軟件安全理論與實踐

第1 章 軟件與軟件安全······································································································1
1.1 軟件安全範疇········································································································1
1.1.1 軟件與軟件安全的定義····················································································1
1.1.2 軟件缺陷與漏洞·····························································································3
1.1.3 軟件漏洞分類································································································6
1.1.4 軟件安全與其他安全的關系···········································································.12
1.2 軟件安全現狀·····································································································.15
1.2.1 軟件安全總體情況·······················································································.15
1.2.2 系統軟件安全現狀·······················································································.17
1.2.3 應用軟件安全現狀·······················································································.18
1.2.4 開源軟件安全現狀·······················································································.19
1.3 安全事件的根源··································································································.21
1.3.1 軟件漏洞是安全問題的焦點···········································································.21
1.3.2 產生軟件漏洞的原因····················································································.24
1.4 緩解軟件安全問題的途徑與方法··········································································.27
1.4.1 緩解軟件安全問題的基本策略········································································.27
1.4.2 緩解軟件安全問題的工程化方法·····································································.28
1.4.3 軟件安全問題的標準化、規範化解決之路·························································.29
1.4.4 緩解軟件安全問題的技術探索與舉措·······························································.31
實踐任務···················································································································.34
任務1：相對路徑攻擊···························································································.34
任務2：SQL 註入攻擊··························································································.35
思考題······················································································································.35
第2 章 軟件的工程化安全方法·························································································.36
2.1 軟件工程概述·····································································································.36
2.1.1 軟件的發展過程··························································································.36
2.1.2 軟件危機···································································································.37
2.1.3 軟件工程···································································································.38
2.1.4 軟件生命周期·····························································································.40
2.2 軟件過程模型·····································································································.43
2.2.1 瀑布模型···································································································.44
2.2.2 快速原型模型·····························································································.45
2.2.3 增量模型···································································································.46
2.2.4 螺旋模型···································································································.47
2.2.5 微軟MSF 過程模型······················································································.48
2.3 軟件質量與軟件的安全特性·················································································.49
2.3.1 軟件質量···································································································.50
2.3.2 軟件的安全特性··························································································.52
2.3.3 軟件安全特性與軟件質量的關系·····································································.53
2.3.4 確定所需安全特性·······················································································.54
2.3.5 改善軟件的安全特性····················································································.55
2.3.6 功能安全、安全功能與軟件安全·····································································.59
2.4 軟件安全過程模型······························································································.59
2.4.1 微軟SDL 模型····························································································.60
2.4.2 安全接觸點過程模型····················································································.64
2.4.3 實施軟件安全過程的建議··············································································.68
2.5 軟件安全開發初體驗···························································································.72
2.5.1 賬號安全···································································································.72
2.5.2 簡單的口令驗證及其破解示例········································································.74
2.5.3 用戶操作的隨意性·······················································································.77
實踐任務···················································································································.80
任務1：網絡監聽與https 的配置··············································································.80
任務2：MD5 動態加鹽防篡改·················································································.80
任務3：暴力破解登錄密碼·····················································································.81
思考題······················································································································.82
第3 章 軟件安全風險管理·······························································································.82
3.1 風險管理的基本過程與方法·················································································.82
3.1.1 風險管理的定義··························································································.82
3.1.2 軟件安全風險評估基本要素及其關系·······························································.83
3.1.3 軟件安全風險評估基本流程···········································································.85
3.1.4 手動評估和工具輔助評估··············································································.89
3.1.5 風險控制···································································································.90
3.2 軟件安全風險評估······························································································.90
3.2.1 評估準備···································································································.91
3.2.2 軟件安全風險識別·······················································································.93
3.2.3 軟件安全風險分析·······················································································.95
3.2.4 基於DREAD 模型的威脅評級········································································.97
3.2.5 基於標準的漏洞等級劃分··············································································.99
3.2.6 基於形式化方法的軟件安全風險評估·······························································103
3.3 軟件安全風險控制······························································································108
3.3.1 基於風險管理框架的安全風險控制··································································108
3.3.2 基於軟件項目風險管理的安全風險控制···························································.111
3.3.3 軟件供應鏈安全風險控制·············································································.111
3.4 軟件安全能力成熟度模型····················································································112
3.4.1 安全性能力成熟度模型·················································································113
3.4.2 軟件保障成熟度模型····················································································117
3.4.3 安全構建成熟度模型····················································································125
3.4.4 系統安全工程能力成熟度模型········································································129
實踐任務···················································································································137
任務1：Web 安全現狀調研與Web 應用防火牆（WAF）原理分析···································137
任務2：CWE“軟件開發視圖”（CWE-699）研習························································138
思考題······················································································································138
第4 章 軟件需求與安全需求····························································································139
4.1 軟件需求與需求工程···························································································139
4.1.1 軟件需求的定義與分類·················································································139
4.1.2 需求工程概述·····························································································143
4.1.3 安全需求工程·····························································································144
4.2 需求引出············································································································145
4.2.1 需求引出過程·····························································································145
4.2.2 安全需求引出源··························································································147
4.2.3 提取安全需求的基本方法··············································································150
4.3 需求分析建模·····································································································150
4.3.1 分析建模的任務··························································································150
4.3.2 需求分析的基本方法····················································································151
4.3.3 安全需求分析的策略與方法···········································································157
4.3.4 基於誤用例和濫用例的安全需求分析·······························································169
4.4 需求定義與需求驗證···························································································173
4.4.1 需求定義···································································································173
4.4.2 需求驗證···································································································176
4.5 安全質量需求工程簡介························································································178
4.6 需求變更及其風險控制························································································180
4.6.1 需求變更···································································································180
4.6.2 需求變更的負面影響····················································································181
4.6.3 需求變更風險控制·······················································································182
實踐任務···················································································································182
任務1：結構化需求分析························································································182
任務2：基於誤用例的安全需求分析·········································································183
思考題······················································································································183
第5 章 安全設計·············································································································184
5.1 軟件設計概述·····································································································184
5.1.1 軟件設計基本概念·······················································································184
5.1.2 軟件概要設計·····························································································184
5.1.3 軟件詳細設計·····························································································191
5.2 安全設計及其原則······························································································191
5.2.1 安全設計目標與設計內容··············································································191
5.2.2 安全設計原則·····························································································192
5.2.3 制訂安全計劃·····························································································196
5.3 安全策略與安全模型···························································································197
5.3.1 多級安全策略·····························································································197
5.3.2 商業安全策略·····························································································198
5.3.3 安全模型···································································································199
5.3.4 面向雲計算的訪問控制·················································································201
5.4 威脅建模············································································································201
5.4.1 威脅建模的作用··························································································201
5.4.2 威脅建模方法·····························································································202
5.4.3 威脅建模過程·····························································································207
5.4.4 威脅建模示例·····························································································210
5.5 基於復用的軟件安全設計····················································································216
5.5.1 攻擊樹及其緩解措施的復用···········································································216
5.5.2 基於安全模式的軟件設計··············································································216
5.5.3 常用安全功能設計·······················································································217
5.6 基於容錯技術的功能安全設計··············································································223
5.6.1 軟件容錯···································································································223
5.6.2 基於容錯的抗攻擊措施·················································································225
5.7 軟件體系結構與安全設計分析··············································································226
5.7.1 軟件體系結構·····························································································226
5.7.2 軟件體系結構復用·······················································································230
5.7.3 安全體系結構·····························································································234
5.7.4 體系結構分析與安全設計分析········································································238
5.7.5 安全設計常見問題·······················································································240
實踐任務···················································································································240
任務1：結構化設計與威脅建模···············································································240
任務2：安全體系結構設計·····················································································241
任務3：訪問控制設計···························································································241
思考題······················································································································242
第6 章 安全編碼與代碼審核····························································································243
6.1 軟件編碼概述·····································································································243
6.1.1 軟件編碼···································································································243
6.1.2 編碼規範···································································································244
6.1.3 代碼檢查···································································································246
6.2 安全編碼規範·····································································································247
6.2.1 安全編碼建議·····························································································247
6.2.2 應用軟件安全編程國家標準···········································································250
6.2.3 SEI CERT 安全編碼系列標準··········································································257
6.2.4 ISO/IEC C 安全編碼規則···············································································269
6.2.5 面向特定行業領域的安全編碼規則··································································270
6.3 安全編碼過程管理與代碼安全審核·······································································273
6.3.1 安全編碼過程管理·······················································································273
6.3.2 源代碼靜態安全分析····················································································274
6.3.3 代碼安全審核·····························································································278
實踐任務···················································································································281
任務1：安全登錄模塊的實現··················································································281
任務2：代碼安全分析···························································································282
任務3：ASLR、DEP 與棧保護················································································282
思考題······················································································································283
第7 章 軟件測試與安全分析····························································································284
7.1 軟件測試············································································································284
7.1.1 軟件測試及其目標·······················································································284
7.1.2 軟件測試基本原則·······················································································285
7.1.3 軟件測試分類·····························································································286
7.1.4 軟件測試過程·····························································································289
7.1.5 軟件測試過程模型·······················································································291
7.2 軟件安全測試·····································································································293
7.2.1 安全測試及其與傳統測試的區別·····································································294
7.2.2 軟件安全測試分類·······················································································295
7.2.3 軟件安全測試基本流程·················································································300
7.3 二進製程序安全分析···························································································303
7.3.1 語法語義與二進製程序分析···········································································304
7.3.2 二進制代碼分析常用技術··············································································307
7.3.3 二進制代碼相似性分析·················································································309
7.4 典型的軟件安全測試技術····················································································312
7.4.1 典型安全測試技術概述·················································································312
7.4.2 模糊測試···································································································313
7.4.3 滲透測試···································································································319
7.5 軟件安全合規性審核···························································································321
實踐任務···················································································································321
任務1：基於AWVS 的Web 漏洞掃描·······································································321
任務2：基於AFL 的模糊測試·················································································322
思考題······················································································································323
第8 章 軟件部署運維與軟件保護·····················································································324
8.1 軟件部署與安全配置···························································································324
8.1.1 軟件部署···································································································324
8.1.2 安全配置···································································································325
8.1.3 應用程序的容器化部署·················································································326
8.2 系統運維與應急響應···························································································327
8.2.1 系統運維···································································································327
8.2.2 應急響應···································································································328
8.3 軟件保護與軟件加固···························································································330
8.3.1 軟件反逆向分析··························································································330
8.3.2 軟件防篡改································································································333
8.3.3 軟件版權保護·····························································································335
8.3.4 軟件加固···································································································336
實踐任務···················································································································338
任務1：Web 應用Java Script 代碼安全發布································································338
任務2：Apache HTTP 服務器安全配置······································································338
思考題······················································································································339
參考文獻··························································································································340