Introduction to Security engineering
Security Engineering focuses on the security aspects in the development of the systems so that they can deal robustly with losses caused by accidents ranging from natural disasters to malicious attacks. The main motto of security Engineering is to not only satisfy pre-defined functional and user requirements but also preventing the misuse of the system and malicious behavior. Security is one of the quality factors of a system that signifies the ability of the system to protect itself from accidental and malicious external attacks. It is an important issue as networking of the system has increased, and external attacks to the system through the internet can be possible. Security factor makes the system available, safe, and reliable. If a system is a networked System, then the reliability and its safety factors become more unreliable.
Why do we need security Engineering?
Damage to any system m is caused due to threats. Threats prevent the system from providing normal service to the user in the given amount of time or may not at all allow the system from providing the services Threats are categorized as accidental, such as software errors, human errors, and hardware errors. Intentional, i.e. malicious such as terrorist attacks, intrusion catastrophic such as natural thunderstorms, floods, earthquake, lightings, or power failures.
Security risk management
- Vulnerability avoidance: The system is designed so that vulnerabilities do not occur. Say if there is no network, then the external attack is not possible.
- Detection and removal of attacks: The System is designed so that attacks can be detected and removed before they result in any exposure of data programs s same as the virus checkers who detect and remove the viruses before they infect the system.
- Exposure limitation: The system is designed so that the adverse consequences of a successful attack are minimized. For example, a backup policy allows damaged information to be restored.
Damage caused due to insecurity.
- Corruption of programs and data: The programs or data in the system may be modified by unauthorized users.
- Unavailability bod service: The system is affected and out into a state where normal services are not available.
- Leakage of confidential information: Information that is controlled by the system may be disclosed to the people who are not authorized to read or use that information.
System survivability is nothing but an ability of a system to continue performing difficult functions on time even if a few portions of the system are infected by malicious attacks or accidents. System survivability includes elements such an s reliability, dependability, fault tolerance, verification, testing, and information system security. Let’s discuss some of these elements.
- Adaptability: even if the system is attacked by a threat, the system should have the capability to adapt to the threat and continue providing service to the user. Also, the network performance should not be degraded by the end-user.
- Availability: The degree to which software remains operable in the presence of system failures.
- Time: Services should be provided to the user within the time expected by the user.
- Connectivity: It is the degree to which a system performs when all nodes and links are available.
- Correctness: It is the degree to which all Software functions are specified without any misunderstanding and misinterpretations.
- Software dependence: The degree to which hardware does not depend upon the software environment.
- Hardware dependence: The degree to which software does not depend upon hardware environments.
- Fault tolerance: The degree to which the software will continue to work without a system failure that would cause damage to the user and the degree to which software includes recovery functions
- Fairness: It is the ability of the network system to organize and route the information without any failure.
- Interoperability: It is the degree to which software can be connected easily with other systems and operated.
- Performance: It is concerned with the quality factors kike efficiency, integrity, reliability, and usability. Sub factors include speed and throughput.
- Predictability: It is the degree to which a system can provide countermeasures to the system failures in the situation of threats.
- Modifiability: It is the degree of effort required to make modifications to improve the efficiency of functions of the software.
- Safety: It is the ability of the system to not cause any harm to the network system or personnel system.
- Recoverability: It is the ability of the system to recover from an accident and provide normal service on time.
- Verifiability: It is about the efforts required to verify the specified Software functions and corresponding performance.
- Security: it is the degree to which the software can detect and prevent the information leak, loss of information, and malicious use, and then any type of destruction.
- Testability: It is about the efforts required to test the software.
- Reusability: It is the degree to which the software can be reused in other applications.
- Restorability: It is the degree to which a system can restore its services on time.
This is a guide to Security engineering. Here we have discussed the basic concepts of security Engineering and its various terms used for system protection. You may also have a look at the following articles to learn more –