CISSP Domain 4 – Application and System Development

NOTE: These notes have not been updated since I took the test many years ago.
To perform a more up to date study for your CISSP exam, I suggest buying the Shon Harris Book.

DOMAIN 4 – Application and System Development


“The division between software security and device security deals with providing security at the beginning stages of software development versus providing devices that protect the perimeter of networks”.

“If an application fails for any reason, it should resume to a safe state”

Database Management:

“Database access control can be restricted by only allowing roles”


Database Models:

Relational Database Model: Uses attributes (columns) and tuples (rows) to contain and organize information. Presents information in the form of tables.

Hierarchical Data Model: Combines records and fields that are related in a logical tree structure. Used for mapping one-to-many relationships.

Distributed Data Model: Data stored in more than one database, but logically connected.


Relational Database Components:

Most databases contain the following core functions:

  • Data Definition Language (DDL)
  • Data Manipulation Language (DML)
  • Query Language (QL)
  • Report Generator.


DDL defines the structure and schema of a database.


Data Dictionary: The data dictionary is a central repository of data elements and their relationships. The Data Dictionary includes definitions of views, data sources, relationships, tables, indexes, etc. When new tables, new views or new schema are added, the data dictionary is updated to reflect this.


  • Can run into concurrency problems. Record locking prevents this.

Database software performs to main types of integrity services:

Semantic Integrity: Makes sure that structural and semantic rules are enforced.

Referential Integrity: No record can contain a reference to a primary key of a non-existing record or NULL value. Database must also not contain unmatched foreign key values.


Database Security Issues:

Two main database security issues are aggregation and inference:



Aggregation is figuring out complete information you don’t have access to by using components of that information you do have access to. The combined information has a sensitivity that is greater than the sum of the parts.

Queries could be tracked and restricted based on context-dependant classification used to check what data the users has already accessed.



 Inference is similar to aggregation and involves the ability to derive information that is not explicitly available from information that is available. For example, a clerk does not have access to troop movements but does have access to food and tent deployment.

Again, context-dependant classification rules can help prevent anything that looks like inference.

Database security looks at the contents of the file rather than the file itself as an operating system could. This is content-dependant access control which increases processing overhead but provides more granular control.


 Polyinstantiation enables a relation to contain multiple tuples with the same primary key but at different security classifications.



System Development


Security management is an important aspect of project management.


The following is a typical list of lifecycle phases:

  • Project initiation
  • Functional design, analysis and planning
  • System design specifications
  • Software development
  • Installation / Implementation
  • Operational Maintenance
  • Disposal.


System Design Specifications:

 Informational, functional and behavioral model information goes into the software design as requirements. What comes out of the design is data, architectural and procedural design.

Installation / Implementation:


  • Certification is the process of reviewing and evaluating security controls and is usually a task assigned to an outside independent reviewer.


  • Accreditation is the formal acceptance of the system by key management and in implicit acceptance of risk. Once management accepts the residual risk, they should issue a formal accreditation statement.


  • Verification – does the product match the specification?


  • Validation – Fitness or worth of a software product for its operational mission.

”Verification is doing the job right, Validation is doing the right job”



System Life Cycle Phases:


  • Project Initiation:
  • Concept of project definition
  • Proposal and initial study


  • Functional design analysis and planning
  • Requirements uncovered and defined
  • System environment specifications determined


  • System design specifications:
  • Functionality design review
  • Functionality broken down
  • Detailed planning put into place
  • Code design


  • Software development:
  • Developing and programming software


  • Installation
  • Product installation and implementation
  • Testing and Auditing


  • Maintenance Support
  • Product changes, fixes and minor modifications


  • Revision and Replacement
  • Modifying the product with revisions, or, replacing it completely.



Waterfall Model:


The steps of a typical waterfall model are:


  • System feasibility
  • Software plans and requirements
  • Product design
  • Detailed design
  • Code
  • Integration
  • Implementation
  • Operations and Maintenance


Spiral Model:


  • Angular dimensions represent progress made in completing the phases.
  • Radial dimension represents cumulative project costs.


The model states that each cycle of the spiral involves the same series of steps for each part of the project.



Cost Estimation Models:


Basic COCOMO model estimates development effort and cost as a function of the number of source instructions:


MM = 2.4KDSI (MM = Man months, KDSI = K developed source instructions)


TDEV = 2.5mm




Maintenance phases can be divided into 3 sub-phases:


  1. Request control
  2. Change control
  3. Release control


Change Control:


Configuration management is the process of controlling the life cycle of an application and documenting the necessary change control activities. Configuration management is used to manage changes and new versions of software products. BS7799 addresses configuration management.


The following definitions are associated with Configuration Management:


Configuration Item (CI): Component whose state is to be recorded.


Version: A recorded specific state of a configuration item.


Configuration: Collection of component configuration items that comprise a configuration item in some stage of its evolution. Can be recursive.


Building: Assembling a version of a configuration item from component configuration items.


Build List:


Software Library:





Software Capability Maturity Model (CMM):


The Software CMM is based on the premise that the quality of a software product is a direct function of the quality of its associated development and maintenance processors.


5 maturity levels are:


Level 1: Initiating                : Good people in place. Processes performed ad-hoc.

Level 2: Repeatable            : Project management processes in place.

Level 3: Defined                   : Engineering processes and organizational support.

Level 4: Managed                 : Product and process quantitatively controlled.

Level 5: Optimizing              : Continued process improvements. Institutionalized.


The software CMM is a component that supports the concept of continuous process improvement. This concept is embodied in the SEI process improvement IDEAL model:


Initiate                    |

Diagnose                 |

Establish                 | = IDEAL!

Action                     |

Leverage                 |





Application Development Methodology


Object-Oriented Concepts:


A shared potion of an object is the interface. The private portion of an object facilitates data hiding.


Abstraction is the capability to suppress unnecessary details so that the important, inherent properties can be examined and reviewed.


Polymorphism: An object’s response to a message is defined by the class to which the object belongs. Different objects can respond to the same input in different ways.


Encapsulation: Hides internal data and operations not exposed via the interface.


Polyinstantiation: Multiple distinct differences between data within objects to discourage lower level subjects from learning information at a higher level of security.


Inheritance: Shares properties and attributes with subclasses.


Cohesion and Coupling:


  • Modules should be self-contained and perform a single logical function with as little external help as possible. This is cohesion and the goal for a module is to have high cohesion.


  • Modules should not drastically affect the behavior of each other. This is low coupling.


ORBs and CORBAs:


The OMA is the Object Management Architecture. ORB manages all communication between components and enables them to interact an a heterogeneous and distributed environment.


ORB is the middleware that established the client/server relationship between objects.


CORBA provides standard interface definitions between OMG compliant objects.




The component object model (COM) defines how components interact and provides an architecture for simple IPC. DCOM is a distributed model based on COM. DCOM has a library that takes care of session handling, synchronization, buffering, fault identification and handling, and data format translation.


OLE – Object Linking and Embedding:


OLE uses COM as its base and allows objects to be embedded within documents and for linking different resources and objects.


The capability for one program to call another is called linking.


The capability to put a piece of data inside a foreign program or document is called embedding.


DDE – Dynamic Data Exchange:


DDE enables different applications to share data by providing IPC. DDE is a communication mechanism that enables direct connection between two applications.


Distributed Computing Environment (DCE):


DCE is a standard developed by the OSF – Open Software Foundation (also called “the open group”). DCE is middleware providing RPC service, security services, directory service, time service and distributed file support.


DCE is a layer of software that sits on top of the network layer.


** DCOM uses a globally unique identifier (GUID).


** DCE uses a universal unique identifier (UUID).



Expert Systems and Knowledge Based Systems:


Expert systems usually consist of two parts, an inference engine and a knowledge base. The inference engine handles the user interface, external files, scheduling and program-accessing capabilities.


The knowledge engine contains data pertaining to a specific problem or domain.


ANN = Artificial Neural Network.



Malicious Code (MALWARE):


Virus: Infects applications. Main function is to reproduce. Macro viruses are easy to write and office products are in wide use.


WormsReproduce on their own with no need for a host application.


Logic Bomb: Will execute certain code when a specific event happens.


Trojan Horse: Program disguised as another program.





SMURF: Requires an attacker, a victim and an amplifying network. ICMP ECHO packets are sent to the broadcast address of a large network with the return address spoofed to be that of the victim. The target network will drown the victim with responses. A counter against the smurf attack is to disable broadcast packets at the border router.


Fraggle: Similar to SMURF but uses UDP instead of ICMP.


SYN Flood: Repeated SYN packets that will not respond to the SYN/ACK packets.


Teardrop: Send very small packets with invalid fragment offset causing the computer to freeze or crash.







No tags for this post.

Advanced & Persistent Security