Secure Continuous Deployment of Military Software

Abstract

Continuous deployment of military software over the Internet could introduce many positive features, like shorter development times, better customer tted products and on-demand functionality upgrades. It however also introduces a number of new threats and vulnerabilities that needs to be thoroughly investigated and assessed. This Master Thesis proposes a methodology for how to design and evaluate a system with security in mind that allows the designer to build the system from scratch by adding components to mitigate the discovered vulnerabilities. The methodology is based on Microsoft's thread model, with methods like STRIDE and DREAD. Di erent security protocols and concepts are examined in order to evaluate whether and how continuous deployment could be applied in the military industry. The proposed methodology is not military speci c and could therefore be used by anyone that wants to build a secure system, although the speci c vulnerabilities and their implications presented in this report are with a military setting in mind. As a big Swedish defence contractor, some of the information Saab handles is of sensitive nature with respect to the Swedish national security. By Swedish law any information classi ed as defence secrets have to be handled according to Swedish De- fence Material Administrations (FMV) policies. Parts of these policies are by themselves classi ed as defence secrets and are therefore not allowed to be present in this report. As of this, the solutions proposed will apply to information that does not contain de- fence secrets, but could in other aspects be sensitive, and are based on public protocols, algorithms and products.