Throughout this course, you will be working on several aspects of a software dev

Question

Throughout this course, you will be working on several aspects of a software development project that will result in a complete software development plan document for a project of your choosing. You will not actually be developing any software, but you will work extensively with the concepts of good software development practices. Additional information and the deliverables for each Individual Project will be provided in the assignment description for the project.

Project Selection

The first step will be to select a project as the target for your software development plan. This project will be used as the basis for each of the assignments throughout the course and should conform to the following guidelines:

Nontrivial: The selected project should be large enough to allow reasonable exercise of the software development planning process.

Domain knowledge: You should be familiar with the organization or software category to allow focus on the planning tasks without significant time required for domain education.

Accessibility: You should have good access to the people and other information related to the organization or software because this will be an important part of the planning process.

Select a software development project that fits these requirements, and submit your proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought within the first several days of the course. Your instructor will tell you how to submit this proposal and what notification will be given for project approval.

Assignment:

For the assignments in this course, you will not be implementing the actual software project, but rather, you will be developing a comprehensive software development plan document. Your first task in this process will be to select a project to use as the basis of your design. You will also create the shell document for the final project deliverable that you will be working on during each unit. As you proceed through each project phase, you will add content to each section of the final document to gradually complete the final project delivery.

The project requires that you do the following:

Submit the project proposal to your instructor for approval.

Software Development Plan Document Shell

Use Word

Title Page

Course number and name

Project name

Student name

Date

Table of Contents

Use auto-generated TOC

Separate page

Maximum of 3 levels deep

Be sure to update the fields of the TOC so it is up-to-date before submitting your project.

Section Headings (Create each heading on a new page with TBD as content except for sections listed under New Content below.)

Project Outline

Planning

Analysis

Design

Quality Assurance

Implementation

Maintenance

New Content

Project Outline

Briefly describe the project.

Include a list of the major goals and constraints for the project.

Material can be taken from approved proposal submitted to instructor.

Be sure this project is approved by the instructor.

Planning

Identify the stakeholders for the project.

Identify the tools required for the project and how they will be used.

Identify the software development life cycle model that will be used for the project, including justification of the selection.

Identify the major phases of the project, and illustrate how they fit in the selected development model.

Name the document "yourname_ITSD422_IP1.doc.

Explanation / Answer

Ans;

Security of Operating Systems Most modern information computer systems provide concurrent execution of multiple applications in a single physical computing hardware (which may contain multiple processing units). Within such a multitasking, time-sharing environment, individual application jobs share the same resources of the system, e.g., CPU, memory, disk, and I/O devices, under the control of the operating system. In order to protect the execution of individual application jobs from possible interference and attack of other jobs, most contemporary operating systems implement some abstract property of containment, such as process (or task) and TCB (Task Control Block), virtual memory space, file, port, and IPC (Inter Process Communication), etc. An application is controlled that only given resources (e.g., file, process, I/O, IPC) it can access, and given operations (e.g., execution or read-only) it can perform. However, the limited containment supported by most commercial operating systems (MS Windows, various flavors of Unix, etc) bases access decisions only on user identity and ownership without considering additional security-relevant criteria such as the operation and trustworthiness of programs, the role of the user, and the sensitivity or integrity of the data. As long as users or applications have complete discretion over objects, it will not be possible to control data flows or enforce a system-wide security policy. Because of such weakness of current operating systems, it is rather easy to breach the security of an entire system once an application has been compromised, e.g., by a buffer overflow attack. Some examples of potential exploits from a compromised application are [5]: · Use of unprotected system resources illegitimately. For example, a worm program launches attack via emails to all targets in the address book of a user after it gets control in a user account. · Subversion of application enforced protection through the control of underneath system. For example, to deface a Web site by gaining the control of the Web server of the site, say changing a virtual directory in Microsoft IIS.

Gain direct access to protected system resources by misusing privileges. For example, a compromised “sendmail” program running as root on a standard Unix OS will result in super user privileges for the attacker and uncontrolled accesses to all system resources. · Furnish of bogus security decision-making information. For example, spoof of a file handle of Sun’s NFS may easily give remote attackers gaining access to files on the remote file server.

Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 © SANS Institute 2003, As part of GIAC practical repository. Author retains full rights. - 4 - It is not possible to protect against malicious code of an application using existing mechanisms of most commercial operating systems because a program running under the name of a user receives all of the privileges associated with that user. Moreover, the access controls supported by the operating systems are so coarse – only two categories of users: either completely trusted super users (root) or completely un-trusted ordinary users. As the result, most system services and privileged applications in such systems have to run under root privileges that far exceed what they really needed. A compromise in any of these programs would be exploited to obtain complete system control

most current operating systems provide discretionary access control, that is, someone who owns a resource can make a decision as to who is allowed to use (access) the resource. Moreover, because the lack of built-in mechanisms for the enforcement of security policies in such systems, the access control is normally a one-shot approach: either all or none privileges are granted, rarely supporting the “principle of least privilege” (without limiting the privileges a program can inherit based on the trustworthiness). The basic philosophy of discretionary controls assumes that the users and the programs they run are the good guys, and it is up to the operating system to trust them and protect each user from outsiders and other users. Such perception could be extremely difficult to hold true and no longer be considered as secure enough for computer systems of “information era” with broad connectivity through the Internet and heavily commercialization of e-commerce services. Systems with stronger security and protection will require evolving from the approach of discretionary control towards the concept of mandatory (non-discretionary) control where information is confined within a “security perimeter” with strict rules enforced by the system about who is allowed access to certain resources, and not allow any information to move from a more secure environment to a less secure environment. Some of basic criteria or requirements of a secure operating system are discussed below.

Mandatory security – a built-in mechanism or logic within the operating system (often called system security module or system security administrator) that implements and tightly controls the definition and assignment of security attributes and their actions (security policies) for every operation or function provided by the system. Generally, a mandatory security will require: · A policy independent security labeling and decision making logics. The operating system implements the mechanism, whereas the users or applications are able to define security policies. · Enforcement of access control for all operations. All system operations must have permission checks based on security labeling of the source and target objects. Such enforcement requires controlling the propagation of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted access rights, etc. · The main security controls include permission or access authorization, authentication usage, cryptographic usage, and subsystem specific usage, etc.

7 - Trusted path – a mechanism by which a trustworthiness relationship is established among users and application software so that: · A user or application may directly interact with trusted software, which can only be activated by either user or trusted software · Mutually authenticated channel is needed to prevent impersonation of either party. · The mechanism must be extensible to support subsequent addition of trusted applications. Support of diverse security policies – traditional MAC mechanisms (such as the multi-level security – MLS [8]) are usually based its security decisions strictly on security clearances for subjects and security labels for objects (see Section 3), and are normally too restricted to serve as a general security solution. A secure architecture requires flexibility for support of a wide variety of security policies: · Separation of security policy logic from the mechanism of policy enforcement, so that a system can support diverse security policies. · Support for policy definition and policy changes with well-defined policy interfaces and formats. · Provide of default security behavior of the system so that to maintain tight system security without requiring detailed system configuration. Assurance – a process or methodology to verify the design and implementation of the system that should actually behave as it claims to be and meet the security requirements:

The process generally involves two elements, (i) statement of the security properties a system is claimed to satisfy; and (ii) some kind of argument or evidence that the system does satisfy those properties. · The structure of such systems normally requires a small security kernel or module so that the system behavior would relatively easy be verified. · One of the concerns for a secure operating system is the so-called covert channels, which are the means to circumvent the security barrier enforced by the system in prevention of passing information from one security domain to a less secure domain. For example, one possible covert channel is a “timing channel”, where a Trojan horse program alternately loops and waits, in cycles of, say one minute per bit, and a program outside the perimeter that constantly tests the loading of the system may sense the information the Trojan horse intended to send. There is no general way to prevent all covert channels. It is more practical to introduce enough noise or reduce the bandwidth of such channels in the system so that they won’t be useful to an intruder. The efforts for the development of secure operating systems can be dated to the earlier days of operating system development (e.g., Multics and Hydra

With the rapid growth of Internet connectivity and e-commerce, recent development of secure operating systems spreads from traditional focus of defense or military related systems to more general commercial systems. As a case study, next section presents detailed discussions of a publicly available secure system from National Security Agency (NSA)

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.