Security
How Can I Make My Code Secure?
You can't!
Security is a property of systems, not code
You don't have the background or skills to do systems security
In short, the textbook is lying to you. The industry is lying to you
No, Really, How Can I Make My Code Secure?
By making it a correct implementation of a secure design
Bugs don't just make code unreliable; they are vectors for attack
For starters, don't write it in C / C++…
Security
Resistance to an active adversary
Requires changing a bunch of assumptions
Key idea — threat modeling
Threat Modeling and Risk Analysis
What might your adversary do?
How likely is it to happen + work?
What might be the consequences?
Risk = Likelihood × Cost
Rank-order threats and ameliorate until expected risk is low
Common Threats
Integrity Threats: adversary damages system
- Worms / viruses can make system fail
Access Threats: adversary gets access to / control of system
Captured passwords
Bypassing security mechanisms
Availability Threats: adversary keeps the system from being useful
Network Denial of Service (DoS)
Overwhelm system capacity
Backups
Key mechanism for system recovery
Backups are also vulnerable to reliability and security issues
Recommendation: fully automated
Recommendation: offsite backups
Recommendation: check recovery regularly
Authorization and Authentication
User Account Management (UAM)
Access Control
Do not design / implement your own if at all possible
Lots of UAM out there: "federated" Google is good
OS, database, etc provide access control mechanisms
Get expert help
Cryptography and Protocols
Absolutely necessary, but absolutely difficult
Do not design / implement your own
Use existing ones carefully (e.g. SSL/TLS)
Get expert help
Common Risks: Insufficient Interface Checks
Example: input field checking for DBs
Example: buffer overflows
Common Risks: Software Failure
Always insufficient evidence of correctness
Clever adversary will find any counterexamples
Exploits will reach farther than you think
Common Risks: Exploiting People
"Social Engineering" vs access controls
No one ever mentions bribery / blackmail
Advice: Start With Less-Risky Systems
Medical devices and banks are not for newbs
Even webapps need to be thought out carefully
There are low-risk systems to get experience with
Open source — lots of help with risks
Internal corporate — friendly environment
Games etc — not much exposure
Don't forget to ask for help