1 / 14

CS 5150 Software Engineering Lecture 18

CS 5150 Software Engineering Lecture 18. Security & Privacy. Administrivia. Quiz 2 grading almost done Milestone 3 in less than 2 weeks. SE in the News. Modeling Dynamic Aspects of Systems.

haile
Download Presentation

CS 5150 Software Engineering Lecture 18

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 5150Software EngineeringLecture 18 • Security & Privacy

  2. Administrivia • Quiz 2 grading almost done • Milestone 3 in less than 2 weeks

  3. SE in the News

  4. Modeling Dynamic Aspects of Systems • Interaction diagrams: set of objects and their relationships including messages that may be dispatched among them • Sequence diagrams: time ordering of messages

  5. Interaction: Informal Bouncing Ball Diagrams

  6. UML Notation for Classes and Objects

  7. Notation: Active Class • An active class is a class whose objects own one or more processes or threads and therefore can initiate control activity. When instantiated, the class controls its own execution, rather than being invoked or activated by other objects.

  8. Sequence Diagram: Painting Mechanism

  9. Core Security Technologies • Authentication and authorization • Firewalls • Encryption

  10. Authentication and Authorization • Authentication establishes the identity of an agent: • What does the agent know (e.g., password)? • What does the agent possess (e.g., smart card)? • Where does the agent have physical access to (e.g., crt-alt-del)? • What are the physical properties of the agent (e.g., fingerprint)? • Authorization establishes what an authenticated agent may do: • Access control lists • Group membership

  11. Firewalls

  12. Encryption • Allows data to be stored and transmitted securely, even when the bits are viewed by unauthorized agents and the algorithms are known. • Private key and public key • Digital signatures

  13. Attack Model • Rigorous security engineering must be based on an attack model • Who is the expected attacker? • Why are they interested in attacking the system? • How do you expect them to attack the system? • What are the consequences of a successful attack? • In safety-critical systems, attack models should be part of the earliest phases of the project

  14. CWE Top-25 • http://cwe.mitre.org/top25/index.html

More Related