Vulnerability Prevention Techniques - One of the best ways to prevent the exploitation of buffer overflow vulnerabilities is to detect and eliminate them from the source code before the software is put to use, usually by performing some sort of static analysis on either the source code or on the compiled binaries. A proven technique for uncovering flaws in software is source code review, also known as source code auditing. Tools designed for automatic source code analysis complement manual audits by identifying potential security violations, including functions that perform unbounded string copying.
Some of the best-known tools are ITS4 (www.cigital.com/its4/), RATS (www.securesw.com/rats/), and LCLint [7]. An extensive list of auditing tools is provided by the Sardonix portal at sardonix.org/Auditing_Resources.html.
Phase |
Key security considerations |
Example checklists |
Requirements |
•Determination of security assumptions, including product deployment scenarios. •Identification of critical assets to be protected and secured •Identification of security requirements and interface specifications for third-part product incorporated in the design and security interoperating with rest of the network •Identification of requirements for securing the communication, data storage, and configuration for the product. •Performing high-level threat analysis •Determination of the product hardening techniques to be applied. |
•Regulatory list for industry. •List of relevant best practices to be incorporated. •List of standards for compliance. •List of high-level threats. |
Design |
•Define and design security architectures where product will reside •Perform detailed threat and potential vulnerability analysis for critical assets. •Principles of defense in depth; least privilege and partitioning should be followed. •Both static and dynamic analysis tools should be used. |
•Access Controls, Authentication, Confidentiality •List of advanced secure protocol standards •completion of applicable architecture views for management signaling, and user. |
Implementation |
•Ensuring a secure development environment. •Adhering to security standards and best practices for protocol implementation, hardening, and coding practices. •Use of secure tools, e.g., compilers, implementation reviews. Code reviews are the primary mechanisms for ensuring the security in the implementation phase. |
•Configuration guidelines. •List of unused ports to be protected. •List of rules for product hardening to guide implementation choices. |
Testing |
•Determine whether security mechanisms are working as designed and whether anything is missing. •Determine whether software implementation has introduced new vulnerabilities that can be exploited. •Defect review analysis is helpful in preventing further security defects in the development cycles. •Apply stress testing for vulnerabilities and penetration. |
•List of adversarial test cases to be executed. •List of known vulnerabilities in subcomponents ad in the product that have been tested. •Use of secure static and dynamic tools, e.g., compilers, standards compliance, implementation reviews. •Check for open ports. |
System Security Models - An important concept in the design and analysis of secure systems is the security model, because it incorporates the security policy that should be enforced in the system. A model is a symbolic representation of a policy. It maps the desires of the policymakers into a set of rules that a computer system must follow.
Software controls come in various flavors with many different goals. They can control input, encryption, logic processing, number-crunching methods, inter-process communication, access, output, and interfacing with other software. They should be developed with potential risks in mind, and many types of threat models and risk analyses should be invoked at different stages of development.
The top risks identified relating to software development as of this writing: I am only covering some of the most frequent ones that still affect software, but when it comes to designing safe and secure software, Buffer Overflows problems still rate high on the list.
Now one of the keys to developing better software design is to pick a life cycle that fits your needs with a model of development that matches your culture, because without any standards you will have no way of measuring your success or failure. Everything starts someplace, and you always have the option to change and evolve as time goes on.