Spotlight article: Domain 6, Application and System Development

This article has been depreciated and is no longer up to date. See our editor's note for more information.

Editor's note: This article has been depreciated and is no longer includes up-to-date information. For a more recent review of this domain, see CISSP online training: Software Development Security domain.

Applications and systems are the technologies closest to the data we are trying to protect. This domain details how applications and systems are structured, what security mechanisms and strategies are commonly used to secure data during access, processing and storage; it also presents some of the common threats and countermeasures. The following topics are covered:

  • System development process: The models, methods, life cycle phases, and management of the development process.
  • Database systems: Models, management systems, query languages, components, data warehousing and mining, schema and security measures.
  • Application development methodology: Software architecture, programming languages and concepts, change control methods, improvement models, data modeling and structures, data interface and exchange methods, artificial neural networks and expert systems.
  • Security threats and countermeasures: Common threats to applications and systems and how expert systems and artificial neural networks can be applied to mitigate threats.

System development process
Determining the appropriate level of security for systems is a difficult judgment call. The decision depends on many factors, including the trust level of the operating environment, the security levels of the systems it will connect to, who will be using the system, the sensitivity of the data, how critical the functions are to the business, and how costly it will be to apply optimal security measures. Understanding the process and economics of system development is essential to understanding why few systems in production used today can be considered sufficiently secure. This section covers how different environments demand different types of security, the importance of addressing failure states, and the difficulty of balancing both security and functionality demands to meet business needs.

An overview of the history of system building helps demonstrate why yesterday's system building approaches are no longer adequate in today's super-connected world. The increasing complexity of environments and technology rules out a "one size fits all" approach to security. Decisions for a Web-based business will be different than those made for a company concerned only with securing an intranet. Individuals preparing for the CISSP exam will gain insight into the decision making process, and into the perils of relying too heavily on environment-based security devices and appliances, rather than building the right level of security into a product.

Open and distributed environments can be using legacy and newer technology, intranets and business partner extranets, along with a maintained marketing presence on the Internet for e-commerce purposes -- an entirety which presents an almost overwhelming security challenge. Yet, strategies are being development to better protect systems by layering security controls at different technology levels. Being the last bastion of defense, security controls applied at the system and application level, however, should be as rigorous as possible to ensure damage from an attack is minimized. Most commercial applications have security controls built, though only recently have vendors begun to set security on by default, which forces users to make deliberate risk decisions to lower their security protection from the level recommended by the vendor. These approaches may prove annoying to the user at first. However, the increasing worldwide threat level necessitates an increased level of accountability from commercial vendors and an increased level of awareness and responsibility on the part of the user.

The economics of building secure systems is a trade-off between the security and functionality of systems. Every dollar that goes into protecting a system is a dollar that won't be put toward building a more functional, usable system. However, as hackers, criminals and terrorists become more sophisticated in their methods, we're obligated to seek out new ways to reveal system vulnerabilities that result from uncommon conditions and trap for them so they won't be available for malicious use. Securely built systems depend on our ability to elevate the visibility and priority of security throughout each phase of the development process. Even as early as project initiation, we can begin formulating the security goal based on business needs, liability risks and investment constraints. Throughout the requirements and design phase, we can systematically uncover hidden functional and architectural flaws that could compromise security. We can apply inspection methods and automation during construction and testing to root out coding flaws or failure conditions known to be vectors for security attacks. At every decision point, risk analysis should guide customer decisions about the risk they are willing to accept as a trade-off for lower price, time to market, increased functionality or usability. In using operational checklists for installation and administration, and by applying rigorous change control methods, we can be sure our product will meet both user needs and enterprise security standards now and in the future.

Database technology
Databases hold the data needed to conduct business, guide business strategy, and prove business performance history. Database management software is covered, along with an overview of different types of database models -- hierarchical, distributed and relational. Most attention is paid to relational databases -- how schema is represented and used in the data dictionary, how it applies to security, how primary and foreign keys are related, how checkpoints and save points work, and how maintaining the integrity of a data set is essential to ensuring no data falls outside the schema or the security controls built into the schema. Data warehouses (aggregators of disparate data sets) and data marts (copies of subsets of data warehouses) pose similar challenges, but the effort and cost that goes into these systems makes the meta data they yield very valuable to businesses which warrants a correspondingly high level of protection.

Strategies for administering data systems for optimal security are also covered. Using security views to enforce security policy, content and context driven access control strategies, exploring the challenges presented by aggregation and inference attacks, and the use of diversionary tactics such as cell suppression, noise and perturbation are among the techniques described in detail.

Application development methodology
After a brief overview of programming development, discussion centers on object-oriented programming, its encapsulation of code chunks as class objects, and how those objects can be altered and reused. In creating application designs, we model the use of data by the proposed application, analyzing the data paths it will take through the application. We are concerned about the atomicity of objects -- their cohesion and coupling properties, as this will drive the ease with which we can safely update them. Finally we concern ourselves with how the data our application will use is imported and exported from the application. The usefulness of standards and technologies that ensure component communication (COM, DCOM), the seamless exchange of data between disparate systems (ORB, CORBA, ODBC, DDE), the presentation or access to data outside the native application (OLE) are covered, as are automated CASE tools that help manage the engineering process. There are security issues surrounding the use of each of these, as well as with more recent innovations such as Active X controls and Java Applets.

Security threats and countermeasures
In this section, exam preparation includes an overview of the most common threat attacks affecting or engaging applications and systems, and how they are executed. These include DoS, timing attacks, viruses, worms, and Trojan horses, among others. Advanced systems employing artificial intelligence such as expert systems and artificial neural nets can aid in revealing connections between disparate pieces of information and in recognizing anomalous patterns in network traffic or application behaviors that might signal an attack in progress.

CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as ISC(2). 

This was last published in September 2008

Dig Deeper on CISSP certification