How Can I Make My Code Secure?

  • You can't!

  • Security is a property of systems, not code

  • You don't have the background or skills to do systems security

  • In short, the textbook is lying to you. The industry is lying to you

No, Really, How Can I Make My Code Secure?

  • By making it a correct implementation of a secure design

  • Bugs don't just make code unreliable; they are vectors for attack

  • For starters, don't write it in C / C++…


  • Resistance to an active adversary

  • Requires changing a bunch of assumptions

  • Key idea — threat modeling

Threat Modeling and Risk Analysis

  • What might your adversary do?

  • How likely is it to happen + work?

  • What might be the consequences?

  • Risk = Likelihood × Cost

  • Rank-order threats and ameliorate until expected risk is low

Common Threats

  • Integrity Threats: adversary damages system

    • Worms / viruses can make system fail
  • Access Threats: adversary gets access to / control of system

    • Captured passwords

    • Bypassing security mechanisms

  • Availability Threats: adversary keeps the system from being useful

    • Network Denial of Service (DoS)

    • Overwhelm system capacity


  • Key mechanism for system recovery

  • Backups are also vulnerable to reliability and security issues

  • Recommendation: fully automated

  • Recommendation: offsite backups

  • Recommendation: check recovery regularly

Authorization and Authentication

  • User Account Management (UAM)

  • Access Control

  • Do not design / implement your own if at all possible

    • Lots of UAM out there: "federated" Google is good

    • OS, database, etc provide access control mechanisms

  • Get expert help

Cryptography and Protocols

  • Absolutely necessary, but absolutely difficult

  • Do not design / implement your own

  • Use existing ones carefully (e.g. SSL/TLS)

  • Get expert help

Common Risks: Insufficient Interface Checks

  • Example: input field checking for DBs

  • Example: buffer overflows

Common Risks: Software Failure

  • Always insufficient evidence of correctness

  • Clever adversary will find any counterexamples

  • Exploits will reach farther than you think

Common Risks: Exploiting People

  • "Social Engineering" vs access controls

  • No one ever mentions bribery / blackmail

Advice: Start With Less-Risky Systems

  • Medical devices and banks are not for newbs

  • Even webapps need to be thought out carefully

  • There are low-risk systems to get experience with

    • Open source — lots of help with risks

    • Internal corporate — friendly environment

    • Games etc — not much exposure

  • Don't forget to ask for help

Last modified: Wednesday, 11 November 2020, 4:18 PM