Software Development Lifecycle (SDLC)
Define an assurance case
A documented body of evidence that provides a convincing and valid argument that a specified set of critical claims regarding a system's properties are adequately justified for a given application in a given environment
Volere Requirements Shell
A formalized structure that can be used to specify atomic requirements analysis. This is part of the requirements analysis step of the SDLC
Define sequence diagram
A graphical depiction of how processes in a system interact with each other and the order of the interaction; this is most commonly used in UML
Define key stakeholder
A person or group with the most influence on a project
Define nonfunctional requirement
A quality or constraint for the system; something that must be upheld as the system operates
Name the elements in a formal system
A set of symbols; rules for constructing well-formed formulas in the language; axioms for formulas postulated to be true; inference rules expressed in metalanguage
Define scope creep
A situation where a project gains more and more functionality beyond the original specification
Describe Relative Attack Surface Quotient (RASQ)
A software security metric that is already in use by Microsoft
Name the aspects that are directly relevant to an open-source system's ability to support secure SCM
Ability to assign access permissions to users and to restrict access to the repository based on those permission assignments; ability to limit read and write accesses to a single directory
Name the security enhancements suggested by the DHS that can be added to current SCM practices
Access control for development artifacts; time stamping and digital signature of all configuration items upon check-in to the SCM system; baselining of all configuration items before they are checked out for review and testing; storage of a digitally signed copy of the configuration item with its progress verification report; separation of roles and access privileges; separation of roles and duties; authentication of anyone before granting access to the SCM system; auditing of all SCM system access attempts, check-ins, check-outs, configuration changes, and traceability between related components
Name the ways that software-intensive systems come into existance
Acquisition, integration or assembly, custom development, software reengineering
"Managing Software Risk" key activity 3
Adherence to security standards and policies for development and deployment
Define a boundary class
An abstraction of data collected directly from a user, typically from a form or other GUI structure. These classes cannot communicate directly with each other
Define security requirement
An associated protection that must be placed on some part of the system as a contingency to normal operation or guarantee of some constraint that would otherwise violate the conditions of safe operation
Define object
An instance of a class
Describe the testing phase of the SDLC
An internal process before the product is released to the customer for consumption. Involves verification and validation
Define entity class
An object-oriented software system is one representing a collection of data and the manipulation and maintenance of that data
Name the activities of the developer
Analyze database design; coding unit testing on local host
Define stakeholder
Anyone with an interest in the project or anyone affected by the project
Morana risk management activity 2
Architecture and design
Describe validation testing
Asserting that the needs of the system and the needs of the stakeholders are being met with the requirements gathered
Name the key activities that should be subjected to QA reviews and controls during the SDLC
Assessment of development risks; ensuring that security requirements have been defined adequately; ensuring that security controls agreed to during the risk assessment process mechanisms intended to protect CIA have been developed; determining whether security requirements are being met effectively
"Managing Software Risk" key activity 4
Assessment, monitoring, and assurance
MSF risk management activity 3
Building
BSI RMF phase 5
Carrying out and validating the identified fixes for security risks
Risk management activities in Development phase of SDLC
Code review, use of security patterns, flaw and bug mitigation, unit security testing
Name the activities of the release manager
Code review; build (Web Application Archive) WAR file; deploy to various environments
Name the traditional method for gathering requirements
Conducting interviews
SDLC Step 3
Construction
BSI RMF phase 4
Defining cost-effective risk mitigation strategy
MSF risk management activity
Deploying
Morana risk management activity 5
Deployment
SDLC Step 2
Design
Describe the verification procedure of the testing phase of the SDLC
Determines whether the product is being built correctly. Should be conducted before delivering the product to the customer. Verifies that the product does everything it's supposed to on the correct platforms
Morana risk management activity 3
Development
The advantages of SafSec over other software assurance processes
Ensures completeness; minimizes overlap and duplication of evidence; provides a single methodology and framework that supports both safety and security certification and accreditation of both products and systems
Categories that should be included in the security component of a requirement specification
Fail case; consequence of failure; associated risks
Name some other capabilities required to make SCM truly secure that were not developed by the DHS
Flexible but controlled delegation of SCM administrator privileges; no remote access or else remote access only by encrypted, authenticated interfaces; reporting of differences between security aspects of previous and subsequent versions and releases
Name the activities of the Tester/QA
Functional/integrated testing
Name the activities of the business analyst
Gathering requirements; gap analysis with the existing system or process; identifying actors and use cases; work flow diagrams; screen design; facilitating UAT
Describe the design phase of the SDLC
Has significant overlap with requirements analysis. Includes choosing the underlying architecture for the system. The security implications of the platform should be considered here
BSI RMF phase 2
Identifying and linking the business and technical risks within the business context to clarify and quantify the likelihood that certain events will directly affect business goals
Name software configuration management (SCM) methods
Increasing developer accountability for software artifacts by increasing the traceability of software development activities; ongoing impact analysis and control of changes to software development artifacts; minimization of undesirable changes
MSF risk management activity 1
Initiation
SDLC Step 5
Installation
Name some efforts aimed at improving the certification and testing environment for software
International Organization for Standardization/International Electrotechnical Commission (ISO/IEC); The National Institute of Standards and Technology (NIST); federal, DoD, and Intelligence Community certification and accreditation (C&A) processes
Name the items that should be put under the configuration manager's control
Items that are mission critical, security critical, safety critical, or high-risk; items that, if they failed or malfunctioned, would adversely affect security, human safety, or mission accomplishment, or would have significant financial impact; items for which an exact configuration and status of changes must be know at all times
SDLC Step 7
Maintenance
Name the risks involved with software reengineering
Modifications may be required to integrate the new functions with the unmodified portions; new vulnerabilities may be introduced by the increasing complexity of the system; any unexpected behavior in the overall system may manifest as a security vulnerability
Name the elements of a software security assurance case
One or more claims about the required security attributes of the software; a body of evidence supporting those claims; arguments that clearly link the evidence to the claims
SDLC Step 6
Operation
Risk management activities in Deployment phase of SDLC
Patch management, incident management, update of threat models, security measures
ISO/IEC life cycle process expectations
Plan assurance activities; establish and maintain the assurance case; monitor and control assurance activities and products
MSF risk management activity 2
Planning
Define project scope
Refers to the work that is to be completed and is more concerned with how the project itself is governed, such as personnel, timelines, etc
Morana risk management activity 1
Requirements
SDLC Step 1
Requirements analysis
The most important step to defining security
Requirements analysis
Describe an iterative process
Requires that issues/errors be identified and handled immediately in the appropriate phase; allows backtracking; Pros: issues are addressed immediately, and changes do not contradict earlier documentation; Cons: difficult to gauge where the project is according to the plan, and different people can be in different phases simultaneously
Describe an incremental model
Requires that the system be developed in succinct pieces. Each successive phase can reuse assets that were developed in earlier phases; Pros: Allows for frequent releases, one phase does not have to be done before starting on the next; Cons: problems raised in one phase cannot be completed until the next
SDLC Step 8
Retirement
"Managing Software Risk" key activity 1
Risk assessment
Typical risk metrics
Risk likelihood, risk impact, risk severity, and the number of risks that emerge and are mitigated over time
Describe decommissioning
Sanitization of media and proper disposal of hardware and software
Name the limitations of formal methods
Scale, training, applicability
Risk management activities in Architecture and Design phase of SDLC
Security patterns, security testing and planning, security reviews
Risk management activities in Requirements phase of SDLC
Setting of compliance goals, application of standards, threat modeling
SDLC
Software Development Life Cycle
Define functional requirement
Something that the system must do; it is an outcome that the system must produce as part of its useful operation
MSF risk management activity 4
Stabilizing
Describe secure requirements
Standard requirements that have security built into them to determine the necessary constraints to protect the system as a whole
BSI RMF phase 3
Synthesizing and ranking risks
Morana risk management activity 4
Testing
SDLC Step 4
Testing
Describe the construction phase of the SDLC
The actual production of the software. Involves setting up the hardware and any off-the-shelf software used in the system as well as coding new software. Requirements must not be gathered during this phase
Define product scope
The collection of functional and nonfunctional requirements that will be included in the final system
Define requirements creep
The gathering of requirements after the scope is established
The outcome of the verification is contingent on an absence of extrinsic interventions of
The integrity of how raw bits are interpreted in software as abstract values; the integrity of the access pathways to those values
Define use case overflow diagram
The mapping of all potential use cases, providing a picture of the entire functionality of the system
Define scope creep management
The part of the project plan that is the formal process for making any changes to the scope after the requirements gathering step
Define verification testing
The process of asserting that the system is being designed according to its intended purpose
Define trade-off analysis
The process of resolving conflicts between any two competing needs and deciding the best outcome for the project
Define stakeholder analysis
The process used to determine the members of each group
Describe the validation procedure of the testing phase of the SDLC
The testing of whether the correct product is being built. This is conducted by the end users of the system.
Name some inherent problems with current assurance cases
The volume and nature of evidence to be considered; lack of explicit relationships among assurance claims, assurance arguments, and supporting evidence; the lack of support for structuring the information; lack of standard "rules of evidence"; exclusive emphasis in current guidance for assurance case development on the format of the information; the lack of guidance on how to gather, merge, and review arguments and evidence; lack of explicit guidance for weighing conflicting or inconsistent evidence; difficulty in comprehending the often-complex imparts of changes because of the immense volume of information to be considered
Atomic requirements
Those that cannot be broken down any further and represent a functionality or constraint upon the system
Define primary stakeholder
Those who are directly affected by the project or those who can directly affect the project
Define secondary stakeholder
Those who are indirectly affected by the project or those who may indirectly affect the project
Name the activities of the project manager
Tracking the project progress; supporting PDD; estimating schedule; researching risk management and customer relationship management
BSI RMF phase 1
Understanding the business context
The phases of SafSec
Unified risk management; risk-directed design; modular certification
Risk management activities in Testing phase of SDLC
Use of attack patterns, automated black-box and white-box activities, third-party security assessments, updating threat models
Describe the waterfall model
Useful only when requirements are clear and do not change; Pros: each phase is independently useful when requirements don't change, or the project is small; Cons: cannot handle changes, users only involved at the end
Name a way to promote accountability and define a clear conclusion on choices
Using completed and signed documentation
"Managing Software Risk" key activity 2
Vulnerability management
Name the SDLC models and methods
Waterfall; Interative and Incremental; Evolutionary; Spiral; Concurrent Release; Unified Process; Agile
Questions to ask to determine correct and thorough answers about requirements specifications
What are the exceptions to the normal case for this requirement; what sensitive information is included in this requirement; what are the consequences if the conditions of this requirement are violated; what happens if this requirement is intentionally violated
Questions that should be asked to create a well-written requirement
Why should this be part of the system; What are the constraints on this requirement; what are the dependencies for this requirement; who are the stakeholders for this requirement
Name the activities of the architect
Workflow analysis; objects (use case realization), requirements and use case analysis; object diagrams, sequence diagrams; class diagrams; moving analysis to implementation; database design
Name the main uses of formal methods in the SDLC
Writing the software's formal specifications; proving properties about the software's formal specification; constructing the software program through mathematical manipulation of its formal specification, using mathematical arguments and proofs to verify the properties of a program