Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

SQUARE Overview Nancy R. Mead, SEI © 2009 Carnegie Mellon University

advertisement 
SQUARE Overview
Nancy R. Mead, SEI
nrm@sei.cmu.edu
© 2009 Carnegie Mellon University
About the Speaker
Nancy Mead is a senior member of the technical staff in
the CERT Program at the Software Engineering Institute
(SEI). Mead is also a faculty member in the Master of
Software Engineering and Master of Information
Systems Management programs at Carnegie Mellon
University. Her research interests are in the areas of
information security, software requirements engineering,
and software architectures.
She has more than 100 publications and invited
presentations. She is a Fellow of the Institute of
Electrical and Electronic Engineers, Inc. (IEEE) and is
also a member of the Association for Computing
Machinery (ACM). Dr. Mead received her PhD in
mathematics from the Polytechnic Institute of New York,
and received a BA and an MS in mathematics from New
York University.
© 2007 Carnegie Mellon University
2
Contents
•Background
(Requirements Engineering)
•SQUARE
Methodology
•SQUARE
Steps
•SQUARE
for Acquisition (A-SQUARE)
•Conclusion
•Future
(Duration and Outcome)
Work
•Questions
Security QUAlity Requirements Engineering
SQUARE
© 2007 Carnegie Mellon University
3
Background
Requirements Engineering issues
© 2006 Carnegie Mellon University
Requirements Engineering Issues
RE defects cost up to 200 times more once fielded than if
caught in requirements engineering.
Reworking defects consumes >50% of project effort.
>50% of defects are introduced in requirements engineering.
Errors in requirements engineering are costly!
© 2007 Carnegie Mellon University
5
Requirements Problems
Requirements identification may not include relevant
stakeholders.
Requirements analysis may or may not be performed.
Requirements specification is typically haphazard.
© 2007 Carnegie Mellon University
6
Effects of Requirements Problems
Bad requirements cause projects to
• exceed schedule
• exceed budget
• have significantly reduced scope
• deliver poor-quality applications
• deliver products that are not significantly used
• be cancelled
© 2007 Carnegie Mellon University
7
Security Requirements
•
Address security in a particular application
•
Are often ignored in the requirements elicitation process
•
Incur high costs when incorporated later
•
Must be addressed early - SQUARE
© 2007 Carnegie Mellon University
8
SQUARE Methodology
What is it? Who is involved?
© 2007 Carnegie Mellon University
9
SQUARE
Developed by the Networked Systems Survivability
program at the SEI, Carnegie Mellon University
Stepwise methodology for
eliciting, categorizing, and prioritizing
security requirements for
information technology systems and applications
Security requirements are quality attributes.
© 2007 Carnegie Mellon University
10
SQUARE
Who is involved ?
– stakeholders of the project
– requirement engineers with security expertise
In the SQUARE approach, security requirements are
– treated as add-ons to the system's functional
requirements, but
– carried out in the early stages
– specified in similar ways as software requirements
engineering and practices
– carried out through a process of nine discrete steps
© 2007 Carnegie Mellon University
11
SQUARE Steps
The Nine Steps
© 2007 Carnegie Mellon University
12
SQUARE Steps
1. Agree on definitions.
2. Identify assets and security goals.
3. Develop artifacts to support security
requirements definition.
4. Assess risks.
5. Select elicitation technique(s).
6. Elicit security requirements.
7. Categorize requirements.
8. Prioritize requirements.
9. Inspect requirements.
© 2007 Carnegie Mellon University
13
Step 1
1
2
3
4
5
6
7
8
9
Def.
Goals
Artifacts
Risk
Technique
Elicit
Categorize
Prioritize
Inspect
Agree on Definitions
• Requirements engineers and stakeholders
agree on a set of definitions.
• Process is carried out through interviews.
• Exit criteria: documented set of definitions
• Examples: non-repudiation, DoS, intrusion, malware
© 2007 Carnegie Mellon University
14
Step 2
1
2
3
4
5
6
7
8
9
Def.
Goals
Artifacts
Risk
Technique
Elicit
Categorize
Prioritize
Inspect
Identify Assets and Security Goals
•Identify assets to be protected in the system
• Goals are required to identify the priority and
relevance of security requirements.
• Security goals must support the business goal.
• Goals are reviewed, prioritized, and documented.
• Exit criteria: one business goal, several security goals
© 2007 Carnegie Mellon University
15
Step 3
1
2
3
4
5
6
7
8
9
Def.
Goals
Artifacts
Risk
Technique
Elicit
Categorize
Prioritize
Inspect
Develop Artifacts
• Collect or create artifacts that will facilitate generation
of security requirements.
• Jointly verify their accuracy and completeness.
• Examples: system architecture diagrams, use/misuse
case scenarios/diagrams, attack trees, templates and
forms
© 2007 Carnegie Mellon University
16
Step 4
1
2
3
4
5
6
7
8
9
Def.
Goals
Artifacts
Risk
Technique
Elicit
Categorize
Prioritize
Inspect
Perform Risk Assessment
• Identify threats to system and its vulnerabilities.
• Calculate likelihood of their occurrence. Classify them.
This will also help in prioritizing requirements later.
• Risk expert might be required.
• Exit criteria: documentation of all threats, their
likelihood and classifications
© 2007 Carnegie Mellon University
17
Step 5
1
2
3
4
5
6
7
8
9
Def.
Goals
Artifacts
Risk
Technique
Elicit
Categorize
Prioritize
Inspect
Select Elicitation Technique
• Select appropriate technique for the number and
expertise of stakeholders, requirements engineers,
and size and scope of the project.
• Techniques: structured/unstructured interviews,
accelerated requirements method (ARM), soft
systems methodology, issue based information
systems (IBIS), Quality Function Deployment
© 2007 Carnegie Mellon University
18
Step 6
1
2
3
4
5
6
7
8
9
Def.
Goals
Artifacts
Risk
Technique
Elicit
Categorize
Prioritize
Inspect
Elicit Security Requirements
(Heart of SQUARE)
• Execute the elicitation technique.
• Avoid non-verifiable, vague, ambiguous requirements.
• Concentrate on what, not how.
Avoid implementations and architectural constraints.
• Exit criteria: initial document with requirements
© 2007 Carnegie Mellon University
19
Step 7
1
2
3
4
5
6
7
8
9
Def.
Goals
Artifacts
Risk
Technique
Elicit
Categorize
Prioritize
Inspect
Categorize Requirements
• Classify requirements into essential, non-essential,
system, software, or architectural constraints.
• Sample table:
System level
Software level
Architectural
constraint
Reqt. 1
Reqt. 2
© 2007 Carnegie Mellon University
20
Step 8
1
2
3
4
5
6
7
8
9
Def.
Goals
Artifacts
Risk
Technique
Elicit
Categorize
Prioritize
Inspect
Prioritize Requirements
• Use risk assessment and categorization results to
prioritize requirements.
• Prioritization techniques: Triage, Win-Win,
Analytical Hierarchy Process
• Requirements engineering team should produce a
cost-benefit analysis to aid stakeholders.
© 2007 Carnegie Mellon University
21
Step 9
1
2
3
4
5
6
7
8
9
Def.
Goals
Artifacts
Risk
Technique
Elicit
Categorize
Prioritize
Inspect
Requirements Inspection
• Inspection aids in creating accurate and verifiable
security requirements.
• Look for ambiguities, inconsistencies, mistaken
assumptions.
• Fagan inspections / peer reviews
• Exit criteria: all requirements verified and documented
© 2007 Carnegie Mellon University
22
SQUARE for Acquisition
(A-SQUARE)
© 2007 Carnegie Mellon University
23
SQUARE for Acquisition (A-SQUARE)
•
Modify SQUARE method for use in acquisition
Resulting method should be consistent with CMMI for
acquisition
•
© 2007 Carnegie Mellon University
24
A-SQUARE: Three Cases
Case 1 – Acquisition organization has typical client role for new
software
Req
Acquisition Org.
Contractor
Case 2 – Acquisition organization does requirements specification
Req
Contractor
Acquisition Org.
Case 3 – Acquisition organization is purchasing COTS software
Acquisition Org.
COTS
© 2007 Carnegie Mellon University
25
A-SQUARE: Case 1
A client–contractor relationship
It is important to have client involvement in
• agreeing on definitions
• identifying security goals
• final review of requirements (new step)
© 2007 Carnegie Mellon University
26
A-SQUARE: Case 1
Acquisition Org. & Contractor
Contractor
1. Agree on definitions.
2. Identify assets and security goals.
3. Develop artifacts to support security
requirements definition.
4. Assess risks.
5. Select elicitation technique(s).
6. Elicit security requirements.
7. Categorize requirements.
8. Prioritize requirements.
9. Inspect requirements.
10. Review of requirements by acquisition
organization
© 2007 Carnegie Mellon University
27
A-SQUARE: Case 2
•
Acquisition organization specifies requirements as
part of RFP
• The original SQUARE should be used by the
acquirer
• The requirements specified will have relatively
high-level security requirements
• Acquisition organization will want to avoid
identifying requirements at a granularity that
will overly constrain the contractor
© 2007 Carnegie Mellon University
28
A-SQUARE: Case 3
•
•
•
•
Security requirements need to be prioritized
together with other requirements when acquiring
COTS software
Do COTS trade-off analysis with security
requirements concern
Need to consider “must have” vs. “nice to have”
security requirements
Reviewing the requirements may help the
acquiring organization to identify important
security requirements
© 2007 Carnegie Mellon University
29
A-SQUARE: Case 3
1. Agree on definitions.
2. Identify security goals.
3. Identify preliminary security requirements.
4. Review COTS specifications.
5. Finalize security requirements.
6. Perform tradeoff analysis.
7. Write final product specification.
© 2007 Carnegie Mellon University
30
Conclusion
© 2007 Carnegie Mellon University
31
Conclusion
•
•
The SQUARE process
• takes about three months calendar time to complete
• has been implemented in several case studies
SQUARE-Lite
– Agree on definitions.
– Identify assets and security goals.
– Perform risk assessment
– Elicit security requirements.
– Prioritize requirements.
SQUARE-Lite has been implemented in one case study
© 2007 Carnegie Mellon University
32
Transition and Future Work
Education
• Tool development
• Broaden experience base
•
© 2007 Carnegie Mellon University
33
Education
Tutorial (overview and details) complete
• Half-day case study complete
• Academic course materials complete and delivered in the
classroom – lectures and instructor notes
• Materials available for download from CERT website
Consider web-based training and/or transition to a training
vendor
•
© 2007 Carnegie Mellon University
34
SQUARE Tool Development
•
SQUARE prototype tool completed and distributed
•
Robust SQUARE tool under development
© 2007 Carnegie Mellon University
35
Broaden Experience Base
SQUARE experience includes case studies with industry
and government users. Current users include several medium
to large companies. There is international interest as well.
•
•
Objective is to broaden industry and government usage.
© 2007 Carnegie Mellon University
36
Additional Resources
“Software Security Engineering: A Guide for Project
Managers” Addison Wesley, available from Amazon
BSI content on requirements engineering
https://buildsecurityin.us-cert.gov/
SQUARE Technical Report – SEI web site
www.sei.cmu.edu/pub/documents/05.reports/pdf/05tr009.pdf
SQUARE Case Study Reports – SEI web site
“Integrating Security and Software Engineering”
IDEA Group Publishing, www.idea-group.com
© 2007 Carnegie Mellon University
37
Questions
?
© 2007 Carnegie Mellon University
38
Related documents
2 question eval form - Carnegie Mellon University
2 question eval form - Carnegie Mellon University
Second Carnegie Mellon Conference in Electric Power Systems:
Second Carnegie Mellon Conference in Electric Power Systems:
Carnegie Mellon University Application for Transfer Credit Masters
Carnegie Mellon University Application for Transfer Credit Masters
The Carnegie Mellon Electricity Industry Center
The Carnegie Mellon Electricity Industry Center
Document10483874 10483874
Document10483874 10483874
Document10605011 10605011
Document10605011 10605011
Download
advertisement