Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.

Published byMarcia Johnston Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail."— Presentation transcript:

1 Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail safely  keep it simple  maintain privacy  trust reluctantly  mediate completely  practice open design

2 Secure the Weakest Link Which is an attacker most likely to exploit?  encrypted data  smash the runtime stack  your company’s firewall  a naïve employee (social engineering) What does “weak” mean? Algorithm: analyze the risk; do forever { identify weakest link; mitigate weakest link; } Spend your time where it matters.

3 Reduce the Attack Surface What is an attack surface? You are put in charge of the corporate help desk. The most common task is resetting passwords. Develop a secure procedure to allow employees to reset their corporate password by phone. Example Methods to reduce an attack surface Refactoring for security

4 Practice Defense in Depth Consider the teller at your local bank What about a web server application? 

5 Minimize Privilege A student is hired to supervise the CS Department lab. How should the student be given access to the locked lab? Principle of Least Privilege List various kinds of privilege in a computer application.

6 Compartmentalize How are ocean tankers built? Separation of Privilege

7 Fail Safely  Deny by default  Close open files/ports Failure is inevitable! – Plan for it!  Drop permissions  Safe ≠ Functional  Uncaught exceptions?  Network failure?

8 Keep It Simple Example: IPSEC standards for securing TCP/IP as opposed to SSL and VPN  redundancy can improve security but adds to complexity Reuse Complex design leads to subtle vulnerabilities.  readable code improves many things …including security  more functionality = more attack surface  small is simple Ease of use 1) Remember users don’t read documentation. 2) Design for actual users, not the CEO. 3) User aren’t always right …about security. 4) Users are lazy.

9 Keep It Simple (cont’d) Chokepoint  Sometimes called a wrapper  localization of key security issues

10 Maintain Privacy Privacy is not the same as confidentiality. How do credit card companies secure card numbers? Social engineering attacks depend upon private info. How does signing code increase the attack surface? Trust Reluctantly Insider attacks are common. Ken Thompson – “Reflections on Trusting Trust”, 1984 (cm.bell-labs.com/who/ken/trust.html) Even cryptographic routines can be untrustworthy (www.interhack.net/people/cmcurtin/snake-oil-faq.html)

11 Mediate Completely Validate all input. Every access of every asset needs to be authorized. Check for out of bounds, overflow, Flush cache storage

12 Practice Open Design Example 2: NSA refused to publish their analysis of DES Example 1: early Diebold voting machines Example 3: RSA did not publish RC2 & RC4 Open design does not always imply open source. Concealing only gives a temporary sense of security Obscurity ≠ Security

Download ppt "Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Outline Designing and Writing Secure Code –General principles –Example: sendmail vs qmail Compiler Prime: Run-time Environment and Program Organization.

Outline Designing and Writing Secure Code –General principles –Example: sendmail vs qmail Compiler Prime: Run-time Environment and Program Organization.
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Outline Designing and Writing Secure Code

Outline Designing and Writing Secure Code
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏

(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.

1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google