Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.

Slides:



Advertisements
Similar presentations
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
Advertisements

VM: Chapter 5 Guiding Principles for Software Security.
Secure Design Principles  secure the weakest link  reduce the attack surface  practice defense in depth  minimize privilege  compartmentalize  fail.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Lecture 13 Page 1 CS 136, Fall 2014 Secure Programming Computer Security Peter Reiher December 2, 2014.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Types of Electronic Infection
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 5 Page 1 CS 236 Online Key Management Choosing long, random keys doesn’t do you any good if your clerk is selling them for $10 a pop at the back.
Computer Security By Duncan Hall.
Lecture 16 Page 1 CS 236 Online Exploiting Statelessness HTTP is designed to be stateless But many useful web interactions are stateful Various tricks.
Lecture 14 Page 1 CS 136, Fall 2012 Secure Programming CS 136 Computer Security Peter Reiher November 15, 2012.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Security Vulnerability Detection and reduction Linda Cornwall MWSG, CERN 24 Feb 2005
Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Lecture 15 Page 1 CS 136, Fall 2011 Secure Programming CS 136 Computer Security Peter Reiher November 15, 2011.
Lecture 13 Page 1 CS 136, Spring 2016 Secure Programming Computer Security Peter Reiher May 17, 2016.
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Secure Programming Computer Security Peter Reiher February 23, 2017
Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.
Outline Basic concepts in computer security
Protecting Memory What is there to protect in memory?
Common Methods Used to Commit Computer Crimes
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Outline Introduction Principles for secure software
Password Management Limit login attempts Encrypt your passwords
Outline What does the OS protect? Authentication for operating systems
Secure Programming CS 136 Computer Security Peter Reiher May 20, 2014
Outline Introduction Principles for secure software
Outline Introduction Characteristics of intrusion detection systems
Outline What does the OS protect? Authentication for operating systems
Web Security Advanced Network Security Peter Reiher August, 2014
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
6. Application Software Security
Secure Programming CS 136 Computer Security Peter Reiher March 2, 2010
Outline Introduction Principles for secure software
Presentation transcript:

Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security problems Thinking about them is likely to lead to more secure code

Lecture 13 Page 2 CS 236 Online 1. Secure the Weakest Link Don’t consider only a single possible attack Look at all possible attacks you can think of Concentrate most attention on most vulnerable elements

Lecture 13 Page 3 CS 236 Online For Example, Those attacking your web site are not likely to break transmission cryptography –Switching from DES to AES probably doesn’t address your weakest link Attackers are more likely to use a buffer overflow to break in –And read data before it’s encrypted –Prioritize preventing that

Lecture 13 Page 4 CS 236 Online 2. Practice Defense in Depth Try to avoid designing software so failure anywhere compromises everything Also try to protect data and applications from failures elsewhere in the system Don’t let one security breach give away everything

Lecture 13 Page 5 CS 236 Online For Example, You write a routine that validates all input properly All other routines that are supposed to get input should use that routine Worthwhile to have those routines also do some validation –What if there’s a bug in your general routine? –What if someone changes your code so it doesn’t use that routine for input?

Lecture 13 Page 6 CS 236 Online 3. Fail Securely Security problems frequently arise when programs fail They often fail into modes that aren’t secure So attackers cause them to fail –To see if that helps them So make sure that when ordinary measures fail, the fallback is secure

Lecture 13 Page 7 CS 236 Online For Example, A major security flaw in typical Java RMI implementations If server wants to use security protocol client doesn’t have, what happens? –Client downloads it from the server –Which it doesn’t trust yet... Malicious entity can force installation of compromised protocol

Lecture 13 Page 8 CS 236 Online 4. Use Principle of Least Privilege Give minimum access necessary For the minimum amount of time required Always possible that the privileges you give will be abused –Either directly or through finding a security flaw The less you give, the lower the risk

Lecture 13 Page 9 CS 236 Online For Example, Say your web server interacts with a backend database It only needs to get certain information from the database –And uses access control to determine which remote users can get it Set access permissions for database so server can only get that data If web server hacked, only part of database is at risk

Lecture 13 Page 10 CS 236 Online 5. Compartmentalize Divide programs into pieces Ensure that compromise of one piece does not automatically compromise others Set up limited interfaces between pieces –Allowing only necessary interactions

Lecture 13 Page 11 CS 236 Online For Example, Traditional Unix has terrible compartmentalization –Obtaining root privileges gives away the entire system Redesigns that allow root programs to run under other identities help –E.g., mail server and print server users Not just a problem for root programs –E.g., web servers that work for many clients Research systems like Asbestos allow finer granularity compartmentalization

Lecture 13 Page 12 CS 236 Online 6. Value Simplicity Complexity is the enemy of security Complex systems give more opportunities to screw up Also, harder to understand all “proper” behaviors of complex systems So favor simple designs over complex ones

Lecture 13 Page 13 CS 236 Online For Example, Re-use components when you think they’re secure Use one implementation of encryption, not several –Especially if you use “tried and true” implementation Build code that only does what you need –Implementation of exactly what you need are safer than “Swiss army knife” approaches Choose simple algorithms over complex algorithms –Unless complex one offers necessary advantages –“It’s somewhat faster” usually isn’t a necessary advantage –And “it’s a neat new approach” definitely isn’t

Lecture 13 Page 14 CS 236 Online Especially Important When Human Users Involved Users will not read documentation –So don’t rely on designs that require that Users are lazy –They’ll ignore pop-ups and warnings –They will prioritize getting the job done over security –So designs requiring complex user decisions usually fail

Lecture 13 Page 15 CS 236 Online 7. Promote Privacy Avoid doing things that will compromise user privacy Don’t ask for data you don’t need Avoid storing user data permanently –Especially unencrypted data There are strong legal issues related to this, nowadays

Lecture 13 Page 16 CS 236 Online For Example, Google’s little war driving incident They drove around many parts of the world to get information on Wifi hotspots But they simultaneously were sniffing and storing packets from those networks And gathered a lot of private information They got into a good deal of trouble...

Lecture 13 Page 17 CS 236 Online 8. Remember That Hiding Secrets is Hard Assume anyone who has your program can learn everything about it “Hidden” keys, passwords, certificates in executables are invariably found Security based on obfusticated code is always broken Just because you’re not smart enough to crack it doesn’t mean the hacker isn’t, either

Lecture 13 Page 18 CS 236 Online For Example, Passwords often “hidden” in executables –GarretCom network switches tried to do this in SCADA control systems –Allowed escalation of privilege if one had any login account Android apps containing private keys are in use (and are compromised) Ubiquitous in digital rights management –And it never works

Lecture 13 Page 19 CS 236 Online 9. Be Reluctant to Trust Don’t automatically trust things –Especially if you don’t have to Remember, you’re not just trusting the honesty of the other party –You’re also trusting their caution Avoid trusting users you don’t need to trust, too –Doing so makes you more open to social engineering attacks

Lecture 13 Page 20 CS 236 Online For Example, Why do you trust that shrinkwrapped software? Or that open source library? Must you? Can you design the system so it’s secure even if that component fails? If so, do it

Lecture 13 Page 21 CS 236 Online 10. Use Your Community Resources Favor widely used and respected security software over untested stuff –Especially your own... Keep up to date on what’s going on –Not just patching –Also things like attack trends

Lecture 13 Page 22 CS 236 Online For Example, Don’t implement your own AES code Rely on one of the widely used versions But also don’t be too trusting –E.g., just because it’s open source doesn’t mean it’s more secure

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.