Software Quality engineering chapter 15066788.ppt
azwerraza01
34 views
9 slides
May 20, 2024
Slide 1 of 9
1
2
3
4
5
6
7
8
9
About This Presentation
Software Quality engineering chapter 15066788.ppt
Slide Content
1
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Chapter 27
Security Engineering
Slide Set to accompany
Software Engineering: A Practitioner’s Approach, 8/e
by Roger S. Pressman and Bruce R. Maxim
Slides copyright © 1996, 2001, 2005, 2009, 2014by Roger S. Pressman
For non-profit educational use only
May be reproduced ONLY for student use at the university level when used in conjunction
with Software Engineering: A Practitioner's Approach, 8/e. Any other reproduction or use is
prohibited without the express written permission of the author.
All copyright information MUST appear if these slides are posted on a website for student
use.
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Chapter 27
Security Engineering
Slide Set to accompany
Software Engineering: A Practitioner’s Approach, 8/e
by Roger S. Pressman and Bruce R. Maxim
Slides copyright © 1996, 2001, 2005, 2009, 2014by Roger S. Pressman
For non-profit educational use only
May be reproduced ONLY for student use at the university level when used in conjunction
with Software Engineering: A Practitioner's Approach, 8/e. Any other reproduction or use is
prohibited without the express written permission of the author.
All copyright information MUST appear if these slides are posted on a website for student
use.
2
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Why Security Engineering?
Security is a perquisite to system integrity, availability,
reliability, and safety
Security provides the mechanism that enable a systems to
protect its assets from attack
Assets are system resources (information, files, programs,
storage, processor capacity) that have value to its stakeholders
Attacks take advantage of vulnerabilities that allow
unauthorized system access
It is difficult to make a system more secure by responding to
bug reports, security must be designed in from the beginning
testing appropriate?
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Why Security Engineering?
Security is a perquisite to system integrity, availability,
reliability, and safety
Security provides the mechanism that enable a systems to
protect its assets from attack
Assets are system resources (information, files, programs,
storage, processor capacity) that have value to its stakeholders
Attacks take advantage of vulnerabilities that allow
unauthorized system access
It is difficult to make a system more secure by responding to
bug reports, security must be designed in from the beginning
testing appropriate?
3
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Analyzing Security
Requirements
Exposureis the value in terms of the time or cost to recreate a
lost system asset
Threat analysisis the process of determining the conditions or
threats that may damage system resources or make them
inaccessible to unauthorized access
Controlsare created to avoid the attacks and to mitigate their
damage
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Analyzing Security
Requirements
Exposureis the value in terms of the time or cost to recreate a
lost system asset
Threat analysisis the process of determining the conditions or
threats that may damage system resources or make them
inaccessible to unauthorized access
Controlsare created to avoid the attacks and to mitigate their
damage
4
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Online Security Threats
Social Media –networks often allow their users to develop
applications that have access to personal details of their users
Mobile Applications –native apps running on mobile devices
may have the same access resources as the device owner
Cloud Computing –brings additional confidentiality and trust
issues into the security picture because it blurs the line
between “trusted inside” and “untrusted outside”
Internet of Things –ability of everyday objects to communicate
and report contextual information about its user and its
environment
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Online Security Threats
Social Media –networks often allow their users to develop
applications that have access to personal details of their users
Mobile Applications –native apps running on mobile devices
may have the same access resources as the device owner
Cloud Computing –brings additional confidentiality and trust
issues into the security picture because it blurs the line
between “trusted inside” and “untrusted outside”
Internet of Things –ability of everyday objects to communicate
and report contextual information about its user and its
environment
5
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Security Analysis -I
Security requirements elicitation
Determine how users need to interact with system resources
Create abuser stories that describe system threats
User treat modeling and risk analysis to determine the system security
policies as part of the non-functional requirements
Locate attack patterns that identify solutions to system security
shortcomings
Security modeling
Captures policy objectives, external interface requirements, software
security requirements, rules of operation, description of security architecture
Provides guidance during design, coding and review
State models can help software engineers ensure that the series of state
transitions allowed by the system start and end in a secure state
Using formal security models may improve the trustworthiness of a system
since correctness proofs may be used as part of the system security case
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Security Analysis -I
Security requirements elicitation
Determine how users need to interact with system resources
Create abuser stories that describe system threats
User treat modeling and risk analysis to determine the system security
policies as part of the non-functional requirements
Locate attack patterns that identify solutions to system security
shortcomings
Security modeling
Captures policy objectives, external interface requirements, software
security requirements, rules of operation, description of security architecture
Provides guidance during design, coding and review
State models can help software engineers ensure that the series of state
transitions allowed by the system start and end in a secure state
Using formal security models may improve the trustworthiness of a system
since correctness proofs may be used as part of the system security case
6
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Security Analysis -II
Measures design
Security metrics should focus on system dependability, trustworthiness, and
survivability
Measures or asset value, threat likelihood, are system vulnerability are
needed to create these metrics
Correctness checks
Software verification activities and security test cases must be traceable to
system security cases
Data collected during audits, inspections, and test cases are analyzed and
summarized as a security case
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Security Analysis -II
Measures design
Security metrics should focus on system dependability, trustworthiness, and
survivability
Measures or asset value, threat likelihood, are system vulnerability are
needed to create these metrics
Correctness checks
Software verification activities and security test cases must be traceable to
system security cases
Data collected during audits, inspections, and test cases are analyzed and
summarized as a security case
7
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Security Assurance
Used to show that you have created a secure product that
inspires confidence among end users and stakeholders
Security Case Elements
Security claims
Arguments linking claims to each other
Evidence (reviews, proofs, etc.) supporting arguments
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Security Assurance
Used to show that you have created a secure product that
inspires confidence among end users and stakeholders
Security Case Elements
Security claims
Arguments linking claims to each other
Evidence (reviews, proofs, etc.) supporting arguments
8
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Security Risk Analysis
Identify assets
Create architecture overview
Application decomposition
Identify threats
Document threats
Rate threats
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
Security Risk Analysis
Identify assets
Create architecture overview
Application decomposition
Identify threats
Document threats
Rate threats
9
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
System Trustworthiness
Trust is the level of confidence that software components and
stakeholders can rely on one another
Verification ensures that the security requirements are
assessed using objective and quantifiable techniques traceable
to the security cases
Evidence used to prove the security case must be acceptable
and convincing to all system stakeholders
Most trust metrics are based on historical data derived from
past behavior in situations involving trust
These slides are designed to accompany Software Engineering: A Practitioner’s Approach, 8/e
(McGraw-Hill 2014). Slides copyright 2014 by Roger Pressman.
System Trustworthiness
Trust is the level of confidence that software components and
stakeholders can rely on one another
Verification ensures that the security requirements are
assessed using objective and quantifiable techniques traceable
to the security cases
Evidence used to prove the security case must be acceptable
and convincing to all system stakeholders
Most trust metrics are based on historical data derived from
past behavior in situations involving trust
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 34
- Slides 9
- Age 565 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
51 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
49 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
39 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
38 views
21
Know for Certain
DaveSinNM
24 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
27 views