CISSP Note(CH10 Software Development Security)

System Development Life Cycle

1. Initiation:Need for a new system is defined
   - Preliminary risk assessment

2. Acquisition/development: New system is either created or purchased
   - Security function requirement analysis
   - Security control development

3. Implementation: New system is installed into production environment
   - Inspection and acceptance
   - Security certification
   - Security accreditation

4. Operation/maintenance: System is used and cared for
   - Configuration management and control
   - Continuous monitoring

5. Disposal: System is removed from production environment
   - Media sanitization
   - Hardware and software disposal

certification and accreditation (C&A)

1.Certification (認證) : technical testing of a system. Established verification procedures are followed to ensure the effectiveness of the system and its security controls.

2. Accreditation (認可): he formal authorization given by management to allow a system to operate in a specific environment. The accreditation decision is based upon the results of the certification process.

Testing Types

1. Unit testing:programmers validate data structure, logic, and boundary conditions.

2. Integration testing: Verifying that components work together as outlined in design specifications.

3. Acceptance testing: Ensuring that the code meets customer requirements.

4. Regression testing: After a change to a system takes place, retesting to ensure functionality, performance, and protection.

Standard

1. CMMI: process improvement model
    Initial > Repeatable > Defined > Managed > Optimizing

2. WASC and OWASP: focus on integrating security into software development processes

3. BSI: focus of protecting critical infrastructure but can be used in any software development project

4. ISO/IEC 27034: general approach that is used more in the private industry

CORBA and ORBs

This standard defines the APIs, communication protocol, and client/server communication methods to allow heterogeneous applications written in different programming languages and run on various platforms to work together.

COM and DCOM

Component Object Model (COM) is a model that allows for interprocess communication within one application or between applications on the same computer system. 

Distributed Component Object Model (DCOM) supports the same model for component interaction, and also supports distributed interprocess communication (IPC). COM enables applications to use components on the same systems, while DCOM enables applications to access objects that reside in different parts of a network.Without DCOM, programmers would have to write much more complicated code to find necessary objects, set up network sockets, and incorporate the services necessary to allow communication.DCOM has been faded out and replaced with the .NET framework, which is mainly used for applications that run in Windows environments.

OLE DB

It provides a low level interface to link information across different databases, and provides

access to data no matter where they are located or how they are formatted.

The following are some characteristics of an OLE DB:

• It’s a replacement for ODBC, extending its feature set to support a wider variety of nonrelational databases, such as object databases and spreadsheets that do not necessarily implement SQL.

• A set of COM-based interfaces provide applications with uniform access to data stored in diverse data sources

• Because it is COM-based, OLE DB is limited to being used by Microsoft Windows–based client tools.

• A developer accesses OLE DB services through ActiveX Data Objects (ADO).

Relational Database Components

1. Data definition language (DDL): Defines the structure and schema of the database. The structure could mean the table size, key placement, views, and data element relationship. The schema describes the type of data that will be held and manipulated, and their properties. It defines the structure of the

database, access operations, and integrity procedures.

2. Data manipulation language (DML): Contains all the commands that enable a user to view, manipulate, and use the database (view, add, modify, sort, and delete commands).

3. Query language (QL):  Enables users to make requests of the database.

4. Report generator:  Produces printouts of data in a user-defined manner.

Database integrity

1. Semantic integrity:makes sure structural and semantic rules are enforced. These rules pertain to data types, logical values, uniqueness constraints, and operations that could adversely affect the structure of the database.

2. Referential integrity:all foreign keys reference existing primary keys.

3. Entity integrity: guarantees that the tuples are uniquely identified by primary key values.

two-phase commit

In transactional processes, many times a transaction will require that more than one database be updated during the process. The databases need to make sure each database is properly modified, or no modification takes place at all. When a database change is submitted by the user, the different databases initially store these changes temporarily. A transaction monitor will then send out a “pre-commit” command to each database. If all the right databases respond with an acknowledgment, then the monitor sends out a “commit” command to each database.

Polyinstantiation

enables a table that contains multiple tuples with the same primary keys, with each instance distinguished by a security level.

Tunneling Virus

attempts to install itself “under” the antivirus program. When the antivirus goes around doing its health check on critical files, file sizes, modification dates, and so on, it makes a request to the operating system to gather this information. Now, if the virus can put itself between the antivirus

and the operating system, when the antivirus sends out a command (system call) for this type of information, the tunneling virus can intercept this call. Instead of the operating system responding to the request, the tunneling virus responds with information that indicates that everything is fine and healthy and that there is no indication of any type of infection.