General - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

General

Description:

Time to Think About Building Secure Software. Common mistakes. Forget to make the software secure ... Why these mistakes. Security is boring. Security gets in ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 11
Provided by: fengmi5
Category:
Tags: general | mistakes

less

Transcript and Presenter's Notes

Title: General


1
Writing Secure Code
CS 6262 Fall 02
2
Outline
  • Designing secure systems
  • Secure coding techniques

3
Time to Think About Building Secure Software
  • Common mistakes
  • Forget to make the software secure
  • Adding security as an afterthought
  • Why these mistakes
  • Security is boring
  • Security gets in the way
  • Security is difficult to measure
  • Security is not the primary skill or interest of
    designers and developers

4
Security Principles to Live By
  • Establish a security process
  • Define the product security goals
  • Consider security as a product feature
  • Learn from mistakes
  • Use defense in depth
  • Assume external systems are insecure

5
Security Principles to Live By (contd)
  • Plan on failure
  • Fail to a secure mode
  • Employ secure defaults
  • Remember that security features ! secure
    features
  • Never depend on security through obscurity

6
Security Design by Threat Modeling
  • Use a taxonomy of threats, e.g., STRIDE
  • Spoofing identity
  • Tampering with data
  • Repudiation
  • Information disclosure
  • Denial of service
  • Elevation of privilege
  • Consider target, chance, criticality, attack
    techniques, mitigation techniques, etc.

7
Open Source and Closed Source
  • Security by obscurity is no panacea
  • Reverse engineering
  • Disassembler machine code to assembly
  • Discomplier machine code to high-level language
  • Code obfuscation make the code difficult to
    understand, raise the bar a little

8
Some Basic Obfuscation Techniques
  • Add code that never executes, or that does
    nothing
  • E.g., make computations far more complex than
    they need be
  • Move code around
  • Spread related information as far apart as
    possible
  • E.g., Copy and rename the same function, or put
    multiple functions into a single function
  • Encode your data oddly

9
Open Source and Closed Source (contd)
  • Open-source software potentially more secure
  • The many-eyeballs phenomenon
  • Given enough eyeballs, all bugs are shallow
  • Need incentives
  • Many people dont know and dont think much about
    security
  • Vulnerability detection in source code is hard
  • E.g., which function has buffer overflow problem

10
Buffer Overflow
  • Safe string handling, pay attention to
  • strcpy, strncpy
  • sprintf, snprintf
  • gets, fgets
  • strcat, strncat
  • etc.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "General" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!