SlideShare a Scribd company logo

Designing Flexibility in Software to Increase Security

Download as PPTX, PDF
L
lawmoore

The document discusses the importance of designing flexibility in software to enhance security, advocating for modular designs that can adapt to changing conditions such as customer demands and regulatory requirements. It highlights the trade-offs between flexibility and integrity, emphasizing that while flexibility supports scalability and reduces maintenance costs, it can also introduce vulnerabilities if not managed properly. Key aspects include the necessity of standards, modularity, and agile methodologies to ensure a robust security posture in evolving software environments.

Software
Related topics:
Software Security
1 of 33
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Designing Flexibility in Software to Increase Security Larry Moore, CISSP CISA October 22, 2015
About Code A Code A’ Time The only constant in business is change.
What is Flexibility? Software design that promotes modularity and can be easily modified to adjust to internal and external changes such as customer demands, architecture modification, regulatory compliance modifications or other factors while maintaining a consistent proactive security posture. Best during the requirements analysis phase and followed through during design and implementation Quality = Security
Outside Influences • Operating system changes • Deprecated API’s • Architecture changes (motherboard) • New laws and/or regulatory requirements • PCI testing procedures change over time • Outside legitimate hacks • Third party and customer demands • Business changes such as new opportunities • Competition
Security & Flexibility • Changes in security protocols • OUT: SSL; IN: TLS • OUT: MD5; IN: SHA • SecurityNOW Podcasts • 499: InstantCryptor • Incorrect security implementation, encryption without authentication • 530: Doing it Wrong • Four examples of companies making security mistakes PCI
Flexibility Advantages • Improved scalability • Lower maintenance costs • The cost of fixing errors after a system is operational is up to 30 times greater than if the error was caught during system testing. • Lieblein, E. (see Reference at end) • Extends lifecycle • Reduces impact to customers • Your career!
Flexibility Disadvantages • More easily abused especially by management • Additional overhead • Additional size • Lower performance • Generally decreasing because of increasing processor speed • Integrity may be impacted because of generalization of data structures
Timeline - 1977 • Factors in Software Quality • Griffiss Air Force Base and General Electric, NY • “This report has stressed the methodology of deriving and validating the normalization functions to encourage the application of these techniques to other software development. Use on future developments will add to the data base for the establishment of generalized normalization function…toward a higher quality product.” • Flexibility was included in the top list of 11 out of 55 software quality factors. It extends to Accessibility, Adaptability, Augmentability, Expandability, Extensibility, Modifiability • Effort required to modify an operational program • A system that is not flexible costs more and takes longer to change. • Focuses on: • Identify a set of quality factors • Metrics throughout the development cycle • Communicate results to senior management (Air Force)
Factors in Software Quality • Flexibility vs. Integrity: Flexibility requires very general and flexible data structures. This increases the data security problem. • May be mitigated through XML Cost to Fix Time Impact to fix after delivery
Business Resistance • Be first on the market • First is not always best; others may learn at your expense • Sell it now, fix it later • Generally higher help desk costs • Limited budgets • Regulatory requirements and customer feedback • Four types of business risk: • Finance: Loss of customers or revenue • Reputation: Loss of trust or loss due to competition or public opinion (true or false) • Compliance: Fines or penalties; loss of business • Certainty of non-compliance vs. possibility of a breach • Liability: Civil litigation
Architectural Changes Architecture Release Microprosessor Bits 8088 1979 8 8086 80286 1978 1984 16 80386 1985 32 Current 2001 - 2003 64
Architectural Changes If unsigned int x in C equals…. x = 0xFFFF —OR— x = (unsigned int) -1 0xFFFF -1 16 Bit 0xFFFF 0xFFFF 32 Bit 0x0000FFFF 0xFFFFFFFF 64 Bit 0X000000000000FFFF 0xFFFFFFFFFFFFFFFF
Example Integrity
OS/2 Postscript Driver 1.0 to < 2.1
Caught between… Management OS/2 VendorsMe
OS/2 Postscript Driver 2.1 & later
Standards • Define the framework and use it • Encapsulation • Possible even with non-object oriented code • Minimize the use of global variables • Try to predict changes • Polymorphism • Common interfaces • Set short-term definable goals and include metrics • Involve various business units to ensure proper scope • Enforce scope • Include dependencies in your requirements and plan for the possibility of requirements failures
Standards • Creation • Zero all buffer contents • Nullify all pointers • Set all variables to a Non-Defined or Not-In-Use state • Consider hashes or algorithms for immutable values; check periodically • Use • Proper read and write interfaces • Verify all data before modifications outside of your code • Restrict access of values via interfaces • Use proper error return values • Deletion • Most of the same as Creation • Remember: Data must be under your control only between Creation and Deletion
Why Standards? • Designing standards into the earliest versions forces customers to adhere appropriately • Once customers use your product they’re, in a sense, “locked” onto your standards • Customers will sacrifice security and may blame you if there are any vulnerabilities • Changing products can be expensive and time-consuming. That will likely create dissatisfaction with your product • Customers will expect change but only to a certain point
Static Code Analysis • PROS • Great for low-cost identification of clear errors • Variety of software engineers approach threats from different perspectives They also contain a variety of experiences. • Excellent way of improving development skills by learning from other experts • CONS • “Static” focuses on immediate issues yet misses many strategic goals • Not very useful to identify vulnerabilities “from a 30,000 foot level” • Many people have missed vulnerabilities • Heartbleed and Shellshock
Modularity • A technique that emphasizes separating program functionality into independent, interchangeable modules • Data trust only exists directly between trusted modules • Trust is broken any time an outside process “touches” data for a trusted module • Global data is kept to an absolute minimum • Verify, verify, verify! • Document, document, document! • Enforce standards rules
Modularity • Object-oriented code • Methods are declared private by default an only lowered to a less secure level when necessary. • Any data that is declared public or protected is to be considered untrusted. Declare data as either only when absolutely necessary. • Public methods are more trustworthy to “shield” internal data thus permitting internal changes when necessary. • Deprecated public access points may be retained if needed for backward compatibility.
Modularity Process (Private) Conversion • Core process is shielded from the rest of the program • Conversion or sanitization process ensures that code is protected • Modifications are primarily processed by the converter then by the internal process • The “separation process” enables easier development
Modularity Function A (old) Function B (new) Process (Private)
Modularity Example • Example: Alexander D’Alessandro • Note the apostrophe • O’Hara (Ohara), D’Abo, Smith-Jones, etc.
Example #define UNDEFINED_AGE ((unsigned int) -1) #defined MIN_AGE 0 /* newborn */ #defined MAX_AGE 100 unsigned int current_age; Creation and Deletion current_age = UNDEFINED_AGE;
Example if (current_age == UNDEFINED_AGE) { } else if (current_age >= MIN_AGE && current_age <= MAX_AGE) { } else { <error handling> } /* First iteration will never be true since ‘current_age’ is */ /* unsigned. */ /* UNDEFINED_AGE will be included in this context */ if (current_age < MIN_AGE && current_age > MAX_AGE) { <error handling> } else { }
Agile Methodology • Agile is a more flexible • Implements more object-oriented software development through smaller, more incremental work • Encourages simplicity • Enables faster changes • Involves cross-platform teams across the enterprise • Baseline for: • Scrum • Extreme programming (XP) • Rational Unified Process (RUP) • The Waterfall model is still used today but is not very effective in modular design.
What About Security? • Modularity… • Enforces standards • Developers will bypass standards if you permit it • Developers will “hack” public data (not melovantly) if permitted • Your manager will likely prefer to keep your customers happy over security. Accept it! • Permits you to make internal changes with little or no impact to the customer • Migrating from one security protocol to another
Career Recommendations • Never disclose sensitive or private information • Read and understand all NDA agreements. Obey them! • Err on the side of caution • Metrics are critical • Ease of modifying code • Minimum number of defects per line of code • “Forward thinking” • “Security is the focal point of my development!”
Questions? Larry Moore larry.moore.cissp@gmail.com https://www.linkedin.com/in/lawrencemoore
Recommendations • The Power of Ten - Rules for Developing Safety Critical Code • Gerard J. Holzmann, NASA JPL Laboratory for Reliable Software; 2006 • Formalizing Space Shuttle Software Requirements • Judith Crow, Computer Science Laboratory, 1996 • Two case studies in which requirements for new flight software subsystems on NASA's Space Shuttle were analyzed using mechanically supported formal methods. • The Economic Impacts of Inadequate Infrastructure for Software Testing • NIST, May 2002
References • Adrian, David; Bhargavan, Karthikeyan, et. al; Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice • Agile Modeling: http://www.agilemodeling.com/essays/agileModelingRUP .htm • Lieblein, E., “Computer Software: Problem and Possible Solutions”, CENTACS USAECOM Memorandum, 7 November 1972 • Factors in Software Quality: http://www.dtic.mil/dtic/tr/fulltext/u2/a049055.pdf

More Related Content

PPT
FLIGHT Amsterdam Presentation - From Protex to Hub
Black Duck by Synopsys
 
PPTX
Security Design Concepts
Mohammed Fazuluddin
 
PDF
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Black Duck by Synopsys
 
PDF
FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...
Black Duck by Synopsys
 
PDF
Open Architecture: The Key to Aviation Security
agoldsmith1
 
PDF
NetWrix Change Reporter Suite - Product Review by Don Jones
Netwrix Corporation
 
PPTX
Top 5 identity management challenges and solutions
Netwrix Corporation
 
PPTX
File system auditing who accessed what files and where
Netwrix Corporation
 
FLIGHT Amsterdam Presentation - From Protex to Hub
Black Duck by Synopsys
 
Security Design Concepts
Mohammed Fazuluddin
 
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Black Duck by Synopsys
 
FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...
Black Duck by Synopsys
 
Open Architecture: The Key to Aviation Security
agoldsmith1
 
NetWrix Change Reporter Suite - Product Review by Don Jones
Netwrix Corporation
 
Top 5 identity management challenges and solutions
Netwrix Corporation
 
File system auditing who accessed what files and where
Netwrix Corporation
 

What's hot (20)

PPTX
Top 10 critical changes to audit in your it infrastructure
Netwrix Corporation
 
PPTX
Top 5 critical changes to audit for active directory
Netwrix Corporation
 
PPTX
Design Like a Pro: Machine Learning Basics
Inductive Automation
 
PPTX
Managing Security in Agile Culture
SARCCOM
 
PPTX
Design Like a Pro: Scripting Best Practices
Inductive Automation
 
PDF
Security in the Software Development Life Cycle (SDLC)
Frances Coronel
 
PPTX
Adressing nonfunctional requirements with agile practices
Mario Cardinal
 
PPTX
CISSP - Chapter 3 - CPU Architecture
Karthikeyan Dhayalan
 
PPTX
CISSP Chapter 1 BCP
Karthikeyan Dhayalan
 
PPTX
Social Distance Your IBM i from Cybersecurity Risk
Precisely
 
PPTX
How to achieve Continous Delivery
Geoffrey Vandiest
 
PDF
CNIT 125 Ch 4. Security Engineering (Part 1)
Sam Bowne
 
PPTX
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 
PDF
CISSP Prep: Ch 6. Identity and Access Management
Sam Bowne
 
PDF
Putting the Sec into DevOps
Maytal Levi
 
PDF
Decision Matrix for IoT Product Development
Alexey Pyshkin
 
PPT
Validating Non Functional Requirements
Reuben Korngold
 
PPT
Capturing Measurable Non Functional Requirements
Shehzad Lakdawala
 
PPTX
Non-Functional Requirements Are Important (with Explanatory Notes)
Stephen Booth MIET MBCS OLA
 
PPTX
Design Like a Pro: SCADA Security Guidelines
Inductive Automation
 
Top 10 critical changes to audit in your it infrastructure
Netwrix Corporation
 
Top 5 critical changes to audit for active directory
Netwrix Corporation
 
Design Like a Pro: Machine Learning Basics
Inductive Automation
 
Managing Security in Agile Culture
SARCCOM
 
Design Like a Pro: Scripting Best Practices
Inductive Automation
 
Security in the Software Development Life Cycle (SDLC)
Frances Coronel
 
Adressing nonfunctional requirements with agile practices
Mario Cardinal
 
CISSP - Chapter 3 - CPU Architecture
Karthikeyan Dhayalan
 
CISSP Chapter 1 BCP
Karthikeyan Dhayalan
 
Social Distance Your IBM i from Cybersecurity Risk
Precisely
 
How to achieve Continous Delivery
Geoffrey Vandiest
 
CNIT 125 Ch 4. Security Engineering (Part 1)
Sam Bowne
 
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 
CISSP Prep: Ch 6. Identity and Access Management
Sam Bowne
 
Putting the Sec into DevOps
Maytal Levi
 
Decision Matrix for IoT Product Development
Alexey Pyshkin
 
Validating Non Functional Requirements
Reuben Korngold
 
Capturing Measurable Non Functional Requirements
Shehzad Lakdawala
 
Non-Functional Requirements Are Important (with Explanatory Notes)
Stephen Booth MIET MBCS OLA
 
Design Like a Pro: SCADA Security Guidelines
Inductive Automation
 
Ad

Similar to Designing Flexibility in Software to Increase Security (20)

PPT
SOFTWARE QUALITY ASSURANCE, PAOLA DI MAIO
Networked Research Lab, UK
 
PDF
The Open Closed Principle - Part 1 - The Original Version
Philip Schwarz
 
PDF
Caring about Code Quality
Saltmarch Media
 
PDF
Software systems engineering PRINCIPLES
Ivano Malavolta
 
PPT
SOFWARE QUALITY, INTRODUCTION
Networked Research Lab, UK
 
PPT
3. quality.ppt
AkashA993877
 
PPT
Software engineering introduction
Vishal Singh
 
PPT
Twelve practices of XP_Se lect5 btech
IIITA
 
PDF
1. introducción a la Ingeniería de Software (UTM 2071)
Mario A Moreno Rocha
 
PPTX
Capability Building for Cyber Defense: Software Walk through and Screening
Maven Logix
 
PPTX
Non Functional Requirement.
Khushboo Shaukat
 
PPTX
Clean code presentation
Bhavin Gandhi
 
PDF
The Open-Closed Principle - the Original Version and the Contemporary Version
Philip Schwarz
 
PPTX
Software Design
Ahmed Misbah
 
PPT
CH 1 The Scope of Object Oriented SE.ppt
masifuosgrw
 
PPT
Cnpm bkdn
Ankit yadav
 
PDF
Clean Code V2
Jean Carlo Machado
 
PDF
S.O.L.I.D xp
XP Conference India
 
PDF
Writing S.O.L.I.D Code
Rajeev Bharshetty
 
PPTX
PRESENTATION of Software Engineering.pptx
sanawarali920
 
SOFTWARE QUALITY ASSURANCE, PAOLA DI MAIO
Networked Research Lab, UK
 
The Open Closed Principle - Part 1 - The Original Version
Philip Schwarz
 
Caring about Code Quality
Saltmarch Media
 
Software systems engineering PRINCIPLES
Ivano Malavolta
 
SOFWARE QUALITY, INTRODUCTION
Networked Research Lab, UK
 
3. quality.ppt
AkashA993877
 
Software engineering introduction
Vishal Singh
 
Twelve practices of XP_Se lect5 btech
IIITA
 
1. introducción a la Ingeniería de Software (UTM 2071)
Mario A Moreno Rocha
 
Capability Building for Cyber Defense: Software Walk through and Screening
Maven Logix
 
Non Functional Requirement.
Khushboo Shaukat
 
Clean code presentation
Bhavin Gandhi
 
The Open-Closed Principle - the Original Version and the Contemporary Version
Philip Schwarz
 
Software Design
Ahmed Misbah
 
CH 1 The Scope of Object Oriented SE.ppt
masifuosgrw
 
Cnpm bkdn
Ankit yadav
 
Clean Code V2
Jean Carlo Machado
 
S.O.L.I.D xp
XP Conference India
 
Writing S.O.L.I.D Code
Rajeev Bharshetty
 
PRESENTATION of Software Engineering.pptx
sanawarali920
 
Ad

Recently uploaded (20)

PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
System and Network Administration Chapter 2
jaramharo
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
AI in Product Development-omnex systems
omnex systems
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 

Designing Flexibility in Software to Increase Security

  • 1. Designing Flexibility in Software to Increase Security Larry Moore, CISSP CISA October 22, 2015
  • 2. About Code A Code A’ Time The only constant in business is change.
  • 3. What is Flexibility? Software design that promotes modularity and can be easily modified to adjust to internal and external changes such as customer demands, architecture modification, regulatory compliance modifications or other factors while maintaining a consistent proactive security posture. Best during the requirements analysis phase and followed through during design and implementation Quality = Security
  • 4. Outside Influences • Operating system changes • Deprecated API’s • Architecture changes (motherboard) • New laws and/or regulatory requirements • PCI testing procedures change over time • Outside legitimate hacks • Third party and customer demands • Business changes such as new opportunities • Competition
  • 5. Security & Flexibility • Changes in security protocols • OUT: SSL; IN: TLS • OUT: MD5; IN: SHA • SecurityNOW Podcasts • 499: InstantCryptor • Incorrect security implementation, encryption without authentication • 530: Doing it Wrong • Four examples of companies making security mistakes PCI
  • 6. Flexibility Advantages • Improved scalability • Lower maintenance costs • The cost of fixing errors after a system is operational is up to 30 times greater than if the error was caught during system testing. • Lieblein, E. (see Reference at end) • Extends lifecycle • Reduces impact to customers • Your career!
  • 7. Flexibility Disadvantages • More easily abused especially by management • Additional overhead • Additional size • Lower performance • Generally decreasing because of increasing processor speed • Integrity may be impacted because of generalization of data structures
  • 8. Timeline - 1977 • Factors in Software Quality • Griffiss Air Force Base and General Electric, NY • “This report has stressed the methodology of deriving and validating the normalization functions to encourage the application of these techniques to other software development. Use on future developments will add to the data base for the establishment of generalized normalization function…toward a higher quality product.” • Flexibility was included in the top list of 11 out of 55 software quality factors. It extends to Accessibility, Adaptability, Augmentability, Expandability, Extensibility, Modifiability • Effort required to modify an operational program • A system that is not flexible costs more and takes longer to change. • Focuses on: • Identify a set of quality factors • Metrics throughout the development cycle • Communicate results to senior management (Air Force)
  • 9. Factors in Software Quality • Flexibility vs. Integrity: Flexibility requires very general and flexible data structures. This increases the data security problem. • May be mitigated through XML Cost to Fix Time Impact to fix after delivery
  • 10. Business Resistance • Be first on the market • First is not always best; others may learn at your expense • Sell it now, fix it later • Generally higher help desk costs • Limited budgets • Regulatory requirements and customer feedback • Four types of business risk: • Finance: Loss of customers or revenue • Reputation: Loss of trust or loss due to competition or public opinion (true or false) • Compliance: Fines or penalties; loss of business • Certainty of non-compliance vs. possibility of a breach • Liability: Civil litigation
  • 11. Architectural Changes Architecture Release Microprosessor Bits 8088 1979 8 8086 80286 1978 1984 16 80386 1985 32 Current 2001 - 2003 64
  • 12. Architectural Changes If unsigned int x in C equals…. x = 0xFFFF —OR— x = (unsigned int) -1 0xFFFF -1 16 Bit 0xFFFF 0xFFFF 32 Bit 0x0000FFFF 0xFFFFFFFF 64 Bit 0X000000000000FFFF 0xFFFFFFFFFFFFFFFF
  • 17. Standards • Define the framework and use it • Encapsulation • Possible even with non-object oriented code • Minimize the use of global variables • Try to predict changes • Polymorphism • Common interfaces • Set short-term definable goals and include metrics • Involve various business units to ensure proper scope • Enforce scope • Include dependencies in your requirements and plan for the possibility of requirements failures
  • 18. Standards • Creation • Zero all buffer contents • Nullify all pointers • Set all variables to a Non-Defined or Not-In-Use state • Consider hashes or algorithms for immutable values; check periodically • Use • Proper read and write interfaces • Verify all data before modifications outside of your code • Restrict access of values via interfaces • Use proper error return values • Deletion • Most of the same as Creation • Remember: Data must be under your control only between Creation and Deletion
  • 19. Why Standards? • Designing standards into the earliest versions forces customers to adhere appropriately • Once customers use your product they’re, in a sense, “locked” onto your standards • Customers will sacrifice security and may blame you if there are any vulnerabilities • Changing products can be expensive and time-consuming. That will likely create dissatisfaction with your product • Customers will expect change but only to a certain point
  • 20. Static Code Analysis • PROS • Great for low-cost identification of clear errors • Variety of software engineers approach threats from different perspectives They also contain a variety of experiences. • Excellent way of improving development skills by learning from other experts • CONS • “Static” focuses on immediate issues yet misses many strategic goals • Not very useful to identify vulnerabilities “from a 30,000 foot level” • Many people have missed vulnerabilities • Heartbleed and Shellshock
  • 21. Modularity • A technique that emphasizes separating program functionality into independent, interchangeable modules • Data trust only exists directly between trusted modules • Trust is broken any time an outside process “touches” data for a trusted module • Global data is kept to an absolute minimum • Verify, verify, verify! • Document, document, document! • Enforce standards rules
  • 22. Modularity • Object-oriented code • Methods are declared private by default an only lowered to a less secure level when necessary. • Any data that is declared public or protected is to be considered untrusted. Declare data as either only when absolutely necessary. • Public methods are more trustworthy to “shield” internal data thus permitting internal changes when necessary. • Deprecated public access points may be retained if needed for backward compatibility.
  • 23. Modularity Process (Private) Conversion • Core process is shielded from the rest of the program • Conversion or sanitization process ensures that code is protected • Modifications are primarily processed by the converter then by the internal process • The “separation process” enables easier development
  • 24. Modularity Function A (old) Function B (new) Process (Private)
  • 25. Modularity Example • Example: Alexander D’Alessandro • Note the apostrophe • O’Hara (Ohara), D’Abo, Smith-Jones, etc.
  • 26. Example #define UNDEFINED_AGE ((unsigned int) -1) #defined MIN_AGE 0 /* newborn */ #defined MAX_AGE 100 unsigned int current_age; Creation and Deletion current_age = UNDEFINED_AGE;
  • 27. Example if (current_age == UNDEFINED_AGE) { } else if (current_age >= MIN_AGE && current_age <= MAX_AGE) { } else { <error handling> } /* First iteration will never be true since ‘current_age’ is */ /* unsigned. */ /* UNDEFINED_AGE will be included in this context */ if (current_age < MIN_AGE && current_age > MAX_AGE) { <error handling> } else { }
  • 28. Agile Methodology • Agile is a more flexible • Implements more object-oriented software development through smaller, more incremental work • Encourages simplicity • Enables faster changes • Involves cross-platform teams across the enterprise • Baseline for: • Scrum • Extreme programming (XP) • Rational Unified Process (RUP) • The Waterfall model is still used today but is not very effective in modular design.
  • 29. What About Security? • Modularity… • Enforces standards • Developers will bypass standards if you permit it • Developers will “hack” public data (not melovantly) if permitted • Your manager will likely prefer to keep your customers happy over security. Accept it! • Permits you to make internal changes with little or no impact to the customer • Migrating from one security protocol to another
  • 30. Career Recommendations • Never disclose sensitive or private information • Read and understand all NDA agreements. Obey them! • Err on the side of caution • Metrics are critical • Ease of modifying code • Minimum number of defects per line of code • “Forward thinking” • “Security is the focal point of my development!”
  • 32. Recommendations • The Power of Ten - Rules for Developing Safety Critical Code • Gerard J. Holzmann, NASA JPL Laboratory for Reliable Software; 2006 • Formalizing Space Shuttle Software Requirements • Judith Crow, Computer Science Laboratory, 1996 • Two case studies in which requirements for new flight software subsystems on NASA's Space Shuttle were analyzed using mechanically supported formal methods. • The Economic Impacts of Inadequate Infrastructure for Software Testing • NIST, May 2002
  • 33. References • Adrian, David; Bhargavan, Karthikeyan, et. al; Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice • Agile Modeling: http://www.agilemodeling.com/essays/agileModelingRUP .htm • Lieblein, E., “Computer Software: Problem and Possible Solutions”, CENTACS USAECOM Memorandum, 7 November 1972 • Factors in Software Quality: http://www.dtic.mil/dtic/tr/fulltext/u2/a049055.pdf