A Resource Perspective on Cloud Software Security RequirementsApproaching software security requirements derivation from a resource perspective provides an effective method for addressing cloud software security requirements. In their April 1995 paper “SMART Requirements” (www.win.tue.nl/~wstomv/edu/2ip30/references/smart-requirements.pdf), Mike Mannion and Barry Keepence of Napier University, Edinburgh, U.K., take this approach by defining the following SMART basic properties that requirements should possess:Specific— The requirement should be unambiguous and direct. Mannion and Keepence defi ne this characteristic as being clear, consistent, and simple. Measurable— The requirement should be measurable to ensure that it has been met. Attainable— The system must be able to exhibit the requirement under the specified conditions.Realizable— The requirement must be achievable under the system and project development constraints. Traceable— The requirement should be traceable both forward and backward throughout the development life cycle from conception through design, implementation, and test. Source: Information Assurance Technology Analysis Center (IATC), Data and Analysis Center for Software (DACS), “State-of-the-Art Report,” July 31, 2007.76 Chapter 3 Cloud Computing Software Security FundamentalsThe Open Web Application Security Project (OWASP) has modified the SMART acronym (www.owasp.org/index.php/Document_security-relevant_requirements) to be SMART+ requirements. These requirements, taken from the OWASP website, are as follows: Specific— Requirements should be as detailed as necessary so there are no ambiguities.Measurable— It should be possible to determine whether the requirement has been met, through analysis, testing, or both. Appropriate— Requirements should be validated, thereby ensuring both that they derive from a real need or demand and that different requirements would not be more appropriate. Reasonable— While the mechanism or mechanisms for implementing a requirement need not be solidifi ed, one should conduct some validation to determine whether meeting the requirement is physically possible, and possible given other likely project constraints. Traceable— Requirements should also be isolated to make them easy to track/validate throughout the development life cycle. Goal-Oriented Software Security RequirementsAnother complementary method for performing cloud software security requirements engineering is a goal-orientedparadigm in which a goal is a software objective. The types of goals that are targeted are functional goals, nonfunctional goals, security robustness, and code correctness. As Axel van Lamsweerde, Simon Brohez, Renaud De Landtsheer, and David Janssens write in “From System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering,” “A goal is a prescriptive statement of intent about some system (existing or to-be) whose satisfaction in general requires the cooperation of some of the agents forming that system. Agents are active components such as humans, devices, legacy software or softwareto-be components that play some role towards goal satisfaction. Goals may refer to services to be provided (functional goals) or to quality of service (nonfunctional goals).”8One implementation of goal-oriented requirements engineering is the nonfunctional requirements (NFR) framework,9which provides a basis for determining if a goal has been satisfied through meeting lower-level goals. Nonfunctional requirements include characteristics of a software system such as reliability, performance, security, accuracy, costs, reliability, and maintainability. According to Goertzel and Winograd et al., these requirements should specify the following:10Chapter 3 Cloud Computing Software Security Fundamentals 77Properties the software must exhibit (e.g., its behavior must be correct and predictable; it must remain resilient in the face of attacks)Required level of assurance or risk-avoidance of individual security functions and constraintsControls and rules governing the processes by which the software will be built, deployed, and operated (e.g., it must be designed to operate within a virtual machine, and its source code must not contain certain function calls)Goertzel and Winograd et al. also provide an example of a negative nonfunctional requirement as follows: “The software must validate all input to ensure it does not exceed the size specifi ed for that type of input.”A related goal-oriented requirements engineering approach is the MILOS11project methodology for goal-oriented security requirements engineering. The MILOS security model uses generic specification patterns that map to the information system’s properties of confi dentiality, integrity, availability, privacy, authentication, authorization, and nonrepudiation. The security patterns are transformed into goals that are used to develop a correlated “anti-model” that comprises a pattern of “anti-goals” an attacker would use to prevent meeting the specified system security goals. NOTE Cloud software security requirements address necessary attributes for software behavior and limitations on software functionality, whereas cloud software requirements are concerned with necessary software functionality and performance specifications.Monitoring Internal and External RequirementsThe requirements of the information system security policy relative to software assurance should be analyzed to ensure their consistency and correctness. Two types of secure software requirements analysis should be performed:Internal— Necessary in order to ascertain that the requirements are complete, correct, and consistent with the related specification requirements. The analysis should address the following:Security constraints The software’s nonfunctional propertiesThe software’s positive functional requirementsExternal— Necessary to determine the following: The software assurance requirements address the legal regulatory and required policy issues.78 Chapter 3 Cloud Computing Software Security FundamentalsThe nonfunctional security requirements represent a proper decomposition of the system security goals.Software assurance requirements don’t confl ict with system security goals.The software is resilient.Also, in the context of internal and external access to information systems, the issues in Table 3-1 should be considered.Table 3-1:Internal and External Security RequirementsINTERNAL EXTERNA
đang được dịch, vui lòng đợi..