 91109
Phone: (818) 354-0900 FAX: (818) 393-1377
Email: david.p.gilliam@jpl.nasa.gov
John Powell
MS 125-233
Phone: (818) 393-1377
Email: john.d.powell@jpl.nasa.gov
Website: http://rssr.jpl.nasa.gov/
10