Architecture Software Design Continued...!

Vulnerability Prevention Techniques - One of the best ways to prevent the exploitation of buffer overflow vulnerabilities is to detect and eliminate them from the source code before the software is put to use, usually by performing some sort of static analysis on either the source code or on the compiled binaries. A proven technique for uncovering flaws in software is source code review, also known as source code auditing. Tools designed for automatic source code analysis complement manual audits by identifying potential security violations, including functions that perform unbounded string copying.

 

Some of the best-known tools are ITS4 (www.cigital.com/its4/), RATS (www.securesw.com/rats/), and LCLint [7]. An extensive list of auditing tools is provided by the Sardonix portal at sardonix.org/Auditing_Resources.html.

 

Table of Security Protocols Checklist

 

Phase

Key security considerations

Example checklists

Requirements

•Determination of security assumptions, including product deployment scenarios.

•Identification of critical assets to be protected and secured

•Identification of security requirements and interface specifications for third-part product incorporated

in the design and security interoperating with rest of the network

•Identification of requirements for securing the communication, data storage, and configuration for the product.

•Performing high-level threat analysis

•Determination of the product hardening techniques to be applied.

•Regulatory list for industry.

•List of relevant best practices to be incorporated.

•List of standards for compliance.

•List of high-level threats.

Design

•Define and design security architectures where product will reside

•Perform detailed threat and potential vulnerability analysis for critical assets.

•Principles of defense in depth; least privilege and partitioning should be followed.

•Both static and dynamic analysis tools should be used.

•Access Controls, Authentication, Confidentiality

•List of advanced secure protocol standards

•completion of applicable architecture views for management signaling, and user.

Implementation

•Ensuring a secure development environment.

•Adhering to security standards and best practices for protocol implementation, hardening, and coding practices.

•Use of secure tools, e.g., compilers, implementation reviews. Code reviews are the primary mechanisms for ensuring the security in the implementation phase.

•Configuration guidelines.

•List of unused ports to be protected.

•List of rules for product hardening to guide implementation choices.

Testing

•Determine whether security mechanisms are working as designed and whether anything is missing.

•Determine whether software implementation has introduced new vulnerabilities that can be exploited.

•Defect review analysis is helpful in preventing further security defects in the development cycles.

•Apply stress testing for vulnerabilities and penetration.

•List of adversarial test cases to be executed.

•List of known vulnerabilities in subcomponents ad in the product that have been tested.

•Use of secure static and dynamic tools, e.g., compilers, standards compliance, implementation reviews.

•Check for open ports.

 

Architecture Types - The basic core definitions of the different architecture types are as follows:

  • Monolithic all operating system processes run in kernel mode.
  • Layered all operating system processes run in a hierarchical model in kernel mode.
  • Microkernel Core operating system processes run in kernel mode and the remaining ones run in user mode.
  • Hybrid microkernel all operating system processes run in kernel mode. Core processes run within a microkernel and others run in a client\server model.
  • The main architectures that are used in systems today are illustrated below

System Security Models - An important concept in the design and analysis of secure systems is the security model, because it incorporates the security policy that should be enforced in the system. A model is a symbolic representation of a policy. It maps the desires of the policymakers into a set of rules that a computer system must follow.

Software controls come in various flavors with many different goals. They can control input, encryption, logic processing, number-crunching methods, inter-process communication, access, output, and interfacing with other software. They should be developed with potential risks in mind, and many types of threat models and risk analyses should be invoked at different stages of development.

The top risks identified relating to software development as of this writing: I am only covering some of the most frequent ones that still affect software, but when it comes to designing safe and secure software, Buffer Overflows problems still rate high on the list.

  1. Buffer Overflows
  2. SQL Injection
  3. Cross-Site scripting (XSS)
  4. Broken Authentication and Session management
  5. Insecure Direct Object References
  6. Cross-Site Request Forgery (CSRF)
  7. Security Mis-configuration
  8. Insecure Cryptographic Storage
  9. Failure to Restrict URL Access
  10. Insufficient Transport Layer Protection
  11. Un-validated Redirects and Forwards
  12. 3rd Party Apps

 

Now one of the keys to developing better software design is to pick a life cycle that fits your needs with a model of development that matches your culture, because without any standards you will have no way of measuring your success or failure. Everything starts someplace, and you always have the option to change and evolve as time goes on.

Download
Security Architecture Paper - Click to download
Security_Architecture_LanceW.docx
Microsoft Word document [523.6 KB]

Lance West

 

DigiBrains@msn.com

 

 

  • Cyber-Security

 

  • Information Assurance training

 

  • IT Risk Analysis

 

  • BIA/BCP Development

 

  • Software Security

 

  • Databases
Print | Sitemap
© DigiBrains LLC

Web ViewMobile View

Logout | Edit page