Difference between revisions of "BSc: Secure System Development"

From IU
Jump to navigation Jump to search
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Secure Systems Development =
 
   
  +
= Secure development =
* <span>'''Course name:'''</span> Secure Systems Development
 
* <span>'''Course number:'''</span> xyz
+
* '''Course name''': Secure development
  +
* '''Code discipline''': XXX
  +
* '''Subject area''': Security and Networks
   
== Course Characteristics ==
+
== Short Description ==
  +
The course is aimed to cover security aspects of development. It covers security architecture, secure coding, security assurance, security operation and basic security concepts. We would go from the deepest kernel (ASLR, NX/DEP, CET, KPTI against ROP, UAF, etc) to theoretical high (access models, Biba and Bell-LaPadula model, security principles), from practical design (NIST recommendations and security by design) to day-by-day operations (OSA practices). We would discuss fuzzing, stat analyzers power and SIEM. The course would be extremely useful for security architects. We would discuss not only security, but also safety topics because the mitigations for them are intersecting. The examples would be given based on Linux OS
   
  +
== Prerequisites ==
=== Key concepts of the class ===
 
   
  +
=== Prerequisite subjects ===
* Identification of security risk, system requirements, and processes
 
  +
* CSE101: Introduction to Programming
* Design and development of secure systems
 
  +
* CSE112: Software Systems Analysis and Design
* Principles of secure programming
 
* Secure software development
 
* Security assurance and evaluation
 
* Vulnerability and system security analysis
 
   
  +
=== Prerequisite topics ===
=== What is the purpose of this course? ===
 
  +
* Basic programming skills, C/C++ is recommended
  +
* Software design or software architecture
  +
* Basics of compilers
   
  +
== Course Topics ==
After the fundamentals of computer security are taught to the students, it is essential for cybersecurity students to understand the principles of secure systems development. In a broader term, secure systems development include security aspects in software development, secure programming, threat intelligence, security requirements, risks, and vulnerability analysis. Therefore, this course is aimed at equipping the students with required skills to design and develop secure systems and exercise secure programming practices during development. In essence, this course is at the crossroads of the software engineering and cybersecurity and complements both the fields.
 
  +
{| class="wikitable"
  +
|+ Course Sections and Topics
  +
|-
  +
! Section !! Topics within the section
  +
|-
  +
| Basics of security ||
  +
# Security and safety
  +
# Security and code quality
  +
# Maintainability and security
  +
# Why it is so hard to develop a secure system and what approaches may be applied?
  +
# When it makes sense to drive system secure?
  +
|-
  +
| Security architecture ||
  +
# NIST recommendations
  +
# Security principles
  +
# Theoretical security: access matrix and security models
  +
# Secure by design
  +
|-
  +
| Secure coding<br> ||
  +
# Security on the code level
  +
# SDL
  +
# Main binary vulnerabilities and their mitigations
  +
|-
  +
| Secure operating ||
  +
# Security monitoring
  +
# DevSecOps
  +
# Dealing with 3rd parties
  +
|-
  +
| Security assurance ||
  +
# Pen testing
  +
# Fuzzing
  +
# Bug Bounty programs
  +
|-
  +
| Linux security ||
  +
# Keep it all together and see how Linux kernel deals with that.
  +
# SELinux
  +
# GrSec patches
  +
# Why Linux is not safety system
  +
|}
   
  +
== Intended Learning Outcomes (ILOs) ==
=== Course objectives based on Bloom’s taxonomy ===
 
   
=== - What should a student remember at the end of the course? ===
+
=== What is the main purpose of this course? ===
  +
The main purpose of this course is to give students a security vision from up to down, because the security principle of weakest link insist that the weakest part of the process/system would be the one to be attacked.
   
  +
=== ILOs defined at three levels ===
By the end of the course, the students should be able to remember the followings:
 
   
  +
==== Level 1: What concepts should a student know/remember/explain? ====
* How to identify security risk
 
  +
By the end of the course, the students should be able to ...
* How to exercise secure design and coding
 
  +
* Remember main security principles
* Understand and demonstrate the steps involved in secure software development
 
  +
* List SDL stages
* Perform vulnerability analysis
 
* Manage and implement security assurance
+
* Describe the difference between security and safety
  +
* Explain basic binary vulnerabilities
  +
* Specify the required security assurance
  +
* Describe the key elements of SOC systems
  +
* Explain why fuzzing is not the same as unit or integration testing
   
=== - What should a student be able to understand at the end of the course? ===
+
==== Level 2: What basic practical skills should a student be able to perform? ====
  +
By the end of the course, the students should be able to ...
  +
* Perform Threat Modeling
  +
* Review code to find insecure patterns
  +
* Deal with open source code securely
  +
* Explain the value of bug bounty programme and find the right moment to start it
   
  +
==== Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios? ====
By the end of the course, the students should be able to understand the design and basic principles of secure systems development. Furthermore, the student will be able to:
 
  +
By the end of the course, the students should be able to ...
  +
* Suggest hardenings and architecture drifts to achieve required level of s&s
  +
* Propose process improvement in a cost-effective manner that would drastically improve the security and safety level.
  +
== Grading ==
   
  +
=== Course grading range ===
* Understand how to identify security risk
 
  +
{| class="wikitable"
* Demonstrate how to exercise secure design and coding
 
  +
|+
* Understand and demonstrate the steps involved in secure software development
 
* Perform vulnerability analysis
 
* Manage and implement security assurance
 
* Identify the research and development challenges for a security project and propose/develop relevant solutions
 
* Use existing frameworks for analysing network traffic, identifying adversaries, and deploy attacks
 
* Include security, cryptography and access control elements in mobile and web-based applications
 
 
=== - What should a student be able to apply at the end of the course? ===
 
 
By the end of the course, the students should be able to develop, manage and implement different secure system development techniques that will include:
 
 
* Secure software development life-cycle
 
* Secure coding
 
* Security and vulnerability analysis and testing
 
* Risk assessment and management
 
* Assess the existing products for security and risk
 
* Develop and design secure systems including software
 
 
=== Course evaluation ===
 
 
{|
 
|+ Course grade breakdown
 
!
 
!
 
!align="center"| '''Proposed points'''
 
 
|-
 
|-
  +
! Grade !! Range !! Description of performance
| Labs/seminar classes
 
| 20
 
|align="center"| 35
 
 
|-
 
|-
  +
| A. Excellent || 80-100 || -
| Interim performance assessment
 
| 30
 
|align="center"| 35
 
 
|-
 
|-
  +
| B. Good || 60-79 || -
| Exams
 
| 50
+
|-
  +
| C. Satisfactory || 40-59 || -
|align="center"| 30
 
  +
|-
  +
| D. Fail || 0-39 || -
 
|}
 
|}
   
  +
=== Course activities and grading breakdown ===
=== Grades range ===
 
  +
{| class="wikitable"
 
{|
+
|+
|+ Course grading range
 
!
 
!
 
!align="center"| '''Proposed range'''
 
 
|-
 
|-
  +
! Activity Type !! Percentage of the overall course grade
| A. Excellent
 
| 90-100
 
|align="center"| 90-100
 
 
|-
 
|-
  +
| Assignment/Labs || 70
| B. Good
 
| 75-89
 
|align="center"| 75-89
 
 
|-
 
|-
  +
| Final quiz || 30
| C. Satisfactory
 
| 60-74
 
|align="center"| 60-74
 
|-
 
| D. Poor
 
| 0-59
 
|align="center"| 0-59
 
 
|}
 
|}
   
  +
=== Recommendations for students on how to succeed in the course ===
=== Resources and reference material ===
 
  +
Participation is important. Showing up is the key to success in this course.<br>If you don’t have a corresponding technical background, please do not hesitate to ask lecturer. If you feel that the gap is deep, request for extra reading.<br>Reading the recommended literature is optional, and will give you a deeper understanding of the material.
   
  +
== Resources, literature and reference materials ==
Since the course is multi-dimensional, therefore, there is no single source that will cover all the topics. For reference, the following sources (and their updated versions) might be considered.
 
   
  +
=== Open access resources ===
* Bishop, M. (2018). Computer Security: Art and Science. Addison-Wesley Professional
 
  +
* Owasp.com
* Secure Coding in C and C++, Robert C. Seacord, Addition-wesley
 
  +
* MITRE SOC Operations https://www.mitre.org/sites/default/files/publications/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf
* Software Security - Building Security In, Gary McGraw, Addition-Wesley Software Security Series
 
  +
* MISRA, AUTOSAR, SEI CERT
* Secure Systems Development with UML – Jan Jurjens
 
  +
* https://www.microsoft.com/en-us/securityengineering/sdl
   
== Course Sections ==
+
=== Closed access resources ===
  +
* Matt Bishop, (2018) “Computer Security: Art and Science”
  +
* D Deougun, DB Jonhsson, D Sawano (2019) “Secure by design”
  +
* D LeBlanc, Michael Howard (2002) “Writing secure code”
   
  +
=== Software and tools used within the course ===
The main sections of the course and approximate hour distribution between them is as follows:
 
  +
* Some static analyser
  +
* AFL
  +
= Teaching Methodology: Methods, techniques, & activities =
   
  +
== Activities and Teaching Methods ==
{|
 
  +
{| class="wikitable"
|+ Course Sections
 
  +
|+ Teaching and Learning Methods within each section
!align="center"| '''Section'''
 
! '''Section Title'''
 
!align="center"| '''Teaching Hours'''
 
 
|-
 
|-
  +
! Teaching Techniques !! Section 1 !! Section 2 !! Section 3 !! Section 4 !! Section 5 !! Section 6
|align="center"| 1
 
| Security assessment and Vulnerability analysis
 
|align="center"| 16
 
 
|-
 
|-
  +
| Problem-based learning (students learn by solving open-ended problems without a strictly-defined solution) || 1 || 1 || 1 || 1 || 1 || 1
|align="center"| 2
 
| Software Security and secure coding
 
|align="center"| 16
 
 
|-
 
|-
  +
| Modular learning (facilitated self-study) || 1 || 1 || 1 || 1 || 1 || 1
|align="center"| 3
 
| Secure software development techniques and frameworks
 
|align="center"| 16
 
 
|-
 
|-
  +
| Differentiated learning (provide tasks and activities at several levels of difficulty to fit students needs and level) || 1 || 1 || 1 || 1 || 1 || 1
|align="center"| 4
 
  +
|-
| Best practices in secure systems development
 
  +
| Contextual learning (activities and tasks are connected to the real world to make it easier for students to relate to them); || 1 || 1 || 1 || 1 || 1 || 1
|align="center"| 16
 
  +
|-
  +
| Business game (learn by playing a game that incorporates the principles of the material covered within the course). || 1 || 1 || 1 || 1 || 1 || 1
 
|}
 
|}
  +
{| class="wikitable"
  +
|+ Activities within each section
  +
|-
  +
! Learning Activities !! Section 1 !! Section 2 !! Section 3 !! Section 4 !! Section 5 !! Section 6
  +
|-
  +
| Lectures || 1 || 1 || 1 || 1 || 1 || 1
  +
|-
  +
| Lab exercises || 1 || 1 || 1 || 1 || 1 || 1
  +
|}
  +
== Formative Assessment and Course Activities ==
   
=== Section 1 ===
+
=== Ongoing performance assessment ===
   
==== Section title: ====
+
==== Section 1 ====
  +
{| class="wikitable"
 
  +
|+
Security assessment and Vulnerability analysis
 
  +
|-
 
  +
! Activity Type !! Content !! Is Graded?
=== Topics covered in this section: ===
 
  +
|-
 
  +
| Individual Assignments || A2: Product Ideation and Market Research<br>Find all weakness in the code snippet. Suggest how to fix them in a secure way. What is your recommendation for the code author? || 1
* Security requirements and rationale
 
  +
|}
* Security assessment
 
  +
==== Section 2 ====
* Penetration testing
 
* Vulnerability analysis
 
* Tools and methods
 
 
=== What forms of evaluation were used to test students’ performance in this section? ===
 
 
<div class="tabular">
 
 
<span>|a|c|</span> &amp; '''Yes/No'''<br />
 
Development of individual parts of software product code &amp; 1<br />
 
Homework and group projects &amp; 1<br />
 
Midterm evaluation &amp; 1<br />
 
Testing (written or computer based) &amp; 1<br />
 
Reports &amp; 0<br />
 
Essays &amp; 0<br />
 
Oral polls &amp; 0<br />
 
Discussions &amp; 1<br />
 
 
 
 
</div>
 
=== Typical questions for ongoing performance evaluation within this section ===
 
 
# How to perform security assessment and which method is used in a particular environment?
 
# Why security assessment is essential?
 
# What is the role of penetration testing in security assessment and what methods are currently used in the industry?
 
# What is the difference between vulnerability and exploit and how a vulnerability can be converted into an exploit?
 
# What are the pros and cons of the existing security assessment tools?
 
 
=== Typical questions for seminar classes (labs) within this section ===
 
 
# Perform security assessment of an example application and/or service.
 
# Use a particular penetration testing method to find vulnerability in an application.
 
# Select at least 3 existing industry-grade tools and perform vulnerability assessment of an example application.
 
# After using particular tools and methods, document their pros and cons.
 
 
=== Test questions for final assessment in this section ===
 
 
# How to perform port scanning and when it is dangerous to do that?
 
# Choose any of the security assessment method to use and justify your choice.
 
# Can we skip the vulnerability assessment? Yes or No? Justify your answer in detail. What would be the downside of either skipping or not skipping it?
 
# How would you covert a vulnerability to an exploit and what are the essential methods to contain an exploit?
 
# What are the drawbacks of the existing security assessment tools?
 
 
=== Section 2 ===
 
 
==== Section title: ====
 
 
Software Security and secure coding
 
 
=== Topics covered in this section: ===
 
 
* Software security
 
* Security in software development life-cycle
 
* Software security requirements and testing
 
* Secure programming
 
* Best practices in secure coding
 
 
=== What forms of evaluation were used to test students’ performance in this section? ===
 
 
<div class="tabular">
 
 
<span>|a|c|</span> &amp; '''Yes/No'''<br />
 
Development of individual parts of software product code &amp; 1<br />
 
Homework and group projects &amp; 1<br />
 
Midterm evaluation &amp; 1<br />
 
Testing (written or computer based) &amp; 1<br />
 
Reports &amp; 0<br />
 
Essays &amp; 0<br />
 
Oral polls &amp; 0<br />
 
Discussions &amp; 1<br />
 
 
 
 
</div>
 
=== Typical questions for ongoing performance evaluation within this section ===
 
 
# At which step of software development, security must be considered?
 
# What are the principle of software security?
 
# What frameworks are proven to be the best for software security and why?
 
# What are the principles of secure coding?
 
# Explain the pitfalls of secure programming?
 
# How the requirements gathering for software can affect software security?
 
 
=== Typical questions for seminar classes (labs) within this section ===
 
 
# Given the scenario, document the requirements (both traditional and security)?
 
# Explain a scenario where the software development will pose a security risk?
 
# Demonstrate non-standard practices in software development that will lead to security issues?
 
# What assessment techniques can be used to detect software security issues in earlier stages of the software development?
 
# What are the best practices in software development from a security perspective?
 
 
=== Test questions for final assessment in this section ===
 
 
# same as above.
 
 
=== Section 3 ===
 
 
==== Section title: ====
 
 
Secure software development techniques and frameworks
 
 
==== Topics covered in this section: ====
 
 
* Software security development frameworks
 
* System security development frameworks
 
* Security development and design techniques
 
* Integration of security solutions
 
 
=== What forms of evaluation were used to test students’ performance in this section? ===
 
 
<div class="tabular">
 
 
<span>|a|c|</span> &amp; '''Yes/No'''<br />
 
Development of individual parts of software product code &amp; 1<br />
 
Homework and group projects &amp; 1<br />
 
Midterm evaluation &amp; 1<br />
 
Testing (written or computer based) &amp; 1<br />
 
Reports &amp; 0<br />
 
Essays &amp; 0<br />
 
Oral polls &amp; 0<br />
 
Discussions &amp; 1<br />
 
 
 
 
</div>
 
=== Typical questions for ongoing performance evaluation within this section ===
 
 
# Explain the existing software security and development frameworks?
 
# Given a software development scenario, how to select a particular framework?
 
# Does software development method affect the software security? Justify your answer.
 
# At which stage of a particular software development method, security is considered?
 
# Describe the rationale for security at every step of software development process?
 
# What is the difference between software and system security?
 
# Can software security techniques be used in system security? Justify your answer.
 
 
==== Typical questions for seminar classes (labs) within this section ====
 
 
# Through secure programming and security frameworks of software, demonstrate the software resilience.
 
# Demonstrate the software security (with respect to requirements) at each step of the development process?
 
# What are the vulnerabilities and attacks associated with insecure programming practices? Demonstrate.
 
# Demonstrate if different programming paradigms have any effect on the software security?
 
# Through a proof-of-concept, demonstrate the difference between software and system security.
 
 
==== Test questions for final assessment in this section ====
 
   
  +
==== Section 3 ====
# same as above.
 
   
=== Section 4 ===
+
==== Section 4 ====
   
==== Section title: ====
+
==== Section 5 ====
   
  +
==== Section 6 ====
Best practices in secure systems development
 
   
==== Topics covered in this section: ====
+
=== Final assessment ===
  +
'''Section 1'''
   
  +
'''Section 2'''
* Industrial view on the systems security
 
* Usage of best practices in software and system security
 
* Secure development standards
 
* Role of emerging technologies in secure systems development
 
* Ongoing secure system development standardization activities
 
* Existing projects considering secure system development
 
   
  +
'''Section 3'''
=== What forms of evaluation were used to test students’ performance in this section? ===
 
   
  +
'''Section 4'''
<div class="tabular">
 
   
  +
'''Section 5'''
<span>|a|c|</span> &amp; '''Yes/No'''<br />
 
Development of individual parts of software product code &amp; 1<br />
 
Homework and group projects &amp; 1<br />
 
Midterm evaluation &amp; 1<br />
 
Testing (written or computer based) &amp; 1<br />
 
Reports &amp; 0<br />
 
Essays &amp; 0<br />
 
Oral polls &amp; 0<br />
 
Discussions &amp; 1<br />
 
   
  +
'''Section 6'''
   
   
  +
=== The retake exam ===
</div>
 
  +
'''Section 1'''
=== Typical questions for ongoing performance evaluation within this section ===
 
   
  +
'''Section 2'''
# What are the best practices in the industry for secure system development?
 
# What are the current issues with the best practices in the industry and what are their limitations?
 
# Cross-platform system development might affect the security of the system. Do you agree or not?
 
# Briefly explain the standardization efforts in the industry and academia regarding the secure system development?
 
# Can we apply the best practices of secure software development in secure system development? Justify your answer.
 
   
  +
'''Section 3'''
==== Typical questions for seminar classes (labs) within this section ====
 
   
  +
'''Section 4'''
# Demonstrate the effectiveness of secure system development best practices.
 
# Demonstrate the analysis of using different development platforms on the secure system and software development.
 
# What is the role of traditional security mechanisms such as cryptography on the secure system development?
 
# With toy examples, demonstrate the attacker perspective and behavior on the (in)secure system development.
 
# Analyze the security of a given system by choosing any of the secure development framework?
 
   
  +
'''Section 5'''
==== Test questions for final assessment in this section ====
 
   
  +
'''Section 6'''
# same as above.
 

Latest revision as of 12:03, 13 October 2022

Secure development

  • Course name: Secure development
  • Code discipline: XXX
  • Subject area: Security and Networks

Short Description

The course is aimed to cover security aspects of development. It covers security architecture, secure coding, security assurance, security operation and basic security concepts. We would go from the deepest kernel (ASLR, NX/DEP, CET, KPTI against ROP, UAF, etc) to theoretical high (access models, Biba and Bell-LaPadula model, security principles), from practical design (NIST recommendations and security by design) to day-by-day operations (OSA practices). We would discuss fuzzing, stat analyzers power and SIEM. The course would be extremely useful for security architects. We would discuss not only security, but also safety topics because the mitigations for them are intersecting. The examples would be given based on Linux OS

Prerequisites

Prerequisite subjects

  • CSE101: Introduction to Programming
  • CSE112: Software Systems Analysis and Design

Prerequisite topics

  • Basic programming skills, C/C++ is recommended
  • Software design or software architecture
  • Basics of compilers

Course Topics

Course Sections and Topics
Section Topics within the section
Basics of security
  1. Security and safety
  2. Security and code quality
  3. Maintainability and security
  4. Why it is so hard to develop a secure system and what approaches may be applied?
  5. When it makes sense to drive system secure?
Security architecture
  1. NIST recommendations
  2. Security principles
  3. Theoretical security: access matrix and security models
  4. Secure by design
Secure coding
  1. Security on the code level
  2. SDL
  3. Main binary vulnerabilities and their mitigations
Secure operating
  1. Security monitoring
  2. DevSecOps
  3. Dealing with 3rd parties
Security assurance
  1. Pen testing
  2. Fuzzing
  3. Bug Bounty programs
Linux security
  1. Keep it all together and see how Linux kernel deals with that.
  2. SELinux
  3. GrSec patches
  4. Why Linux is not safety system

Intended Learning Outcomes (ILOs)

What is the main purpose of this course?

The main purpose of this course is to give students a security vision from up to down, because the security principle of weakest link insist that the weakest part of the process/system would be the one to be attacked.

ILOs defined at three levels

Level 1: What concepts should a student know/remember/explain?

By the end of the course, the students should be able to ...

  • Remember main security principles
  • List SDL stages
  • Describe the difference between security and safety
  • Explain basic binary vulnerabilities
  • Specify the required security assurance
  • Describe the key elements of SOC systems
  • Explain why fuzzing is not the same as unit or integration testing

Level 2: What basic practical skills should a student be able to perform?

By the end of the course, the students should be able to ...

  • Perform Threat Modeling
  • Review code to find insecure patterns
  • Deal with open source code securely
  • Explain the value of bug bounty programme and find the right moment to start it

Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios?

By the end of the course, the students should be able to ...

  • Suggest hardenings and architecture drifts to achieve required level of s&s
  • Propose process improvement in a cost-effective manner that would drastically improve the security and safety level.

Grading

Course grading range

Grade Range Description of performance
A. Excellent 80-100 -
B. Good 60-79 -
C. Satisfactory 40-59 -
D. Fail 0-39 -

Course activities and grading breakdown

Activity Type Percentage of the overall course grade
Assignment/Labs 70
Final quiz 30

Recommendations for students on how to succeed in the course

Participation is important. Showing up is the key to success in this course.
If you don’t have a corresponding technical background, please do not hesitate to ask lecturer. If you feel that the gap is deep, request for extra reading.
Reading the recommended literature is optional, and will give you a deeper understanding of the material.

Resources, literature and reference materials

Open access resources

Closed access resources

  • Matt Bishop, (2018) “Computer Security: Art and Science”
  • D Deougun, DB Jonhsson, D Sawano (2019) “Secure by design”
  • D LeBlanc, Michael Howard (2002) “Writing secure code”

Software and tools used within the course

  • Some static analyser
  • AFL

Teaching Methodology: Methods, techniques, & activities

Activities and Teaching Methods

Teaching and Learning Methods within each section
Teaching Techniques Section 1 Section 2 Section 3 Section 4 Section 5 Section 6
Problem-based learning (students learn by solving open-ended problems without a strictly-defined solution) 1 1 1 1 1 1
Modular learning (facilitated self-study) 1 1 1 1 1 1
Differentiated learning (provide tasks and activities at several levels of difficulty to fit students needs and level) 1 1 1 1 1 1
Contextual learning (activities and tasks are connected to the real world to make it easier for students to relate to them); 1 1 1 1 1 1
Business game (learn by playing a game that incorporates the principles of the material covered within the course). 1 1 1 1 1 1
Activities within each section
Learning Activities Section 1 Section 2 Section 3 Section 4 Section 5 Section 6
Lectures 1 1 1 1 1 1
Lab exercises 1 1 1 1 1 1

Formative Assessment and Course Activities

Ongoing performance assessment

Section 1

Activity Type Content Is Graded?
Individual Assignments A2: Product Ideation and Market Research
Find all weakness in the code snippet. Suggest how to fix them in a secure way. What is your recommendation for the code author?
1

Section 2

Section 3

Section 4

Section 5

Section 6

Final assessment

Section 1

Section 2

Section 3

Section 4

Section 5

Section 6


The retake exam

Section 1

Section 2

Section 3

Section 4

Section 5

Section 6