本書以軟件生命周期為脈絡,以軟件安全風險評估��、風險控制技術及軟件安全評估指標�、軟件安全能力成熟度指標為引領,將安全理念���、安全模型�、安全方法與常見的軟件過程模型相融合�,系統(tǒng)介紹在軟件開發(fā)的每個環(huán)節(jié)保障軟件安全的原理和方法,包括安全需求分析�、安全設計、安全編碼��、安全測試及軟件部署運維中安全配置與軟件加固等各環(huán)節(jié)的流程與常用方法���,用于全面指導軟件安全開發(fā)��,樹立軟件開發(fā)人員的安全意識��,以期減少或杜絕軟件的安全問題,提高軟件的抗攻擊能力和安全可信度�,助力軟件在各領域��、各行業(yè)的推廣應用���。本書適用于高等院校的計算機科學與技術、軟件工程��、網(wǎng)絡空間安全���、信息安全專業(yè)的本科生���,也適用于與軟件開發(fā)相關的其他各類學生或軟件開發(fā)從業(yè)者。
張仁斌�,合肥工業(yè)大學計算機與信息學院副教授,2004年參與合肥工業(yè)大學新成立的信息安全專業(yè)的專業(yè)建設�,并承擔《計算機病毒與反病毒》課程教學工作,此后陸續(xù)承擔《計算機網(wǎng)絡系統(tǒng)實踐》《網(wǎng)絡工程師綜合實訓》���、《軟件安全》《信息安全專業(yè)導論》《系統(tǒng)與軟件安全綜合設計》等多門課程的主講或?qū)嵺`指導�;主編國家"十一·五”規(guī)劃教材1部(計算機病毒與反病毒技術�,第1主編)、安徽省"十一·五”規(guī)劃教材1部(網(wǎng)絡與信息安全系列課程實踐教程�,第2主編),參編教材2部��。主持安徽省教育廳教學研究課題《計算機病毒與網(wǎng)絡攻防教學研究與實踐》、虛擬仿真實驗教學項目《工控網(wǎng)絡攻防虛擬仿真實驗教學》���;主持安徽省年度重點項目8項��;參與省市科技攻關項目�、863項目13項���;公開發(fā)表學術論文20余篇��。
第1 章 軟件與軟件安全······································································································1
1.1 軟件安全范疇········································································································1
1.1.1 軟件與軟件安全的定義····················································································1
1.1.2 軟件缺陷與漏洞·····························································································3
1.1.3 軟件漏洞分類································································································6
1.1.4 軟件安全與其他安全的關系···········································································.12
1.2 軟件安全現(xiàn)狀·····································································································.15
1.2.1 軟件安全總體情況·······················································································.15
1.2.2 系統(tǒng)軟件安全現(xiàn)狀·······················································································.17
1.2.3 應用軟件安全現(xiàn)狀·······················································································.18
1.2.4 開源軟件安全現(xiàn)狀·······················································································.19
1.3 安全事件的根源··································································································.21
1.3.1 軟件漏洞是安全問題的焦點···········································································.21
1.3.2 產(chǎn)生軟件漏洞的原因····················································································.24
1.4 緩解軟件安全問題的途徑與方法··········································································.27
1.4.1 緩解軟件安全問題的基本策略········································································.27
1.4.2 緩解軟件安全問題的工程化方法·····································································.28
1.4.3 軟件安全問題的標準化���、規(guī)范化解決之路·························································.29
1.4.4 緩解軟件安全問題的技術探索與舉措·······························································.31
實踐任務···················································································································.34
任務1:相對路徑攻擊···························································································.34
任務2:SQL 注入攻擊··························································································.35
思考題······················································································································.35
第2 章 軟件的工程化安全方法·························································································.36
2.1 軟件工程概述·····································································································.36
2.1.1 軟件的發(fā)展過程··························································································.36
2.1.2 軟件危機···································································································.37
2.1.3 軟件工程···································································································.38
2.1.4 軟件生命周期·····························································································.40
2.2 軟件過程模型·····································································································.43
2.2.1 瀑布模型···································································································.44
2.2.2 快速原型模型·····························································································.45
2.2.3 增量模型···································································································.46
2.2.4 螺旋模型···································································································.47
2.2.5 微軟MSF 過程模型······················································································.48
2.3 軟件質(zhì)量與軟件的安全特性·················································································.49
2.3.1 軟件質(zhì)量···································································································.50
2.3.2 軟件的安全特性··························································································.52
2.3.3 軟件安全特性與軟件質(zhì)量的關系·····································································.53
2.3.4 確定所需安全特性·······················································································.54
2.3.5 改善軟件的安全特性····················································································.55
2.3.6 功能安全、安全功能與軟件安全·····································································.59
2.4 軟件安全過程模型······························································································.59
2.4.1 微軟SDL 模型····························································································.60
2.4.2 安全接觸點過程模型····················································································.64
2.4.3 實施軟件安全過程的建議··············································································.68
2.5 軟件安全開發(fā)初體驗···························································································.72
2.5.1 賬號安全···································································································.72
2.5.2 簡單的口令驗證及其破解示例········································································.74
2.5.3 用戶操作的隨意性·······················································································.77
實踐任務···················································································································.80
任務1:網(wǎng)絡監(jiān)聽與https 的配置··············································································.80
任務2:MD5 動態(tài)加鹽防篡改·················································································.80
任務3:暴力破解登錄密碼·····················································································.81
思考題······················································································································.82
第3 章 軟件安全風險管理·······························································································.82
3.1 風險管理的基本過程與方法·················································································.82
3.1.1 風險管理的定義··························································································.82
3.1.2 軟件安全風險評估基本要素及其關系·······························································.83
3.1.3 軟件安全風險評估基本流程···········································································.85
3.1.4 手動評估和工具輔助評估··············································································.89
3.1.5 風險控制···································································································.90
3.2 軟件安全風險評估······························································································.90
3.2.1 評估準備···································································································.91
3.2.2 軟件安全風險識別·······················································································.93
3.2.3 軟件安全風險分析·······················································································.95
3.2.4 基于DREAD 模型的威脅評級········································································.97
3.2.5 基于標準的漏洞等級劃分··············································································.99
3.2.6 基于形式化方法的軟件安全風險評估·······························································103
3.3 軟件安全風險控制······························································································108
3.3.1 基于風險管理框架的安全風險控制··································································108
3.3.2 基于軟件項目風險管理的安全風險控制···························································.111
3.3.3 軟件供應鏈安全風險控制·············································································.111
3.4 軟件安全能力成熟度模型····················································································112
3.4.1 安全性能力成熟度模型·················································································113
3.4.2 軟件保障成熟度模型····················································································117
3.4.3 安全構建成熟度模型····················································································125
3.4.4 系統(tǒng)安全工程能力成熟度模型········································································129
實踐任務···················································································································137
任務1:Web 安全現(xiàn)狀調(diào)研與Web 應用防火墻(WAF)原理分析···································137
任務2:CWE“軟件開發(fā)視圖”(CWE-699)研習························································138
思考題······················································································································138
第4 章 軟件需求與安全需求····························································································139
4.1 軟件需求與需求工程···························································································139
4.1.1 軟件需求的定義與分類·················································································139
4.1.2 需求工程概述·····························································································143
4.1.3 安全需求工程·····························································································144
4.2 需求引出············································································································145
4.2.1 需求引出過程·····························································································145
4.2.2 安全需求引出源··························································································147
4.2.3 提取安全需求的基本方法··············································································150
4.3 需求分析建��!ぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁ150
4.3.1 分析建模的任務··························································································150
4.3.2 需求分析的基本方法····················································································151
4.3.3 安全需求分析的策略與方法···········································································157
4.3.4 基于誤用例和濫用例的安全需求分析·······························································169
4.4 需求定義與需求驗證···························································································173
4.4.1 需求定義···································································································173
4.4.2 需求驗證···································································································176
4.5 安全質(zhì)量需求工程簡介························································································178
4.6 需求變更及其風險控制························································································180
4.6.1 需求變更···································································································180
4.6.2 需求變更的負面影響····················································································181
4.6.3 需求變更風險控制·······················································································182
實踐任務···················································································································182
任務1:結構化需求分析························································································182
任務2:基于誤用例的安全需求分析·········································································183
思考題······················································································································183
第5 章 安全設計·············································································································184
5.1 軟件設計概述·····································································································184
5.1.1 軟件設計基本概念·······················································································184
5.1.2 軟件概要設計·····························································································184
5.1.3 軟件詳細設計·····························································································191
5.2 安全設計及其原則······························································································191
5.2.1 安全設計目標與設計內(nèi)容··············································································191
5.2.2 安全設計原則·····························································································192
5.2.3 制訂安全計劃·····························································································196
5.3 安全策略與安全模型···························································································197
5.3.1 多級安全策略·····························································································197
5.3.2 商業(yè)安全策略·····························································································198
5.3.3 安全模型···································································································199
5.3.4 面向云計算的訪問控制·················································································201
5.4 威脅建��!ぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁ201
5.4.1 威脅建模的作用··························································································201
5.4.2 威脅建模方法·····························································································202
5.4.3 威脅建模過程·····························································································207
5.4.4 威脅建模示例·····························································································210
5.5 基于復用的軟件安全設計····················································································216
5.5.1 攻擊樹及其緩解措施的復用···········································································216
5.5.2 基于安全模式的軟件設計··············································································216
5.5.3 常用安全功能設計·······················································································217
5.6 基于容錯技術的功能安全設計··············································································223
5.6.1 軟件容錯···································································································223
5.6.2 基于容錯的抗攻擊措施·················································································225
5.7 軟件體系結構與安全設計分析··············································································226
5.7.1 軟件體系結構·····························································································226
5.7.2 軟件體系結構復用·······················································································230
5.7.3 安全體系結構·····························································································234
5.7.4 體系結構分析與安全設計分析········································································238
5.7.5 安全設計常見問題·······················································································240
實踐任務···················································································································240
任務1:結構化設計與威脅建�!ぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁぁ240
任務2:安全體系結構設計·····················································································241
任務3:訪問控制設計···························································································241
思考題······················································································································242
第6 章 安全編碼與代碼審核····························································································243
6.1 軟件編碼概述·····································································································243
6.1.1 軟件編碼···································································································243
6.1.2 編碼規(guī)范···································································································244
6.1.3 代碼檢查···································································································246
6.2 安全編碼規(guī)范·····································································································247
6.2.1 安全編碼建議·····························································································247
6.2.2 應用軟件安全編程國家標準···········································································250
6.2.3 SEI CERT 安全編碼系列標準··········································································257
6.2.4 ISO/IEC C 安全編碼規(guī)則···············································································269
6.2.5 面向特定行業(yè)領域的安全編碼規(guī)則··································································270
6.3 安全編碼過程管理與代碼安全審核·······································································273
6.3.1 安全編碼過程管理·······················································································273
6.3.2 源代碼靜態(tài)安全分析····················································································274
6.3.3 代碼安全審核·····························································································278
實踐任務···················································································································281
任務1:安全登錄模塊的實現(xiàn)··················································································281
任務2:代碼安全分析···························································································282
任務3:ASLR��、DEP 與棧保護················································································282
思考題······················································································································283
第7 章 軟件測試與安全分析····························································································284
7.1 軟件測試············································································································284
7.1.1 軟件測試及其目標·······················································································284
7.1.2 軟件測試基本原則·······················································································285
7.1.3 軟件測試分類·····························································································286
7.1.4 軟件測試過程·····························································································289
7.1.5 軟件測試過程模型·······················································································291
7.2 軟件安全測試·····································································································293
7.2.1 安全測試及其與傳統(tǒng)測試的區(qū)別·····································································294
7.2.2 軟件安全測試分類·······················································································295
7.2.3 軟件安全測試基本流程·················································································300
7.3 二進制程序安全分析···························································································303
7.3.1 語法語義與二進制程序分析···········································································304
7.3.2 二進制代碼分析常用技術··············································································307
7.3.3 二進制代碼相似性分析·················································································309
7.4 典型的軟件安全測試技術····················································································312
7.4.1 典型安全測試技術概述·················································································312
7.4.2 模糊測試···································································································313
7.4.3 滲透測試···································································································319
7.5 軟件安全合規(guī)性審核···························································································321
實踐任務···················································································································321
任務1:基于AWVS 的Web 漏洞掃描·······································································321
任務2:基于AFL 的模糊測試·················································································322
思考題······················································································································323
第8 章 軟件部署運維與軟件保護·····················································································324
8.1 軟件部署與安全配置···························································································324
8.1.1 軟件部署···································································································324
8.1.2 安全配置···································································································325
8.1.3 應用程序的容器化部署·················································································326
8.2 系統(tǒng)運維與應急響應···························································································327
8.2.1 系統(tǒng)運維···································································································327
8.2.2 應急響應···································································································328
8.3 軟件保護與軟件加固···························································································330
8.3.1 軟件反逆向分析··························································································330
8.3.2 軟件防篡改································································································333
8.3.3 軟件版權保護·····························································································335
8.3.4 軟件加固···································································································336
實踐任務···················································································································338
任務1:Web 應用Java Script 代碼安全發(fā)布································································338
任務2:Apache HTTP 服務器安全配置······································································338
思考題······················································································································339
參考文獻··························································································································340
