Secure by design

Secure by design (SBD), in software engineering, means that software products have been designed from the foundation to be secure.

Alternate security tactics and patterns are considered at the beginning of a software design, and the best are selected and enforced by the architecture, and they are used as guiding principles for developers.[1] It is also encouraged to use design patterns that have beneficial effects on security, even though those design patterns were not originally devised with security in mind. [2]

Secure by Design is increasingly becoming the mainstream development approach to ensure security and privacy of software systems. In this approach, security is built into the system from the ground up and starts with a robust architecture design. Security architectural design decisions are based on well-known security tactics, and patterns defined as reusable techniques for achieving specific quality concerns. Security tactics/patterns provide solutions for enforcing the necessary authentication, authorization, confidentiality, data integrity, privacy, accountability, availability, safety and non-repudiation requirements, even when the system is under attack.[3] In order to ensure the security of a software system, not only it is important to design a robust security architecture (intended) but also it is necessary to preserve the (implemented) architecture during software evolution.

Expect attacks

Malicious attacks on software should be assumed to occur, and care is taken to minimize impact. Security vulnerabilities are anticipated, along with invalid user input.[4] Closely related is the practice of using "good" software design, such as domain-driven design or cloud native, as a way to increase security by reducing risk of vulnerability-opening mistakes—even though the design principles used were not originally conceived for security purposes.

Avoid security through obscurity

Generally, designs that work well do not rely on being secret. Often, secrecy reduces the number of attackers by demotivating a subset of the threat population. The logic is that if there is an increase in complexity for the attacker, the increased attacker effort to compromise the target. While this technique implies reduced inherent risks, a virtually infinite set of threat actors and techniques applied over time will cause most secrecy methods to fail. While not mandatory, proper security usually means that everyone is allowed to know and understand the design because it is secure. This has the advantage that many people are looking at the computer code, which improves the odds that any flaws will be found sooner (see Linus's law). Attackers can also obtain the code, which makes it easier for them to find vulnerabilities as well.

Fewest privileges

Also, it is important that everything works with the fewest privileges possible (see the principle of least privilege). For example, a Web server that runs as the administrative user ("root" or admin) can have the privilege to remove files and users that do not belong. A flaw in such a program could put the entire system at risk, whereas a Web server that runs inside an isolated environment and only has the privileges for required network and filesystem functions, cannot compromise the system it runs on unless the security around it is in itself also flawed.

Methodologies

Secure Design should be a consideration at all points in the development lifecycle (whichever development methodology is chosen).

Some pre-built Secure By Design development methodologies exist (e.g. Microsoft Security Development Lifecycle).

Microsoft Security Development Lifecycle

Microsoft issued methodology and guidance based on the classical spiral model.

Standards and Legislation

Standards and Legislation exist to aide secure design by controlling the definition of "Secure", and providing concrete steps to testing and integrating secure systems.

Some examples of standards which cover or touch on Secure By Design principles:

ETSI TS 103 645 [5] which is included in part in the UK Government "Proposals for regulating consumer smart product cyber security" [6]
ISO/IEC 27000-series covers many aspects of secure design.

Server/client architectures

In server/client architectures, the program at the other side may not be an authorised client and the client's server may not be an authorised server. Even when they are, a man-in-the-middle attack could compromise communications.

Often the easiest way to break the security of a client/server system is not to go head on to the security mechanisms, but instead to go around them. A man in the middle attack is a simple example of this, because you can use it to collect details to impersonate a user. Which is why it is important to consider encryption, hashing, and other security mechanisms in your design to ensure that information collected from a potential attacker won't allow access.

Another key feature to client-server security design is good coding practices. For example, following a known software design structure, such as client and broker, can help in designing a well-built structure with a solid foundation. Furthermore, if the software is to be modified in the future, it is even more important that it follows a logical foundation of separation between the client and server. This is because if a programmer comes in and cannot clearly understand the dynamics of the program, they may end up adding or changing something that can add a security flaw. Even with the best design, this is always a possibility, but the better the standardization of the design, the less chance there is of this occurring.

References

"A Catalog of Security Architecture Weaknesses". 2017 IEEE International Conference on Software Architecture (ICSA). doi:10.1109/ICSAW.2017.25.
Manning (2019). Secure By Design. ISBN 9781617294358.
"Growing a pattern language (for security)". Onward! 2012: Proceedings of the ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software: 139–158. October 2012. doi:10.1145/2384592.2384607.
Dougherty, Chad; Sayre, Kirk; Seacord, Robert C.; Svoboda, David; Togashi, Kazuya (October 2009). "Secure Design Patterns". doi:10.1184/R1/6583640.v1. Cite journal requires |journal= (help)
"ETSI TS 103 645" (PDF).
"Policy paper: Proposals for regulating consumer smart product cyber security - call for views".

External links

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] "A Catalog of Security Architecture Weaknesses". 2017 IEEE International Conference on Software Architecture (ICSA). doi:10.1109/ICSAW.2017.25.

[2] Manning (2019). Secure By Design. ISBN 9781617294358.

[3] "Growing a pattern language (for security)". Onward! 2012: Proceedings of the ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software: 139–158. October 2012. doi:10.1145/2384592.2384607.

[4] Dougherty, Chad; Sayre, Kirk; Seacord, Robert C.; Svoboda, David; Togashi, Kazuya (October 2009). "Secure Design Patterns". doi:10.1184/R1/6583640.v1. Cite journal requires |journal= (help)

[5] "ETSI TS 103 645" (PDF).

[6] "Policy paper: Proposals for regulating consumer smart product cyber security - call for views".

Computer science
Note: This template roughly follows the 2012 ACM Computing Classification System.
Hardware	Printed circuit board Peripheral Integrated circuit Very Large Scale Integration Systems on Chip (SoCs) Energy consumption (Green computing) Electronic design automation Hardware acceleration
Computer systems organization	Computer architecture Embedded system Real-time computing Dependability
Networks	Network architecture Network protocol Network components Network scheduler Network performance evaluation Network service
Software organization	Interpreter Middleware Virtual machine Operating system Software quality
Software notations and tools	Programming paradigm Programming language Compiler Domain-specific language Modeling language Software framework Integrated development environment Software configuration management Software library Software repository
Software development	Control variable Software development process Requirements analysis Software design Software construction Software deployment Software maintenance Programming team Open-source model
Theory of computation	Model of computation Formal language Automata theory Computability theory Computational complexity theory Logic Semantics
Algorithms	Algorithm design Analysis of algorithms Algorithmic efficiency Randomized algorithm Computational geometry
Mathematics of computing	Discrete mathematics Probability Statistics Mathematical software Information theory Mathematical analysis Numerical analysis Theoretical computer science
Information systems	Database management system Information storage systems Enterprise information system Social information systems Geographic information system Decision support system Process control system Multimedia information system Data mining Digital library Computing platform Digital marketing World Wide Web Information retrieval
Security	Cryptography Formal methods Security services Intrusion detection system Hardware security Network security Information security Application security
Human–computer interaction	Interaction design Social computing Ubiquitous computing Visualization Accessibility
Concurrency	Concurrent computing Parallel computing Distributed computing Multithreading Multiprocessing
Artificial intelligence	Natural language processing Knowledge representation and reasoning Computer vision Automated planning and scheduling Search methodology Control method Philosophy of artificial intelligence Distributed artificial intelligence
Machine learning	Supervised learning Unsupervised learning Reinforcement learning Multi-task learning Cross-validation
Graphics	Animation Rendering Image manipulation Graphics processing unit Mixed reality Virtual reality Image compression Solid modeling
Applied computing	E-commerce Enterprise software Computational mathematics Computational physics Computational chemistry Computational biology Computational social science Computational engineering Computational healthcare Digital art Electronic publishing Cyberwarfare Electronic voting Video games Word processing Operations research Educational technology Document management
Book Category Outline WikiProject Commons