Zviri mukati hide
1 AXIS Security Development Model Software
2 Nhanganyaya
3 Tsanangudzo yemashoko
4 ASDM yaperaview
5 Software Security Group (SSG)
6 ASDM kutonga
7 ASDM chimiro chimiro
8 Chimiro chechikamu
9 Mamiriro ekugadzirisa
10 Zviitwa zveASDM
11 Zvinyorwa / Zvishandiso
11.1 References
12 Related Posts

AXIS-logo

AXIS Security Development Model Software

AXIS Chengetedzo Yekuvandudza Model Software-fig1

Nhanganyaya

Zvinangwa zveASDM
Iyo Axis Security Development Model (ASDM) chimiro chinotsanangura maitiro uye maturusi anoshandiswa neAxis kuvaka software ine chengetedzo yakavakirwa mukati mehupenyu hwese, kubva pakuvambwa kusvika pakubviswa.

Zvinangwa zvekutanga zvinofambisa kuedza kweASDM ndezvi

  • Ita chengetedzo yesoftware chikamu chakabatanidzwa cheAxis software yekuvandudza zviitiko.
  • Deredza njodzi dzine chekuita nebhizinesi kune Axis vatengi.
  • Meet increasing awareness of security considerations by customers and partners.
  • Gadzira mukana wekudzikisa mutengo nekuda kwekukurumidza kuonekwa uye kugadzirisa nyaya
    ASDM chiyero ndeye Axis software inosanganisirwa mune Axis zvigadzirwa uye mhinduro. Iyo Software Security Group (SSG) ndiye muridzi uye muchengeti weASDM.

Tsanangudzo yemashoko

ASDM Axis Security Development Model
SSG Software Security Group
Firmware steering boka R&D manejimendi
Satellite Vagadziri vane hukama hwepanyama hwekuchengetedza software
Kusagadzikana board Axis yekuonana nzvimbo ine chekuita nekusagadzikana kunowanikwa nevaongorori vekunze
Bug bar Chengetedzo chinangwa chechigadzirwa kana mhinduro
DFD Data flow diagram

ASDM yaperaview

Iyo ASDM inosanganisira akati wandei mabasa akapararira mumatanho makuru ebudiriro. Mabasa ekuchengetedza anoonekwa pamwe chete seASDM.

AXIS Chengetedzo Yekuvandudza Model Software-fig3

The SSG is responsible for governing the ASDM and evolving the toolbox over time. There is an ASDM roadmap and a rollout plan for implementing new activities and increasing ASDM maturity across the development organization. Both the roadmap and rollout plan are owned by the SSG, but the responsibility for actual implementation in practice (i.e., performing activities related to development phases) is delegated to the R&D teams.

Software Security Group (SSG)

SSG ndiyo huru yemukati yekuonana mubatanidzwa kune masangano ekusimudzira ezvekuchengetedza zvine chekuita nenyaya. Inosanganisira Dziviriro Inotungamira uye vamwe vane ruzivo rwekuchengetedza hunyanzvi munzvimbo dzebudiriro dzakadai sezvinodiwa, dhizaini, kuita, kuongorora,
pamwe nekuyambuka-inoshanda DevOps maitiro.
SSG ine basa rekusimudzira nekuchengetedza ASDM yemaitiro akachengeteka ebudiriro uye ruzivo rwekuchengetedza musangano rekusimudzira.

Satellites
Satellite inhengo dzesangano rekusimudzira vanopedza chikamu chenguva yavo vachishanda nesoftware kuchengetedza zvinhu. Zvikonzero zvekuve nemasatellite ndezvi:

  • Scale ASDM pasina kuvaka yakakura yepakati SSG
  • Ipa rubatsiro rweASDM padyo nezvikwata zvebudiriro
  • Gadzirisa kugovana ruzivo, semuenzaniso, maitiro akanaka
    Setiraiti ichabatsira mukuita zviitiko zvitsva uye kuchengetedza ASDM muchikamu chezvikwata zvebudiriro.

ASDM chiitiko kuburitswa
Kuburitswa kweASDM kuchikwata chekusimudzira kwakafananataged process:

  1. Chikwata chinosumwa kuchiitwa chitsva kuburikidza nekudzidziswa kwakanangana nebasa.
  2. SSG inoshanda pamwe chete nechikwata kuita chiitiko, semuenzaniso, kuongorora njodzi kana kutyisidzira modhi, yezvikamu zvakasarudzwa zvesitimu (s) inotungamirwa nechikwata.
  3. Zvimwe zviitiko zvine chekuita nekubatanidza bhokisi rematurusi mubasa remazuva ese zvichapihwa kuchikwata uye setiraiti kana vagadzirira kushanda vakazvimiririra pasina zvakanangana neSSG. Muchikamu chino, basa rinotongwa nemutungamiriri wechikwata kuburikidza nechimiro cheASDM.
    Kuburitswa kunodzokororwa kana paine mavhezheni matsva eASDM anowanikwa ane akagadziridzwa uye/kana akawedzera zviitiko. Huwandu hwenguva inopedzwa neSSG nechikwata hunoenderana zvakanyanya nechiitiko uye kuoma kwekodhi. Chinhu chakakosha pakubudirira kwekupa kuchikwata kuvepo kwesetiraiti yakamisikidzwa inogona kuenderera mberi nebasa reASDM nechikwata. SSG inotyaira kudzidza uye kugoverwa kwesetiraiti inoenderana nekuburitswa kwechiitiko.
    Nhamba iri pazasi inopfupisa nzira yekuburitsa.

    AXIS Chengetedzo Yekuvandudza Model Software-fig4

Tsanangudzo yeSSG ye "zvaitwa" yekutambidza ndeiyi:

  • Basa chairo kudzidziswa kwakaitwa
  • Satellite yakapihwa
  • Chikwata chakagadzirira kuita chiitiko cheASDM
  • Misangano inodzokororwa yechimiro cheASDM yakatangwa
    SSG shandisa mapindiro kubva kuzvikwata kuunganidza mamiriro enhau kune vakuru vakuru.

Mamwe mabasa eSSG
Zvichienderana nezviitwa zvekuburitsa, iyo SSG inoita yakafararira yekuzivisa kuchengetedza zviitiko yakanangana semuenzaniso, vashandi vatsva uye vakuru vakuru. Pamusoro pezvo, SSG inochengetedza chengetedzo yekupisa mepu yeAxis mhinduro yezvese / yekuvaka njodzi yekuongorora zvinangwa. Proactive chengetedzo yekuongorora zviitiko zvemamodules chaiwo anoitwa zvichibva pamepu yekupisa.

Mabasa nemabasa
Sezvinoratidzwa mutafura iri pazasi, kune mamwe masangano akakosha uye mabasa ari chikamu chechirongwa cheASDM. Tafura iri pazasi inopfupikisa mabasa nemabasa maringe neASDM.

Basa/Chikwata Chikamu che Basa Comment
Security nyanzvi SSG Tonga ASDM, shandura bhokisi rematurusi uye kutyaira ASDM kuburitsa 100% yakapihwa kuSSG
Satellite Development line Batsira SSG kushandisa ASDM kekutanga, zvikwata zvevarairidzi, kuita dzidziso uye kuona kuti timu inogona kuenderera mberi nekushandisa Toolbox sechikamu chebasa remazuva ese, yakazvimiririra kubva kuSSG. Muchinjikwa-timu mutoro (zvikwata zvinoverengeka) zvinodiwa kumanikidza huwandu hwese satellite. Vanofarira uye vanobatanidzwa vanogadzira, vanogadzira, mamaneja, vanoedza, uye mamwe mabasa ane hukama hwepanyama hwekuchengetedza software. Satellite vanopa ingangoita 20% yenguva yavo kubasa rine chekuita neASDM.
Mamaneja Development line Chengetedza zviwanikwa zvekushandisa maitiro eASDM. Dhiraivha yekutevera uye kushuma pane ASDM chimiro uye kufukidzwa. Zvikwata zvebudiriro zvine ASDM kuita, neSSG sechinhu chekutsigira.
Firmware Steering Group (FW SG) R&D manejimendi Inosarudza pamusoro pekuchengetedza nzira uye inoita seyo huru SSG yekuzivisa chiteshi. SSG inoshuma kuFW SG nguva dzose.

ASDM kutonga

Iyo governance system ine zvikamu zvinotevera:

  • System njodzi heatmap kubatsira kukoshesa zviitiko zveASDM
  • Rondedzero yehurongwa uye chimiro chekutarisa pakuedza kudzidzisa
  • Nzira yekushandura bhokisi rekushandisa
  • Chimiro chekuyera kuti zviitiko zveASDM zvakabatanidzwa sei musangano

Iyo ASDM system saka inotsigirwa kubva kune ese ari maviri ehunyanzvi / ekushanda maonero uye kubva kune yehurongwa / yekutonga maonero.
Nhungamiro yekutungamira kudivi rekurudyi mumufananidzo ine tarisiro yekuti ungagadzira sei sangano kuti rinyatsoshanda zvinoenderana neAxis bhizinesi zvinangwa. Chinhu chakakosha chekuisa pane izvi ndeye ASDM chimiro chekuzivisa chakaitwa neSSG yakanangana neFirmware Steering Group, CTO uye Chigadzirwa Management.

AXIS Chengetedzo Yekuvandudza Model Software-fig5

ASDM chimiro chimiro

Chimiro cheASDM chimiro chine maonero maviri: timu imwe centric inoteedzera timu yedu uye chimiro chedhipatimendi, uye imwe mhinduro centric yakatarisana nemhinduro dzatinounza kumusika.
Mufananidzo uri pazasi unoratidza chimiro cheASDM chimiro.

Chimiro chechikwata
Chimiro chechikwata chine timu yekuzviongorora yekukura kwayo kweASDM, metrics ane chekuita neavo ekuongorora kuchengetedza zviitiko pamwe nekuunganidzwa kwemamiriro ekuchengetedza ezvikamu zvavanotarisira.

AXIS Chengetedzo Yekuvandudza Model Software-fig6

Axis inotsanangura kukura kweASDM seshanduro yeASDM iyo timu inoshandisa parizvino. Sezvo ASDM iri kushanduka, takatsanangura shanduro yeASDM apo shanduro yega yega yeASDM ine zviitwa zvakasiyana. For exampuye, yedu yekutanga vhezheni yeASDM yakatarisana nekutyisidzira modelling.
Axis yakatsanangura zvinotevera ASDM shanduro:

ASDM shanduro Zviitwa zvitsva
ASDM 1.0 Kuongorora njodzi uye kutyisidzira modhi
ASDM 2.0 Static code review
ASDM 2.1 Kuvanzika nekugadzira
ASDM 2.2 Software composition analysis
ASDM 2.3 Kuongorora kwekunze kwekupinda
ASDM 2.4 Vulnerability scanning uye fire drill
ASDM 2.5 Chigadzirwa/Solution chengetedzo mamiriro

Kupa muridzi wechikwata iyo ASDM vhezheni yavanoshandisa zvinoreva kuti maneja wemutsetse ndiye ane basa rekutorwa kweshanduro itsva dzeASDM. Saka panzvimbo yekuseta uko SSG inosundidzira yepakati ASDM kuburitsa hurongwa iko zvino yava kudhonza-yakavakirwa uye inodzorwa nemamaneja.

Chimiro chechikamu

  • Tine tsananguro yakafara yechikamu sezvo isu tichida kuvhara marudzi ese ezvivakwa zvekuvaka kubva kuLinux madhimoni papuratifomu, kuburikidza neserver software nzira yese kuenda kumakore (micro) masevhisi.
  • Chikwata chega chega chinofanirwa kugadzira yavo pfungwa yedanho rekubvisa rinovaitira munzvimbo yavo uye zvivakwa. Semutemo wezvigunwe, zvikwata zvinofanirwa kudzivirira kutanga nhanho nyowani yekubvisa uye kuchengeta chero chavanenge vachitoshandisa mubasa ravo rezuva nezuva.
  • Pfungwa ndeyokuti chikwata chimwe nechimwe chinofanira kuva chakajeka view yezvinhu zvavo zvese zvine njodzi zvakanyanya, izvo zvinosanganisira zvitsva pamwe nezvikamu zvenhaka. Kukurudzira uku kwakawedzera kufarira muzvikamu zvenhaka kwakabatana nekugona kwedu kutarisa mamiriro ekuchengetedza mhinduro. Panyaya yemhinduro, tinoda kuve nekuonekwa mune chengetedzo mamiriro ezvikamu zvese zvemhinduro nyowani pamwe neyekare.
  • Mukuita izvi zvinoreva kuti timu yega yega inofanirwa kutarisa kuverengera kwavo kwezvikamu uye kuita ongororo yenjodzi.
  • Chinhu chekutanga chatinofanira kuziva ndechekuti chikamu chakaitwa ongororo yekuchengetedzwa. Kana iyo isina, isu hatinyatso kuziva chero chinhu nezve chengetedzo yemhando yechikamu.

Isu tinodaidza ichi chivharo chezvivakwa uye takatsanangura anotevera ekuvhara mazinga:

Coverage Tsanangudzo
Analysis haina kuitwa Chikamu hachisati chaongororwa
Kuongorora kuri kuenderera mberi Chikamu chiri kuongororwa
Analysis yaitwa Chikamu chakaongororwa

Mametrics atinoshandisa kutora chengetedzo yemhando yechikamu anobva pane zvekuchengetedza basa zvinhu zviri kumashure izvo zvakabatana nechikamu. Izvi zvinogona kuve zvigadziriso zvisati zvaitwa, bvunzo kesi dzisina kuurayiwa uye chengetedzo bugs dzisina kugadziriswa.

Mamiriro ekugadzirisa

Mamiriro ekugadzirisa anounganidza kuchengetedzwa kweseti yezvikamu zvinogadzira mhinduro.
Chikamu chekutanga chechimiro chekugadzirisa ndechekuongorora kuvharwa kwezvikamu. Izvi zvinobatsira varidzi vemhinduro kuti vanzwisise kana chengetedzo yemhinduro ichizivikanwa kana isiri. Mune imwe nzira inobatsira kuziva mapofu. Iyo yakasara yemamiriro ekugadzirisa ine metrics inobata chengetedzo yemhando yemhinduro. Isu tinoita izvozvo nekutarisa zvinhu zvekuchengetedza basa izvo zvakabatanidzwa kune zvikamu mumhinduro. Chinhu chakakosha chechimiro chekuchengetedza ibug bar inotsanangurwa nevaridzi vemhinduro. Varidzi vemhinduro vanofanirwa kutsanangura danho rakakodzera rekuchengetedza mhinduro yavo. For example, izvi zvinoreva kuti mhinduro haifanirwe kunge isina yakatanhamara yakakosha kana yakanyanya kuomarara zvinhu zvinovhurwa kana zvaburitswa kumusika.

Zviitwa zveASDM

Kuongorora njodzi
Chinangwa chikuru chekuongorora njodzi ndechekusefa kuti ndezvipi zviitiko zvekusimudzira izvo zvinodawo basa rekuchengetedza mukati mechikwata.
Kuongororwa kwenjodzi kunoitwa nekutonga kana chigadzirwa chitsva kana chakawedzerwa / chakagadziridzwa chimiro muzvigadzirwa zviripo chinowedzera kuratidzwa kwenjodzi. Ziva kuti izvi zvinosanganisirawo kuvanzika kwedata zvinhu uye zvinodiwa pakutevedza. Exampmashoma ekuchinja ane njodzi maAPI matsva, shanduko kune mvumo zvinodiwa, nyowani yepakati, nezvimwe.

Kuvanzika kwedata
Kuvimba inzvimbo yakakosha yekutarisa kuAxis uye, nekudaro, zvakakosha kutevedzera zvakanakisa maitiro paunenge uchishanda nedata rakavanzika rinounganidzwa nezvigadzirwa zvedu, mhinduro nemasevhisi.
Iyo scope yekuedza kweAxis ine chekuita nekuvanzika kwedata inotsanangurwa zvekuti tinogona:

  • Zadzisa zvinosungirwa zviri pamutemo
  • Zadzisa zvisungo zvekondirakiti
  • Batsira vatengi kuzadzisa zvavanosungirwa

Isu tinogovanisa iyo data kuvanzika chiitiko kuita maviri madiki-zviitwa:

  • Data kuvanzika kuongorora
    • Kuitwa panguva yekuongorora njodzi
    • Inotaridza kana kuongororwa kwekuvanzika kwedata kuchidikanwa
  •  Data privacy analysis
    • Inoitwa, kana zvichibvira, panguva yekutyisidzira modhi
    • Inozivisa data rako pachako uye kutyisidzira kune yako data
    • Inotsanangura zvakavanzika zvinodiwa

Kutyisidzira modelling
Tisati tatanga kuziva kutyisidzira, isu tinofanirwa kufunga nezve chiyero chemhando yekutyisidzira. Nzira yekutaura chiyero ndeyekutsanangura vanorwisa vatinoda kufunga. Iyi nzira ichaitawo kuti tikwanise kuziva nzvimbo dzepamusoro dzekurwisa dzatinofanira kusanganisira mukuongorora.

AXIS Chengetedzo Yekuvandudza Model Software-fig7

  • Kutarisisa panguva yekutyisidzira scoping ndeyekutsvaga nekuisa zvikwata zvinorwisa vatinoda kubata tichishandisa tsananguro yepamusoro-soro yehurongwa. Zviri nani tsananguro yacho inoitwa pachishandiswa data flow diagram (DFD) sezvo zvichiita kuti zvive nyore kurondedzera yakadzama yekesi tsananguro dzinoshandiswa pakuita iyo yekutyisidzira modhi.
  • Izvi hazvireve kuti vese vanorwisa vatinoziva vanofanirwa kutariswa, zvinongoreva kuti isu takajeka uye tinopindirana pane vanorwisa vatichagadzirisa mumhando yekutyisidzira. Saka, chaizvo ivo vanorwisa vatinosarudza kufunga vanozotsanangura iyo nhanho yekuchengetedza yehurongwa hwatiri kuongorora.
    Ziva kuti tsananguro yedu yeanorwisa haikonzeri kugona kana kukurudzira. Isu takasarudza nzira iyi yekurerutsa uye kukwenenzvera kutyisidzira modhi zvakanyanya sezvinobvira.

    AXIS Chengetedzo Yekuvandudza Model Software-fig8

Kutyisidzira modhi kune matanho matatu anogona kudzokororwa sekuona kwechikwata kwakakodzera:

  1. Rondedzera hurongwa uchishandisa seti yeDFDs
  2. Shandisa maDFD kuona kutyisidzira uye kutsanangura nenzira yekushungurudza-nyaya
  3. 3. Tsanangura matanho ekupikisa uye ongororo yekutyisidzira
    Mhedzisiro yechiitiko chekutyisidzira imhando yekutyisidzira iyo ine kutyisidzira kwakanyanya uye matanho ekupikisa. Basa rekuvandudza rinodiwa kugadzirisa matanho anotungamirwa nekugadzirwa kwematiketi eJira ese ekuita uye kuoneswa kweiyo countermeasure.

    AXIS Chengetedzo Yekuvandudza Model Software-fig9

Static code analysis
MuASDM, zvikwata zvinogona kushandisa static code analysis nenzira nhatu:

  • Developer workflow: Vagadziri vanoongorora kodhi yavari kushanda pairi
  • Gerrit workflow: Vagadziri vanowana mhinduro muGerrit
  • Legacy workflow: zvikwata zvinoongorora high risk legacy zvikamu

    AXIS Chengetedzo Yekuvandudza Model Software-fig10

Vulnerability scanning
Kugara panjodzi kutariswa kunobvumira zvikwata zvekusimudzira kuona uye kupeta kusagadzikana kwesoftware zvigadzirwa zvisati zvaburitswa kune veruzhinji, zvichideredza njodzi yevatengi kana vachitumira chigadzirwa kana sevhisi. Kuongorora kunoitwa kusati kwaburitswa kwega kwega hardware, software) kana pane inomhanya hurongwa (masevhisi) uchishandisa ese akavhurika-sosi uye yekutengesa njodzi yekutarisisa mapakeji. Mhedzisiro yema scans anoshandiswa kugadzira matikiti muJira nyaya yekutevera chikuva. Matikiti anopiwa akakosha tag kuti vaonekwe nezvikwata zvebudiriro sezvinobva muuvulnerability scan uye kuti vanofanirwa kupihwa chinzvimbo chepamusoro. Ese masikirwo ekusagadzikana uye matikiti eJira anochengetwa nechepakati kuitira kuteedzera uye nekuongorora. Kusadzikama kwakakosha kunofanirwa kugadziriswa kusati kwaburitswa kana kuburitswa kwesevhisi nemamwe, kusanyanya kuoma,
yakatevedzwa uye yakagadziriswa mukuenderana neiyo firmware kana software yekuburitsa kutenderera. kor rumwe ruzivo rwekuti kusasimba kunopihwa nekugadziriswa sei, ona Vulnerability management papeji 12

Kuongorora kwekunze kwekupinda
Mune dzimwe nyaya, yechitatu-bato yekupinda bvunzo inoitwa paAxis Hardware kana software zvigadzirwa. Chinangwa chikuru chekumhanyisa bvunzo idzi kupa nzwisiso uye vimbiso ine chekuita nekuchengetedzeka kweplatrorm pane imwe nguva yakatarwa uye yeimwe chiyero. Chimwe chezvinangwa zvedu zvekutanga neASDM kuve pachena saka tinokurudzira vatengi vedu kuita bvunzo yekunze yekupinda pane zvigadzirwa zvedu uye isu tinofara kushandirapamwe pakutsanangura maparamita akakodzera ekuedzwa pamwe nehurukuro dzakatenderedza kududzira zvabuda.

Kutarisirwa kwenjodzi
Axis iri, kubvira 2021, yakanyoreswa CVE zita rekutonga (CNA) uye nekudaro inokwanisa kuburitsa yakajairwa CVE mishumo kune iyo MITER dhatabhesi kuti ishandiswe nevechitatu-bato vulnerability scanners uye mamwe maturusi. Iyo vulnerability board (VB) inzvimbo yemukati yeAxis yekusagadzikana yakawanikwa nevaongorori vekunze. Reporting of
zvakawanikwa kusasimba uye zvirongwa zvinotevera zvekugadzirisa zvinoziviswa kuburikidza ne product-security@axis.com chikero chetsamba yemumhepo.
Basa guru rebhodhi re vulnerability ndere kuongorora uye kukoshesa kusasimba kwakashumwa kubva pamaonero ebhizinesi, zvichienderana ne

  • Technical classification yakapihwa neSSG
  • Ingangove njodzi kune yekupedzisira-vashandisi munharaunda umo iyo Axis mudziyo unoshanda
  • Kuvepo kwekubhadharira kuchengetedza zvinodzora lalternative njodzi kudzikisira pasina chigamba)

Iyo VB inonyoresa iyo CVE nhamba uye inoshanda nemutori wenhau kupa CVSS mamakisi kune iyo njodzi. Iyo VB zvakare inotyaira kutaurirana kwekunze kune vanobatana uye vatengi kuburikidza neAxis chengetedzo yekuzivisa sevhisi, kuburitswa kwenhau, uye zvinyorwa zvenhau.

AXIS Chengetedzo Yekuvandudza Model Software-fig11

Axis Security Development Model © Axis Communications AB, 2022

Zvinyorwa / Zvishandiso

AXIS Security Development Model Software [pdf] User Manual
Chengetedzo Yekuvandudza Model, Software, Chengetedzo Yekuvandudza Model Software

References

Related Posts

Siya mhinduro

Yako email kero haizoburitswa. Nzvimbo dzinodiwa dzakamakwa *