SecurityArena

This domain examines the security components within operating systems and applications and how to best develop and measure their effectiveness. This domain looks at software life cycles, change control, and application security.

Functionality vs Security

Computer applications and systems are usually developed with functionality as a primary consideration, not the security. Therefore in real life environments, we need to use additional perimeter devices rather than relying only on software intrinsic security measures.

Because vendors have user-friendliness and user functionality in mind, the product will usually be installed with defaults that provide no or very low security protection. It would be very hard for vendors to know the security levels required in all the environments that the product will be installed in, so they usually do not attempt it. It is up to the person installing the product to learn how to properly configure the settings to achieve the necessary level of protection.

Database Management System (DBMS)

A database management system (DBMS) is a suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. It also enforces access control restrictions, provides data integrity and redundancy, and sets up different procedures for data manipulation.

Types of databases:

Important Database terms

Database Models

A model provides a formal method of representing data in a conceptual form and provides the necessary means of manipulating the data held within the database. Most database systems are built around one particular data model, although it is increasingly common for products to offer support for more than one model. For any one logical model various physical implementations may be possible, and most products will offer the user some level of control in tuning the physical implementation, since the choices that are made have a significant effect on performance.

Relational data Model

The relational model was introduced by E. F. Codd in 1970 as a way to make database management systems more independent of any particular application. It is a mathematical model defined in terms of predicate logic and set theory.
A relational data model uses attributes (columns) and tuples (rows) to contain and organize data. The relational model is the most widely used. It presents information in the form of two dimensional tables. Each table contains unique rows, columns, and cells. A primary key is a field that links all the data within a record to a corresponding value. Following are important properties of relational tables:

Hierarchical data model

A hierarchical data model combines records and fields that are related in a logical tree structure. The tree structure contains branches, and each branch has a number of leaves, or data fields. These databases have well-defined, pre specified access paths, but they are not as flexible in relating information as a relational database. Hierarchical databases are useful for mapping one-to-many relationships. One limitation of the hierarchical model is its inability to efficiently represent redundancy in data. LDAP uses hierarchical data model.

Distributed data model

A distributed data model has data stored in more than one database, but it is logically connected. Different databases may live at different places on a network or reside in totally different networks. Because they are logically connected, the users see the database as one full entity, instead of several entities. When users access data, they do not need to know which database they are accessing; one database may transfer a user to another database, which is transparent to the user.
This model enables different databases to be managed by different administrators, although one person or group must manage the entire logical database. This may be useful if each database contains information that is specialized, but the complexity of load balancing, fault tolerance, and shifting of users is quite high.

Object-oriented database

An object-oriented database is designed to handle a variety of data (images, audio, documents, video). An object-oriented database is more dynamic in nature than a relational database, because objects can be created when needed and the data and procedure go with the object when it is requested.
OODB have the characteristics of ease of reusing code and analysis, reduced maintenance and an easier transition from analysis of the problem to design and implementation. Its main disadvantages are a steep learning curve and high overhead of hardware and software required for development and operation.

Databases need some type of interface and communication mechanism. These include:

Relational Database Components

Databases employ various programming languages:

Structured Query Language (SQL)

It is a Query Language, which offers three classes of operators: select, project, and join.

Most commercial implementations of SQL do not support a project operation, instead projections are achieved by specifying the columns desired in the output.  This is why the Project operator is not well known as it is fading away from most databases.

Normalization

Normalization is the process of efficiently organizing data in a database. There are two goals of the normalization process: eliminating redundant data (for example, storing the same data in more than one table) and ensuring data dependencies make sense (only storing related data in a table). Both of these are worthy goals as they reduce the amount of space a database consumes and ensure that data is logically stored.
Normalizing data in the database consists of three steps:

Normal Forms

In practical applications, you'll often see 1NF, 2NF, and 3NF along with the occasional 4NF. Fifth normal form is very rarely seen.
First Normal Form (1NF) It sets the very basic rules:

Second Normal Form (2NF) It addresses the concept of removing duplicative data:

Third Normal Form (3NF)

Fourth Normal Form (4NF)

Remember, these normalization guidelines are cumulative. For a database to be in 2NF, it must first fulfill all the criteria of a 1NF database.

Integrity

(--ar--)

Database Security Controls

Cell suppression – It is a technique used to hide specific cells that contain information that could be used in inference attacks.
Partitioning – It involves dividing the database into different parts, which makes it much harder for an unauthorized individual to find connecting pieces of data that can be brought together and other information that can be deduced or uncovered.
Noise and perturbation – It is a technique of inserting bogus information in the hope of misdirecting an attacker or confusing the matter enough that the actual attack will not be fruitful.
Database views – Views permit one group or a specific user to see certain information, while restricting another group from viewing it altogether.
Poly instantiation – This feature enables a relation to contain multiple tuples with the same primary keys with each instance distinguished by a security level.

Content-dependents access control - Looks at the content of a file when it makes an access control decision. This type of access control increases processing overhead, but it provides higher granular control.
Online transaction processing (OLTP) - OLTP is usually used when databases are clustered to provide fault tolerance and higher performance using load balancing. When there is more than one database, it is important that they all contain the same information. OLTP records transactions in a distributed environment as they occur (in real time). It is a two-phase commit service: It will make sure that a transaction is not complete until all databases receive and reflect a change. This complexity of distributed environment can introduce many integrity threats, for which DBMS should implement following features (ACID test):

Data Warehousing

Data warehousing combines data from multiple databases or data sources into a large database for the purpose of providing more extensive information retrieval and data analysis. Related data is summarized and correlated before it is presented to the user. Instead of having every piece of data presented, the user is given data in a more abridged form that best fits her needs.
Although this provides easier access and control, because the data warehouse is in one place, it also requires more stringent security. If an intruder were to get into the data warehouse, he could access all of the company’s information at once.

Data Mining

Data mining is the process of massaging the data held in the data warehouse into more useful information. Data-mining tools are used to find an association and correlation in data to produce metadata.
To use a simple analogy, it's finding the proverbial needle in the haystack. In this case, the needle is that single piece of intelligence your business needs and the haystack is the large data warehouse you've built up over a long period of time.
Data mining is also known as knowledge discovery in database (KDD), and is a combination of techniques to identify valid and useful patterns. These techniques include:

MetaData
Metadata provides context for data. It is used to facilitate the understanding, characteristics, and management usage of data.
Business Intelligence metadata
Business Intelligence is the process of analyzing large amounts of corporate data, usually stored in large databases such as a Data Warehouse, tracking business performance, detecting patterns and trends, and helping enterprise business users make better decisions.
Business Intelligence metadata can be used to understand how corporate financial reports reported to Wall Street are calculated, how the revenue, expense and profit are aggregated from individual sales transactions stored in the data warehouse. A good understanding of Business Intelligence metadata is required to solve complex problems such as compliance with corporate governance standards, such as Sarbanes Oxley (SOX) or Basel II.

Web Services

The term Web services describes a standardized, system independent way of integrating Web-based applications using the XML, SOAP, WSDL and UDDI open standards over an Internet protocol backbone.

Web services' distributed computing model allows application-to-application communication. For example, one purchase-and-ordering application could communicate to an inventory application that specific items need to be reordered. Because of this level of application integration, Web services have grown in popularity and are beginning to improve business processes.
Unlike traditional client/server models, such as a Web server/Web page system, Web services do not provide the user with a GUI. Web services instead share data through a programmatic interface across a network. The applications interface, not the users. Developers can then add the Web service to a GUI (such as a Web page or an executable program) to offer specific functionality to users.

System Development

Security is most effective if it is planned and managed throughout the life cycle of a system or application, versus applying a third-party package as a front end at the end after the development. A security plan should be drawn up at the beginning of a development project and integrated into the functional plan.

Life Cycle Phases

Security is not listed here as an individual bullet point because it should be embedded throughout all phases. Security should be addressed in each phase of system development. Security should not be addressed only at the end of development, because of the added cost, time, and effort and the lack of functionality.
Project initiation

Functional design analysis and planning

System design specifications

Software development

Installation

Maintenance support

Disposal

Functional Design Analysis and Planning

During this phase System Design Specifications / software requirements come from three models:

 Whereas, system security requirements can be derived from several different sources:

System Development Process Models

Waterfall model
The waterfall model is a sequential software development process, in which progress is seen as flowing steadily downwards (like a waterfall) through the phases of Conception, Initiation, Analysis, Design (validation), Construction, Testing and maintenance.
The first formal description of the waterfall model is often cited to be an article published in 1970 by Winston W. Royce (1929–1995).In Royce's original Waterfall model, the following phases are followed in order:

The waterfall model is argued by many to be a bad idea in practice, mainly because of their belief that it is impossible, for any non-trivial project, to get one phase of a software product's lifecycle perfected before moving on to the next phases and learning from them.
Sashimi model
The sashimi model (so called because it features overlapping phases, like the overlapping fish of Japanese sashimi) was originated by Peter DeGrace. It is sometimes referred to as the "waterfall model with overlapping phases" or "the waterfall model with feedback".
Iterative Model
With Iterative Development, the project is divided into small parts. This allows the development team to demonstrate results earlier on in the process and obtain valuable feedback from system users. Often, each iteration is actually a mini-Waterfall process with the feedback from one phase providing vital information for the design of the next phase.
Prototyping
The Prototyping Model was developed on the assumption that it is often difficult to know all of your requirements at the beginning of a project. Typically, users know many of the objectives that they wish to address with a system, but they do not know all the nuances of the data, nor do they know the details of the system features and capabilities. The Prototyping Model allows for these conditions, and offers a development approach that yields results without first requiring all information up-front.
Prototyping is comprised of the following steps:

The Exploratory Model
In some situations it is very difficult, if not impossible, to identify any of the requirements for a system at the beginning of the project. Theoretical areas such as Artificial Intelligence are candidates for using the Exploratory Model, because much of the research in these areas is based on guess-work, estimation, and hypothesis. In these cases, an assumption is made as to how the system might work and then rapid iterations are used to quickly incorporate suggested changes and build a usable system. A distinguishing characteristic of the Exploratory Model is the absence of precise specifications. Validation is based on adequacy of the end result and not on its adherence to pre-conceived requirements.
Spiral Model
The spiral model is actually a meta-model that incorporates a number of the software development models. The spiral model is a software development process combining elements of both design and prototyping-in-stages, in an effort to combine advantages of top-down and bottom-up concepts. Also known as the spiral lifecycle model, it is a systems development method (SDM) used in information technology (IT). This model of development combines the features of the prototyping model and the waterfall model. The spiral model is intended for large, expensive and complicated projects.

Verification vs Validation

Verification

It is testing to confirm that the system, subsystem or component meets documented requirements or specifications levied on the design. Verification is usually an internal quality process of determining compliance with a regulation, standard, or specification.

Validation

In engineering or as part of a quality management system, validation confirms that the needs of an external customer or user of a product, service, or system are met.

An easy way of recalling the difference between validation and verification is that validation is ensuring "you built the right product" and verification is ensuring "you built the product as intended." Validation is confirming that it satisfies stake holder's or user's needs.

Certification vs Accreditation
Certification deals with testing and assessing the security mechanism in a system, while accreditation pertains to the management formally accepting the system and its security level.

Separation of Duties in System Development

Different environmental types (development, testing, and production) should be properly separated, and functionality and operations should not overlap. Developers should not have access to code used in production. The code should be tested, submitted to the library, and then sent to the production environment.
Backdoor or Maintenance hook
Sometimes developers enter lines of code in a product that will allow them to do a few keystrokes and get right into the application. This allows them to bypass any security and access controls so that they can quickly access the application’s code. This is referred to as a “backdoor” or “maintenance hook” and should be removed before the code goes into production.

Configuration management

Configuration management refers to the procedures that are used to carry out changes that affect the network, individual systems, or software:

Changes must be authorized, tested and recorded. The changes must not affect the security level of the system or its capability to enforce the security policy. Change control should be evaluated during system audits.
Change control sub-phases

Change control steps
Necessary steps for a change control process are:

The changes to systems may require another round of certification and accreditation.
If the changes to a system are significant, then the functionality and level of protection may need to be reevaluated (certified), and management would have to approve the overall system, including the new changes (accreditation).