NIST SP800-163：移动应用安全审核指南

需积分: 10 13 浏览量更新于2024-07-16 收藏 1008KB PDF 举报

NIST SP800-163.pdf是一份由美国国家标准与技术研究院（NIST）发布的特别出版物，专注于"vetting the Security of Mobile Applications"，即对移动应用的安全评估。在组织引入新技术，尤其是移动技术时，确保其对IT资源、数据和用户的安全至关重要。这份报告指出，随着企业采用移动设备（如智能手机和平板电脑）以及相关的移动应用程序来支持业务流程，如实时信息共享和任务特定功能，这些技术带来了显著的生产力提升。然而，它们也引入了新的安全风险，如软件漏洞，这些漏洞可能被攻击者利用，威胁到数据安全和设备控制。为了应对这种风险，组织需要实施软件保障过程，确保软件在设计和生命周期中免于故意或意外的漏洞，并按预期方式运行。软件保障涉及一系列有计划和系统的活动，旨在满足需求、标准和程序。尽管传统的软件开发标准（如针对航空航天、汽车系统和国防关键领域的）已经取得了一定进展，但当前许多实践仍依赖于耗时、成本高昂且难以量化和重复的手动活动。移动计算环境下的挑战在于，它可能不完全支持传统的软件保障方法，需要适应移动应用的独特安全要求。 NIST SP800-163的目标是提供一套指导原则和最佳实践，帮助组织评估和管理移动应用的安全性，包括但不限于评估应用的漏洞、进行安全设计审查、实施测试策略以及建立响应和恢复计划。这份出版物适用于任何希望通过移动应用推动业务发展，同时又重视信息安全的组织，无论其规模大小或行业背景。通过遵循NIST的建议，组织能够更好地保护其数据和用户隐私，降低因软件漏洞引发的安全事件的可能性。

NIST SP 800-163 Vetting the Security of Mobile Applications

1 Introduction

When deploying a new technology, an organization should be aware of the potential security impact it

may have on the organization’s IT resources, data, and users. While new technologies may offer the

promise of productivity gains and new capabilities, they may also present new risks. Thus, it is important

for an organization’s IT professionals and users to be fully aware of these risks and either develop plans

to mitigate them or accept their consequences.

Recently, there has been a paradigm shift where organizations have begun to deploy new mobile

technologies to facilitate their business processes. Such technologies have increased productivity by

providing (1) an unprecedented level of connectivity between employees, vendors, and customers; (2)

real-time information sharing; (3) unrestricted mobility; and (4) improved functionality. These mobile

technologies comprise mobile devices (e.g., smartphones and tablets) and related mobile applications (or

apps) that provide mission-specific capabilities needed by users to perform their duties within the

organization (e.g., sales, distribution, and marketing). Despite the benefits of mobile apps, however, the

use of apps can potentially lead to serious security risks. This is so because, like traditional enterprise

applications, apps may contain software vulnerabilities that are susceptible to attack. Such vulnerabilities

may be exploited by an attacker to steal information or control a user's device.

To help mitigate the risks associated with software vulnerabilities, organizations should employ software

assurance processes. Software assurance refers to “the level of confidence that software is free from

vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during

its life cycle, and that the software functions in the intended manner” [1]. The software assurance process

includes “the planned and systematic set of activities that ensures that software processes and products

conform to requirements, standards, and procedures” [2]. A number of government and industry legacy

software assurance standards exist that are primarily directed at the process for developing applications

that require a high level of assurance (e.g., space flight, automotive systems, and critical defense

systems).

Although considerable progress has been made in the past decades in the area of software

assurance, and research and development efforts have resulted in a growing market of software assurance

tools and services, the state of practice for many today still includes manual activities that are time-

consuming, costly, and difficult to quantify and make repeatable. The advent of mobile computing adds

new challenges because it does not necessarily support traditional software assurance techniques.

1.1 Traditional vs. Mobile Application Security Issues

The economic model of the rapidly evolving app marketplace challenges the traditional software

development process. App developers are attracted by the opportunities to reach a market of millions of

users very quickly. However, such developers may have little experience building quality software that is

secure and do not have the budgetary resources or motivation to conduct extensive testing. Rather than

performing comprehensive software tests on their code before making it available to the public,

developers often release apps that contain functionality flaws and/or security-relevant weaknesses. That

can leave an app, the user’s device, and the user’s network vulnerable to exploitation by attackers.

Developers and users of these apps often tolerate buggy, unreliable, and insecure code in exchange for the

low cost. In addition, app developers typically update their apps much more frequently than traditional

applications.

Examples of these software assurance standards include DO-178B, Software Considerations in Airborne Systems and

Equipment Certification [3], IEC 61508 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related

System [4], and ISO 26262 Road vehicles -- Functional safety [5].

NIST SP 800-163 Vetting the Security of Mobile Applications

Organizations that once spent considerable resources to develop in-house applications are taking

advantage of inexpensive third-party apps and web services to improve their organization’s productivity.

Increasingly, business processes are conducted on mobile devices. This contrasts with the traditional

information infrastructure where the average employee uses only a handful of applications and web-based

enterprise databases. Mobile devices provide access to potentially millions of apps for a user to choose

from. This trend challenges the traditional mechanisms of enterprise IT security software where software

exists within a tightly controlled environment and is uniform throughout the organization.

Another major difference between apps and enterprise applications is that unlike a desktop computing

system, far more precise and continuous device location information, physical sensor data, personal health

metrics, and pictures and audio about a user can be exposed through apps. Apps can sense and store

information including user personally identifiable information (PII). Although many apps are advertised

as being free to consumers, the hidden cost of these apps may be selling the user’s profile to marketing

companies or online advertising agencies.

There are also differences between the network capabilities of traditional computers that enterprise

applications run on and mobile devices that apps run on. Unlike traditional computers that connect to the

network via Ethernet, mobile devices have access to a wide variety of network services including

Wireless Fidelity (Wi-Fi), 2G/3G, and 4G/Long Term Evolution (LTE). This is in addition to short-range

data connectivity provided by services such as Bluetooth and Near Field Communications (NFC). All of

these mechanisms of data transmission are typically available to apps that run on a mobile device and can

be vectors for remote exploits. Further, mobile devices are not physically protected to the same extent as

desktop or laptop computers and can therefore allow an attacker to more easily (physically) acquire a lost

or stolen device.

1.2 App Vetting Basics

To provide software assurance for apps, organizations should develop security requirements that specify,

for example, how data used by an app should be secured, the environment in which an app will be

deployed, and the acceptable level of risk for an app (see [6] for more information). To help ensure that

an app conforms to such requirements, a process for evaluating the security of apps should be performed.

We refer to this process as an app vetting process. An app vetting process is a sequence of activities that

aims to determine if an app conforms to the organization’s security requirements.

This process is

performed on an app after the app has been developed and released for distribution but prior to its

deployment on an organization's mobile device. Thus, an app vetting process is distinguished from

software assurance processes that may occur during the software development life cycle of an app. Note

that an app vetting process typically involves analysis of an app’s compiled, binary representation but can

also involve analysis of the app’s source code if it is available.

The software distribution model that has arisen with mobile computing presents a number of software

assurance challenges, but it also creates opportunities. An app vetting process acknowledges the concept

that someone other than the software vendor is entitled to evaluate the software’s behavior, allowing

organizations to evaluate software in the context of their own security policies, planned use, and risk

tolerance. However, distancing a developer from an organization’s app vetting process can also make

those activities less effective with respect to improving the secure behavior of the app.

The app vetting process can also be used to assess other app issues including reliability, performance, and accessibility but is

primarily intended to assess security-related issues.

剩余43页未读，继续阅读

艾米的爸爸

粉丝: 782
资源: 314

NIST SP800-163：移动应用安全审核指南

NIST SP800-177r1.pdf

随机数熵评估标准 NIST.SP800-90B 源代码

NIST SP800-30信息安全文档

NIST SP800-163r1.pdf

NIST SP800-51.pdf

NIST SP800-20.pdf

NIST SP800-125.pdf

NIST SP800-133.pdf

NIST SP800-115.pdf

NIST SP800-31.pdf

最新资源