There are two distinct ways on how you can build security into your software:

  • have your software tested and/or hacked, and start applying technology to plug the holes and keep the bad guys out
  • think about how your software could be mis-used and make sure your design prevents that

Or, as Gary McGraw just wrote, in much better words:

Screenshot 2014-08-27 20.27.23.png

Unfortunately the concept of “anticipating attacks” seems to be quite alien for the average developer – recognized by responding to a threat scenario with “but why would someone do that?”.

It also seems to be hard to teach. There is a new effort that I think has lots of promise: the IEEE Center for Secure Design tries to tackle the problem from the design angle. This is their mission statement:

The IEEE Computer Society’s CSD will gather software security expertise from industry, academia and government. The CSD provides guidance on:

  1. Recognizing software system designs that are likely vulnerable to compromise.
  2. Designing and building software systems with strong, identifiable security properties.

The CSD is part of the IEEE Computer Society’s larger cybersecurity initiative, launched in 2014.

If you’re interested in the topic, I would encourage you to read their document. It tries to explain the most common design flaws that lead to vulnerabilities. Every security architect in your team should have read (and understood) those, ideally:

Screenshot 2014-08-27 20.33.41.png

These are the topics explained in more details in the PDF (click on the image to read it):

  • EARN OR GIVE, BUT NEVER ASSUME, TRUST
  • USE AN AUTHENTICATION MECHANISM THAT CANNOT BE BYPASSED OR TAMPERED WITH


  • AUTHORIZE AFTER YOU AUTHENTICATE


  • STRICTLY SEPARATE DATA AND CONTROL INSTRUCTIONS, AND NEVER PROCESS CONTROL INSTRUCTIONS RECEIVED FROM UNTRUSTED SOURCES
  • DEFINE AN APPROACH THAT ENSURES ALL DATA ARE EXPLICITLY VALIDATED


  • USE CRYPTOGRAPHY CORRECTLY


  • IDENTIFY SENSITIVE DATA AND HOW THEY SHOULD BE HANDLED


  • ALWAYS CONSIDER THE USERS


  • UNDERSTAND HOW INTEGRATING EXTERNAL COMPONENTS CHANGES YOUR ATTACK SURFACE


  • BE FLEXIBLE WHEN CONSIDERING FUTURE CHANGES TO OBJECTS AND ACTORS
To report this post you need to login first.

3 Comments

You must be Logged on to comment or reply to a post.

  1. Andy Silvey

    Hi Frank,

    I know it’s not the ‘in’ thing to do this, but I do it anyway.

    Thanks for an excellent article and especially sharing the link to the book. I will be reading it.

    Best regards,

    Andy.

    (0) 
    1. Frank Koehntopp Post author

      Thanks Andy.

      I’m grateful for anyone putting secure design in better words than I can and spreading the message. You really need developers / architects to *understand* security, unfortunately there’s too many people selling silver bullets and creating the illusion that you just need ti run their tool to create security.

      (0) 
      1. Andy Silvey

        you’re right, security is all around us and everybody involved in every piece of the puzzle needs to be thinking security. It’s not enough for Security Team to tick their kpi’s as that doesn’t guarantee that there are no holes.

        My daughters have the Disney cartoon film, ‘Snow White and the Seven Dwarfs’, the version from the 1940’s.

        A beautiful classic old disney cartoon film, and one of the scenes in there is so real, the dwarfs  finish their shift in the diamond mine and all walk out of the mine, with one of them carrying the bag of all the diamonds they’ve mined that day. They leave the mine and take the bag of diamonds to a safe store where they place the bag, and then close the big wooden door and then lock the door, and then, they hang the key to the lock to the safe store on the wall next to the door. And funny as this is, it is so real life, companies spend fortunes on security but still have gaping simple holes left open.

        I am doing some security work at the moment, investigating one subject, and the more I dig and the more stones I turn over, the more I find surprises where little holes are left open defeating the object of the whole investment.

        And that’s why, as you say, everybody needs to be diligent and think security.

        Best regards,

        Andy.

        (0) 

Leave a Reply