Carl E. Landwehr
ABSTRACT
Systems of programs control more and more of our critical infrastructures. Forty years of system development and research have taught us many lessons in how to build software that is reliable, relatively free of vulnerabilities, and can enforce security policies. Those years of experience seem not to have taught us how to get these lessons put into practice, particularly with respect to security, except in a few specialized places. This essay suggests an approach to capturing what we know in a way that can make a difference in systems on which we all rely.
- Brooks, F. P., Jr. The Mythical Man-Month: Essays on Software Engineering. Addison Wesley, 1975. Google Scholar
Digital Library
- Anderson. J. P., ed. Computer Security Technology Planning Study. ESD-TR-73-51, Vol. II, AFSC Hanscom Field, Bedford, MA, Oct. 1972 p. 62. Available at: http://seclab.cs.ucdavis.edu/projects/history/papers/ande72.pdfGoogle Scholar
- Brunner, J., Shockwave Rider. Harper & Row, 1975. Google ScholarDigital Library
- Shoch, J, and Hupp, J. The "worm" programs -- early experience with distributed computations. CACM 25, 3 (March 1982) 172--180. Google ScholarDigital Library
- Reynolds, J. The helminthiasis of the Internet. Network Working Group RFC 1135m Dec. 1989. Available at: http://www.ietf.org/rfc/rfc1135.txt Google ScholarDigital Library
- Gerrold, David. When HARLIE Was One. Nelson Doubleday, 1972.Google Scholar
- "When HARLIE Was One", Wikipedia article, retrieved 9 Nov. 2013, from http://en.wikipedia.org/wiki/When_HARLIE_Was_OneGoogle Scholar
- Cohen, F. Computer viruses: theory and experiments. Proc. 7th DoD/NBS Computer Security Conference, 1984, 240--263.Google Scholar
- Cheswick. W. R. and Bellovin, S. M. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, Reading, MA, first edition, 1994. Available for personal use at: http://www.wilyhacker.com/1e/ Google ScholarDigital Library
- Harper, R. F The Code of Hammurabi King of Bablyon, University of Chicago Press, 1904, p. 81. Available at: http://upload.wikimedia.org/wikipedia/en/4/4e/The_code_of_Hammurabi.pdfGoogle Scholar
- The Great Fire of London, 1666. Luminarium Encyclopedia Project: http://www.luminarium.org/encyclopedia/greatfire.htmGoogle Scholar
- An Act for Rebuilding the City of London, 1666. Statutes of the Realm, Vol. 5, 1628-80 (1819), J. Raithby, ed. pp 603--612. Available at: http://www.british-history.ac.uk/report.aspx?compid=47390&strquery=Building%20Act#s5Google Scholar
- Regulations for building construction and fire safety, Florilegium Urbanum website. Original source cited as Corporation of London Records Office, Liber Custuarum, f. 52. Translated from Latin, available at: http://users.trytel.com/~tristan/towns/florilegium/community/cmfabr08.htmlGoogle Scholar
- Earthquake's Impact on Building Codes. Multidisciplinary Center for Earthquake Engineering (MCEER), SUNY Buffalo, web page. Available at: http://mceer.buffalo.edu/1906_Earthquake/industry_impacts/impact-building-codes.aspGoogle Scholar
- Birkland, T. A. Lessons of Disaster: Policy Change After Catastrophic Events. Georgetown U. Press, 2006.Google Scholar
- Geschwind, C-H. California Earthquakes: Science, Risk, and the Politics of Hazard Mitigation. Johns Hopkins U. Press, 2001.Google Scholar
- Nelander, B. "The hurricane of 1928: category 4 hurricane scarred Palm Beach," Palm Beach Daily News, June 1, 2008. Retrieved from Internet Archive, http://web.archive.org/web/20080920065230/http://www.palmbeachdailynews.com/news/content/specialsections/HURRICANE1928page.html 7 October 2013.Google Scholar
- "1928 Okeechobee hurricane." Wikipedia article, retrieved 7 October 2013 from: http://en.wikipedia.org/wiki/Okeechobee_Hurricane#cite_note-27Google Scholar
- Bragg, R. "Storm over south Florida building codes." New York Times, May 27, 1999. Retrieved 7 October 2013 from http://www.nytimes.com/1999/05/27/us/storm-over-south-florida-building-codes.htmlGoogle Scholar
- National Bureau of Standards "Investigation of the Kansas City Hyatt Regency Walkways Collapse". US Department of Commerce. (May 1982).Google Scholar
- Perez, A. R. Murrah Federal Office Building. Article in Failures Wiki: Building, Architectural and Civil Engineering Failures and Forensic Practices (overview available at http://failures.wikispaces.com/Home; this article at: http://failures.wikispaces.com/Murrah+Federal+Building.Google Scholar
- Wikipedia entry, "Oklahoma City Bombing," http://en.wikipedia.org/wiki/Oklahoma_City_bombingGoogle Scholar
- Ratay, R. T. "Changes in Codes, Standards and Practices Followign Structural Failures, Part 1: Bridges," STRUCTURE Magazine, Dec. 2010, 16--19.Google Scholar
- Ratay, R. T. "Changes in Codes, Standards and Practices Followign Structural Failures, Part 2: Buildings." STRUCTURE Magazine, April. 2011, 21--24.Google Scholar
- International Building Code, 2009, Sixth Printing. Available at: http://publicecodes.cyberregs.com/icod/ibc/2009/Google Scholar
- Djikstra, E. W., "Structure of 'THE' Multiprogramming System," Comm. ACM 11, 5 (May, 1968), 341--346. Google ScholarDigital Library
- Parnas, D. L. "On the Criteria to Be used in Decomponsing Systems into Modules," Comm ACM 15, 12 (Dec. 1972), 1053--1058, reprinted in Software Fundamentals: Collected Papers by D. L. Parnas, D. M Hoffman and D. M. Weiss, eds., Addison Wesley, 2001 Google ScholarDigital Library
- Parnas, D. L. "On a 'Buzzword': Hierarchical Structure," IFIP Congress 1974, North Holland, 336--339, reprinted in Software Fundamentals: Collected Papers by D. L. Parnas, D. M Hoffman and D. M. Weiss, eds., Addison Wesley, 2001. Google ScholarDigital Library
- Jackson, D., Thomas, M. and Millett, L. eds., Committee on Certifiably Dependable Systems, Software for Dependable Systems: Sufficient Evidence? National Academies Press, 2007. Accessible at: http://www.nap.edu/catalog.php?record_id=11923Google Scholar
- US Food and Drug Administration. General Principles of Software Validation; Final Guidance for Industry and FDA Staff. Issued Jan. 11, 2002. Available at: http://www.fda.gov/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm085281.htm#_Toc517237933Google Scholar
- Content of Premarket Submissions for Management of Cybersecurity in Medical Devices - Draft Guidance for Industry and Food and Drug Administration Staff. Issued June 14, 2013. Available at: http://www.fda.gov/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm356186.htmGoogle Scholar
- Department of Defense Trusted Computer Security Evaluation Center, DOD 5200.28-STD, 1985. Available at: http://seclab.cs.ucdavis.edu/projects/history/papers/dod85.pdf available at http://csrc.nist.gov/publications/history/dod85.pdf when US government operating normally.Google Scholar
- The Common Criteria for Information Technology Security Evaluation, Part 1, Version 3.1, Rev. 4, September 2009. CCMB-2012-09-001. Part 2, Security Functional Requirements, Part 3, Security Assurance Requirements. All Available at: http://www.commoncriteriaportal.org/cc/Google Scholar
- National Institute of Standards and Technology (NIST). Security Requirements for Cryptographic Modules. Federal Information Processing Standards (FIPS) Publication 140--2. May 25. 2001.Google Scholar
- Landwehr, C. "Improving information flow in the information security market," in Economics of Information Security, L. Jean Camp and S. Lewis, ed., Kluwer, 2004, pp. 155--164. Available at: http://www.landwehr.org/Carl%20E.%20Landwehr/Publications.htmlGoogle Scholar
- McGraw, G., Migues, S., and West, J. Building Security In Maturity Model: BSIMM-V, Oct. 2013. Available at: website. http://bsimm.com/Google Scholar
- Chandra, Pravir. Software Assurance Maturity Model., Version 1.0. Downloaded 9 Nov. 2013. An OWASP project, available at: http://www.opensamm.orgGoogle Scholar
- Obama, B., Improving critical infrastructure cybersecurity. Executive Order 13636, February 12, 2013. Federal Register Vol. 78, No. 33, Feb. 19, 2013. Available at: www.gpo.gov/fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdfGoogle Scholar
- Improving Critical Infrastructure Cybersecurity: Preliminary Cybersecurity Framework. NIST, October 29, 2013. Available at: http://www.nist.gov/itl/upload/preliminary-cybersecurity-framework.pdfGoogle Scholar
- Park, J., Moore, A., Montrose, B., Strohmeyer, B., and Froscher, J. A methodology, a language, and a tool to provide security assurance arguments. NRL/MR/5540-02-8600, Naval Research Laboratory, Feb., 2002. Available at: www.dtic.mil/cgi-bin/GetTRDoc?AD*=ADA399505Google Scholar
- Cyber Security Jobs Report. Abell Foundation and Cyber Point LLC, January 8. 2013. Available from: http://www.ctic-baltimore.com/report.htmlGoogle Scholar
- Steven M. Bellovin. The major cyberincident investigations board. IEEE Security & Privacy, 10(6):96, November-December 2012. Google ScholarDigital Library
- Neil, D. "Lexus ES 300h: A Smooth, Elegant Guilt Eraser," The Wall Street Journal, March 16--17, 2013, p. D1.Google Scholar
Index Terms
- A building code for building code: putting what we know works to work
Recommendations
Building Secure Software Using XP
Security is an important and challenging aspect that needs to be considered at an early stage during software development. Traditional software development methodologies do not deal with security issues and so there is no structured guidance for ...
Group development and group maturity when building agile teams
Overlap between what is meant by an agile team and a mature group in psychology.Group developmental issues are dealt with in practice in agile groups.Quantitative survey data support the connections.Focusing on group development is a key success factor ...
Building More Secure Software with Improved Development Processes
In this installment, I draw on experiences gained as a member of Microsoft's central security team to outline some basic best practices you can implement in your software development process. These practices affected Microsoft products released since ...
Reviews
Birol O. Aygun
Software security, safety, reliability, availability, serviceability, and similar areas have always been the "soft underbelly" of the software development industry. The author of this paper calls on the field to create a "building code" for building software. The paper includes many examples of code and related works in construction and other industries. I would like to point out two major differences between construction, as an example, and computer software technologies, which makes this an elusive comparison. The paper overlooks the fact that basic scientific and engineering goes back much further than computer technology. People have been building shelters, homesteads, and agricultural and hunting tools since the Stone Age, as early as three million years ago. This means that humans have been collecting information about how to build and use these and other things they need for survival, and passing that knowledge on to as many as 100,000 generations, assuming an average of 30 years per generation. This is the foundation of our current level of scientific knowledge and engineering know-how in "hard" technology areas such as construction. If we date the origin of computing technology to the 19th century difference engine invented by Charles Babbage (often called the father of the computer), then the programmable computer as we know it is only about 150 years old. Software is very unlike objects for which building codes have been built in the past. There are infinitely many ways to build most programs, and there are numerous alternative implementations (building procedures) of the same program, probably many more than for any building. If you test this in a programming class in an undergraduate software engineering program, you'll find that there are as many implementations of a solution to a given problem as there are students, assuming no cheating. While the author's clarion call is to be applauded from a software engineering point of view, the form that any advance in this area might take is very hard to foresee. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments