Software Security 软件安全 We live in a world today where software is pervasive. Software touches nearly every aspect of our lives, from software-controlled subways, air traffic control systems, nuclear power plants, and medical equipment to more mundane everyday examples, such as software-controlled microwave ovens, gas burners, elevators, automated teller machines [1] , the family car, and the local 911 service [2] . In the past, many of these items relied upon established safety and reliability principles from electrical, mechanical, and/or civil engineering, which developed over several decades, if not longer. Today items like these are controlled by software. When it is examined, its totality, the magnitude of the software safety and reliability challenge facing us today makes the Y2K [3] problem look minuscule by comparison. Hence, it is time to acknowledge the discipline of software safety and reliability and its importance to everyday life. Some people and organizations are starting to understand and respond to this challenge. For example, the FBI [4] recently established a National Infrastructure Protection Center to protect safety-critical systems and software. Unfortunately, many still remain blissfully unaware of the situation or deny its existence. Contributing to the problem is the small number of universities that offer courses in software safety and reliability. We hear a lot about the global economy today. Technology has less respect for state or national borders than do market forces. The software safety and reliability challenge is a global challenge. Products, such as cars and medical devices, are built in one jurisdiction and sold worldwide. Air traffic control systems must interoperate safely and reliably among multiple countries, for example along the long borders between the U. S. , Canada, and Mexico. Accordingly, the first part of this book introduces the concept of software safety and reliability, and techniques and approaches used to achieve and assess it. Background The inherent complexity of software—its design, development, assessment, and use—is and has been increasing rapidly during the last decade. The cycle time between new versions of system and application software has decreased from a number of years to a number of months. The evolution and discovery of new design techniques and development methodologies are proceeding at an equally rapid pace. Consequently, the debate about what constitutes the standard body of knowledge for Computer Science professionals continues. Accompanying this is the ever broadening role that software plays in electronic products. A study performed in the U. K. in 1990 estimated that the market for the development of safety-related software was ＄. 85B per year and that it was growing at a rate of 20 percent per year. This is due to the fact that software is replacing discrete hardware logic in many devices. Some common examples include air traffic control systems, nuclear power plant control systems, and radiation therapy systems. In addition, advanced electronics with embedded software controllers are being incorporated into a variety of new products, such as laser surgical devices, automobiles, subways, and intelligent transportation systems. As such the role of software has moved from simply generating financial or other mathematical data to monitoring and controlling equipment, which directly affects human life and safety. In fact, it was reported by Donald Mackenzie that "the total number of people killed by computer system failures, worldwide, up to the end of 1998 is between 1,000 and 3,000. " As a result, a more thorough and widespread understanding of, and familiarity with the specialized techniques to achieve and assess the safety and reliability of software, are needed in academia, industry, and government. This is also true since many legal issues related to software liability are evolving. Purpose While the general concept of safety and reliability is understood by most parties, the specialty of software safety and reliability is not. The understanding of electronic component reliability and electrical safety has been evolving since the 1940s. In contrast, software safety and reliability is a relatively new discipline that only a few understand well or at all. Hence, the overall goal of writing this book is to improve the state of the art of software safety and reliability, both its understanding and practice. This goal is achieved through three objectives. The first objective of this book is to serve as a "consciousness raising" [5] about the importance of software safety and reliability and the attention this subject warrants in mission critical systems [6] .  As more and more functionality is shifted from hardware to software, two common scenarios occur. First, managers and technical personnel involved in mission critical projects are generally very knowledgeable about optics,  radiation physics, mechanical engineering, and so forth. However, they are sometimes at a loss when it comes to knowing: 1) what to do about software safety and reliability; 2) the skill set that is needed to adequately address software safety and reliability; and 3) sometimes even that this subject warrants serious attention. Second, today there are many excellent Computer Science and Software Engineering programs at universities throughout the worlＤ. Unfortunately, very few of them offer any courses on software safety and reliability or on software engineering standards. A student may acquire a thorough background in software engineering without being exposed to the field of software safety and reliability. Given the shift in technology to software controlled products, this is unfortunate because today's students will be tomorrow's safety and reliability practitioners. This book has been written to serve as a "consciousness raising" for both scenarios. As such, it includes many illustrative everyday examples about the importance of software safety and reliability. The second objective of this book is to provide practical information about the current methods used to achieve and assess software safety and reliability. This is accomplished by a comprehensive discussion of the current approaches promoted by key industrial sectors and standards organizations to software safety and reliability. Since most practitioners were not taught software safety and reliability in school, it is all the more imperative that they be made aware of current software safety and reliability standards [7] . As a rule, standards are written in a very terse style.  A phrase or sentence may be very meaningful to the committee members who spent years writing the standard, but the same phrase leaves the average reader in the dark. Accordingly, Parts Ⅱ and Ⅲ of this book have been written in the style of an application guide—" how to" read, interpret, and implement a given standarＤ. While theory is not entirely neglected, the emphasis is on practical information. The third and final objective of this book is to bring together, for the first time, in one volume the contemporary thinking on software safety and reliability so that it can be compared and analyzed; thereby leading to the improved understanding and practice of this field in the future. Firewall Nations without controlled borders cannot ensure the security and safety of their citizens, nor can they prevent piracy and theft. Networks without controlled access cannot ensure the security or privacy of stored data, nor can they keep network resources from being exploited by hackers. The communication efficiency provided by the Internet has caused a rush to attach private networks directly to it. Direct Internet connections make it easy for hackers to exploit private network resources. Prior to the Internet, the only widely available way for a hacker to connect from home to a private network was direct dialing with modems and the public telephone network. Remote access security was a relatively small issue. When you connect our private network to the Internet, you are actually connecting your network directly to everv other network attached to the Internet. There's no inherent central point of security control. Firewalls are used to create security checkpoints at the boundaries of private networks. By providing the routing function between the private network and the Internet, firewalls inspect all communications passing between the two networks and either pass or drop the communications depending on how they match the programmed policy rules. If your firewall is properly configured and contains no serious exploitable bugs, your network will be as free from risk as possible. Firewalls are among the newest developments in Internet technology. Developed from rudimentary security systems that major computer vendors like Compact and IBM developed to secure their own networks in the mid 1980s, these network sentinels have developed in lock-step with the burgeoning threat of information warfare. The most interesting and innovative developments, like Network Address Translation and multi-layer security filtering, are so new that books just two years old are already obsolete. The security problems of the past could be solved with simple packet filters and dial- back modem banks. The security problems of the future will require rifling through and validating every byte of an Internet message, requiring encrypted certification of a web site's true identity before connecting, and then encrypting nearly everything that travels between. Fortunately, as technology and the technological society it mirrors progress, these measures will become simple and invisible. As vendors make operating systems more hardened against attack, the World Wide Web will secretly grow more secure for people who will freely surf the Web as they please, hampered only by the occasionally warning that a site is not accredited or that a message contains suspicious content. Thi