Description
Secure development lifecycles (SDL) seek to incorporate security into the various project
phases of software creation, such as development, testing and shipment. Companies that
have created such SDLs include SAP, Cisco and Microsoft. These processes
govern what security concerns are to be taken care of and how they are translated into
requirements for products and their development, with the goal of making the result
more secure by ensuring secure design and implementation.
Recently, various organizations have shifted their development efforts from an ”on
premise” focus, where they only ship software products to clients, to hosted solutions,
where they no longer only create but also operate software products, such as SaaS
offerings. While secure operations guides and similar documents may have been created
in units developing and operating such offerings, the SDLs have not necessarily been
adjusted to suit this new environment. This can result in outdated lifecycles that focus on
secure development and incident response, but do not incorporate secure operations or
secure decommissioning. The SDLs developed by SAP and Microsoft can be seen as
examples of this, while Cisco’s proposal does contain secure operations
but lacks decommissioning. Not incorporating such lifecycle segments leads to
a lack of guidance and requirements for development, operations and DevOps teams,
possibly resulting in insecure software.
In addition to outdated processes, activities incorporated into their phases, such as the
secure development phase of the SAP S2DL, may still focus on ”on premise” development
as well, for example by only requiring to sign binaries but no signature validation.
Whenever lifecycle segments or requirements fail to reflect such changes, this can entail
process deficits, important tasks not being done, compliance gaps or tooling deficits,
that ultimately can result in security incidents or legal actions, e.g. due to data breaches.
Furthermore, hosted solutions can be created in organizational contexts that are not
well supported by existent proposals, such as agile projects or small organizations.
Guidance for such solutions therefore must take their context into account too.
This thesis first discusses proposed SDLs, security maturity models, which allow
to assess SDLs, and comments from academia in the context of hosted solutions.
Subsequently, a new process, the Secure Lifecycle for Hosted Solutions (SLHS) is proposed
in order to address the above-described gaps, based on the discussed state of the
industry. Within the SLHS, we further define an agile and traditional process variant, to
fit differing organizational contexts, add new process phases and adjust activities for
hosted solutions, based on own comments and such from the literature. We also execute
the SLHS within two example scenarios to demonstrate its application.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching