Managing Software Security: Motorola vision

1
Managing Software Security Motorola vision

• Motorola, St. Petersburg Software Center

Alexander Babkin Manager, Software Engineering
Technology Group Yelena BelyayevaProcess
Engineer
2
Why Security?

• Security - vital part of Quality
• The quality of a system is governed by the
  quality of the process used to develop it.

• Deliver secure software in the products
• Embed security practices and measures across the
  whole software development life cycle
• Integrate security, like quality, into the very
  core of how software is developed

3
Motorola Secure Software Development Model

• Is an internally developed model describing the
  companys approach to security integration
• Provides an ability to assess compliance to the
  secure software development practices
• Allows the flexibility to choose the area of
  improvement
• Is organized like CMMI model

4
MSSDM Structure1

• Covers the following sets of practices
• Engineering
• Management
• Support
• Comprises Process Areas

5
5
MSSDM Structure2
6
MSSDM Structure3
7
Security at Coding Phase1
Design Phase Outputs
Testing Phase Inputs
Coding Phase

• Use of Coding Standards
• Running Static Analyzer tool
• Inspections

traditional coding process activities
8
Security at Coding Phase1
Design Phase Outputs
Testing Phase Inputs
Coding Phase

• Use of Coding Standards with Security
  Requirements
• Running Static Analyzer tool with Security
  Extensions (e.g. Klocwork)
• Security Inspections

process activities with security
9
Coding Standards with Security Requirements

• Security requirements added to coding style
  standards to facilitate secure coding
• Based on materials from CLASP and FSC Internet
  Corp.
• Compliance must be evaluated during code
  inspections

10
Static Analyzer tool with Security Extensions

• Types of Security Faults detected by Static
  Analyzer Tool
• Access problems
• improper sequencing
• least privilege
• time of creation time of use problems
• Buffer overflow
• DNS spoofing
• Ignored return values
• Injection flows
• Insecure storage
• poor randomization
• weak cryptography
• Unvalidated user input

CriticalBuffer overflow, array index of
'buffer' may be outside the bounds. Array
'buffer' of size 5 declared at line 22 may use
index values 0..15 Criticalfunction 'strcpy'
does not check buffer boundaries but outputs to
buffer 'buffer' of fixed size (5)
11
Security Inspections

• Traditional Inspection process extended with
  security process elements
• Security Faults detected by Static Analyzer Tool
  have been fixed BEFORE the Inspection
• Report from running Static Analyzer Tool is an
  input for Inspection
• Security Inspector Role introduced
• To ensure compliance with Security Coding
  Standards
• All false-positives security faults must be
  approved by Security Specialists
• Experiences experts outside project boundaries

12
Security Model Assessments

• Assessment approach is similar to CMMI Appraisals

13
Next steps

• Deployment of security model for Requirements,
  Design and Testing processes
• Further refinement and analysis of Security
  Metrics
• Formal process assessments on Security Models
• Keep on collaboration with Software Engineering
  Institute on inclusion of security practices in
  new versions on CMMI

14

• Thank you!
• QUESTIONS?