Problem:
Consider a mobile phone app that you own. First describe the app briefly and then list at least three to five security risks.
Answer:
There are different mobile apps available on different phones. A user can download any app on his mobile according is his/her wish. One such app download by users is their bank’s app that makes there account, its information and transactions at their fingertips. Users can download the respective bank’s app and user their credentials to access their account information. They can also make several transactions through the app itself. However using a banking application can have several security risks listed below:
• The username and password needed to access account information on a mobile app can be saved maliciously by the developers of the application. Once these credentials are available to a third person, the account is at high risk.
• The mechanism used for carrying out transactions may not be secure. The data passed to the network can be manipulated by hackers.
• There is no guarantee of the encryption algorithm for encrypting account information when online requests are made. This makes sensitive information vulnerable to theft.
• The compromised account can be used for unethical activities.
• The whole amount of money can be transacted to other account and dispersed in no time.
These are different security threats associated with banking mobile apps.
Problem:
Describe a security migration strategy for one of the risks noted in Problem 27.1.
Answer:
There are different mobile apps available on different phones. A user can download any app on his mobile according is his/her wish. One such app download by users is their bank’s app that makes there account, its information and transactions at their fingertips. Users can download the respective bank’s app and user their credentials to access their account information. They can also make several transactions through the app itself. However using a banking application can have several security risks such as the username and password needed to access account information on a mobile app can be saved maliciously by the developers of the application, the mechanism used for carrying out transactions may not be secure, the compromised account can be used for unethical activities etc.
One of the migration strategies that can be used for these risks is to use a one-time-password for allowing a user to make any account level changes. Whenever a user logs into his account, a limited time one-time-password can be sent to his mobile phone without which the account access on the app will not proceed further. This way even if the account has been compromised, no one can make any account changes or transactions without the one-time-password which is only available to the account owner. Also it would alert the owner that the account has been compromised because a password to his phone would ring up without his initiative.
Problem:
Identify five attack patterns that may be commonly used to attack web apps.
Answer:
With the growing number of web applications, the types of attacks on them are also growing. Some of the attack patterns are given below:
• Input Validation: Most of the web hacks are caused by this attack. This happens when not all expected input fields are validated properly. The hackers attempt to tamper the hidden fields. These attacks are he worst type of attacks but can be avoided with best coding practices.
• SQL Query Poisoning: This is somewhat like an input validation attack. The input fields are extracted from URL and used in SQL queries. The data can be altered to execute SQL queries and compromise the back-end database server.
• Source Code Disclosure: Application files in the web app can be retrieved using an unparsed approach. The code is then used to uncover loopholes to destruct the web app.
• Session Hijacking: A lot of web apps are stateful which employ sessions. Sessions keep values specific to each user in a session. The session ID can be reverse engineered to access this user specific data.
• Overflow of Buffers: This attack happens when the upper-lower bounds are poorly checked. It can make the web app crash or even cause a denial of service error to the user.
These are the different types of attack patterns that can be used to attack web apps causing them to loose their performance capabilities.
Problem:
Describe the trust model used on a bidding site such as eBay.
Answer:
A good level of confidence is very important for e-commerce sites such as eBay. A trust model for such a bidding site should have enough confidence between all the involved entities. The trust model should comply with expected behaviour between the entities.
For a bidding website, users bid for a product. The user who is willing to sell a product might put an image of the product and also add a description about its. It would be expected that the product shown in the picture by the owner is of the same product and not some other fancy image. Also the description provided by the owner should be correct listing its good features along with bad features if any. In this manner, the user who bids for the product would have good faith in the product he is willing to buy. Also on the other hand, the owner of the product expects at least a worthy price for his item.
Once a user wins the bid, he makes the payment as required. Assuming that when he receives the product, it is exactly what was described and shown on the website, would build a good trust for users, the seller and the buyer. However if the buyer is not convinced about the quality of the product, he might request for a refund. In this scenario, the buyer should get a refund for maintaining the trust of the buyer in the bidding website and also the seller should be informed as to why his product was returned. Appropriate action can also be taken against regular defaulters in such cases.
Problem:
Describe the security requirements for a cloud-based photo repository.
Answer:
A cloud based repository provides flexible access to data. With this ease of access it imposes added privacy concerns and confidentiality measures. However there are few security requirements for such a repository that saves user data such as photos over a cloud. These security requirements are given below:
• Credential based access: All users should be able to access their accounts using a credential based method. The usernames and passwords should be chosen as a strong combination of alphanumeric and special characters which is hard to decipher.
• Good encryption mechanism: Since the data is accessed by users over the internet, a good encryption mechanism should be used to encrypt data from the repository server to the user and vice-versa.
• Restricted control: The administrators of the cloud repository servers should have strict guidelines and access restrictions.
These are the major security requirements for a photo based cloud repository.
Problem:
What does the same origin policy have to do with trustworthy systems?
Answer:
For trustworthy systems the requirements are assessed in the verification task by using very specific and quantifiable metrics which are based on inspection, testing and analysis techniques. The security test cases should be traceable to the use cases that were developed during the analysis activities.
It is required that an acceptable as well as convincing use case is used to prove the security of the trusted entity. For trustworthy systems, it is important that the users are convinced about the systems ability to prove that it does not have any malicious logic or exploitable vulnerabilities. Also, confidence is necessary for the systems ability to survive if at all it is compromised. This would demonstrate minimum software damage and fast recovery of the system.
Problem:
Use the Internet to determine the annual average cost of single incidence of identity theft to an individual consumer.
Answer: Problem:
Explain some of the problems that might be encountered if you try to address security risk after a system is completed.
Answer:
Once a system is completed, it might be difficult to fix loops for security in the system. It gets difficult but not impossible to protect the system from attacks.
Few of the problems that surface when security risks are addressed after system completion are given below:
• It becomes challenging to fix security risks after system completion as design level changes might be required to fix issues.
• It also adds an extra cost to the project.
• All threats may not be correctly identified and lead to system failure risks.
• Valuable information can be at the risk of potential loss because of system security loop holes.
• The estimation of loss to exposure might be much more after a system is completed than before.
• Addressing security concerns at the end of the product cycle might demand component and architectural changes which are a disastrous step for project.
• Security assurance is also missing which means that even if security concerns are addressed after system completion, it may not guarantee proper security fixes.
These are few of the problems that arise when risks related to security are addressed after system completion. Thus it is always advisable to identify risks and develop a mitigation plan. Security assurance should be performed as the system is being constructed.
Problem:
Use the Internet to find the details needed to create a phishing attack pattern.
Answer: Problem:
Compute the annual loss expectancy (ALE) for the loss of a data server whose replacement value is $30,000, the occurrence of loss of data due to hacking is 5 percent annually, and the potential loss is $20,000.
Answer:
Annual Loss Expectancy or ALE is calculated by obtaining the product of the occurrence and potential loss. Here, the data loss occurrence is 5% and the potential loss is $20000. Thus ALE can be calculated as:
ALE = 5% * 20000
= 1000
Therefore, the ALE for this asset is $1000.
Solution: Chapter 27: SECURITY ENGINEERING
27.1 Answers will vary
27.2 Answers will vary.
27.3 Answers will vary. These attack patterns were listed in this chapter: phising, SQL injection, and cross-site scripting.
27.4 The Ebay trust model requires the users to believe that users will deliver purchased goods once payment is received. Buyers and sellers rate each other on their reliability. After many such ratings trusted individuals may be identified by the strength of their reating.
27.5 Answers will vary based on the nature of the date stored in the cloud repositrory.
27.6 The same origin policy permits scripts running on pages originating from the same site to access to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages from different sites.
27.7 Answers will vary.
27.8 Security concerns must be considered at the beginning of the software process, built into the software design, implemented as part of coding, and verified during testing and deployment. Like other dimensions of software quality it is not possible to add it to a completed system without rebuilding the system.
29.9 Answers will vary, but should include the notion that a trusted source is spoofed to get users to enter personal information details.
27.10 ALE = (0.05 * $20,000) = $1,000