tailieunhanh - Lecture Software engineering: Chapter 13 – Security Engineering

Chapter 13 – Security Engineering. In this chapter, the following content will be discussed: Quality dimensions, testing strategy, content testing, database testing, user interface testing. | Chapter 13 – Security Engineering Chapter 13 Security Engineering 1 12/11/2014 Topics covered Security and dependability Security and organizations Security requirements Secure systems design Security testing and assurance Chapter 13 Security Engineering 2 12/11/2014 Security engineering Tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer-based system or its data. A sub-field of the broader field of computer security. Chapter 13 Security Engineering 3 12/11/2014 Security dimensions Confidentiality Information in a system may be disclosed or made accessible to people or programs that are not authorized to have access to that information. Integrity Information in a system may be damaged or corrupted making it unusual or unreliable. Availability Access to a system or its data that is normally available may not be possible. 12/11/2014 Chapter 13 Security Engineering 4 Security levels Infrastructure security, which is concerned with maintaining the security of all systems and networks that provide an infrastructure and a set of shared services to the organization. Application security, which is concerned with the security of individual application systems or related groups of systems. Operational security, which is concerned with the secure operation and use of the organization’s systems. 12/11/2014 Chapter 13 Security Engineering 5 System layers where security may be compromised Chapter 13 Security Engineering 6 12/11/2014 Application/infrastructure security Application security is a software engineering problem where the system is designed to resist attacks. Infrastructure security is a systems management problem where the infrastructure is configured to resist attacks. The focus of this chapter is application security rather than infrastructure security. Chapter 13 Security Engineering 7 12/11/2014 System security management User and permission management Adding . | Chapter 13 – Security Engineering Chapter 13 Security Engineering 1 12/11/2014 Topics covered Security and dependability Security and organizations Security requirements Secure systems design Security testing and assurance Chapter 13 Security Engineering 2 12/11/2014 Security engineering Tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks that are intended to damage a computer-based system or its data. A sub-field of the broader field of computer security. Chapter 13 Security Engineering 3 12/11/2014 Security dimensions Confidentiality Information in a system may be disclosed or made accessible to people or programs that are not authorized to have access to that information. Integrity Information in a system may be damaged or corrupted making it unusual or unreliable. Availability Access to a system or its data that is normally available may not be possible. 12/11/2014 Chapter 13 Security Engineering 4 Security levels .