SA_2015_10(Desing-2).ppt

Resisting Attacks Limit access. Firewalls restrict access based on message source or destination port. Detecting Attacks The detection of an attack is usually through an intrusion detection system（入侵检测系统）. The traffic pattern is compared to historic patterns of known attacks. The packets must be filtered in order to make comparisons. Filtering can be on the basis of protocol, TCP flags, payload sizes, source or destination address, or port number. Sensor to detect attacks, managers to do sensor fusion, databases for storing events for later analysis, tools for offline reporting and analysis, and a control console so that the analyst can modify intrusion detection actions. Recovering from Attacks Restoring state Same as availability since they are both concerned with recovering a consistent state from an inconsistent state. Maintaining redundant copies of system administrative data such as passwords, access control lists, domain name services, and user profile data. Attacker identification Maintain an audit trail（审计跟踪）. An audit trail is a copy of each transaction applied to the data in the system together with identifying information. Summary of Tactics for Security Testability Tactics The goal of tactics for testability is to allow for easier testing when an increment of software development is completed. Providing input and capturing output Internal monitoring 可测试性的一般场景 源：该测试由单元测试人员、集成测试人员、系统测试人 员或客户执行。可由其他开发人员或外部小组执行设计测试。 激励： 到达了开发过程中的一个里程碑。 制品： 设计过程、一段代码或整个系统。 环境： 测试可以在设计时、开发时、编译时或部署时进行。 响应： 由于可测试性与可观察性和可控制性相关，因此所期望的响应就是可以控制系统以执行所期望的测试，并可以观察到对每个测试的响应。 响应度量： 在某些测试中执行的语句的百分比。最长测试链的长度（执行测试的困难的度量）以及对发现额外的缺陷的可能性的估计。 Input / Output Record/playback Record/playback refers to both capturing information crossing an interface and using it as input into the test harness（测试装置）. The information crossing an interface during normal operation is saved in some repository and represents output from one component and input to another. Separate interface