Menu
Home Explore People Places Arts History Plants & Animals Science Life & Culture Technology
On this page
Secure by design
Software engineering approach

Secure by design in software engineering ensures that products are fundamentally secure by integrating security strategies, tactics, and patterns early in the design process. Architects select and enforce the best approaches, guiding developers to embed security throughout the system. This method incorporates proven security tactics for authentication, authorization, data integrity, privacy, and availability, ensuring protection even under attack. Secure by design is now a mainstream approach, emphasizing robust architecture combined with ongoing mapping of updated security techniques to development. By building security into every layer, systems better guarantee the privacy and safety of software products.

We don't have any images related to Secure by design yet.
We don't have any YouTube videos related to Secure by design yet.
We don't have any PDF documents related to Secure by design yet.
We don't have any Books related to Secure by design yet.
We don't have any archived web articles related to Secure by design yet.

Expect attacks

Malicious attacks on software should be assumed to occur, and care is taken to minimize impact. Security vulnerabilities are anticipated, along with invalid user input.4 Closely related is the practice of using "good" software design, such as domain-driven design or cloud native, as a way to increase security by reducing risk of vulnerability-opening mistakes—even though the design principles used were not originally conceived for security purposes.

Avoid security through obscurity

Generally, designs that work well do not rely on being secret. Often, secrecy reduces the number of attackers by demotivating a subset of the threat population. The logic is that if there is an increase in complexity for the attacker, the increased attacker effort to compromise the target will discourage them. While this technique implies reduced inherent risks, a virtually infinite set of threat actors and techniques applied over time will cause most secrecy methods to fail. While not mandatory, proper security usually means that everyone is allowed to know and understand the design because it is secure. This has the advantage that many people are looking at the source code, which improves the odds that any flaws will be found sooner (see Linus's law). The disadvantage is that attackers can also obtain the code, which makes it easier for them to find vulnerabilities to exploit. It is generally believed, though, that the advantage of the open source code outweighs the disadvantage.

Fewest privileges

Also, it is important that everything works with the fewest privileges possible (see the principle of least privilege). For example, a web server that runs as the administrative user ("root" or "admin") can have the privilege to remove files and users. A flaw in such a program could therefore put the entire system at risk, whereas a web server that runs inside an isolated environment, and only has the privileges for required network and filesystem functions, cannot compromise the system it runs on unless the security around it in itself is also flawed.

Methodologies

Secure Design should be a consideration during the development lifecycle (whichever development methodology is chosen). Some pre-built Secure By Design development methodologies exist (e.g. Microsoft Security Development Lifecycle).

Standards and legislation

Main article: Application security § Security standards and regulations

Standards and Legislation exist to aide secure design by controlling the definition of "Secure", and providing concrete steps to testing and integrating secure systems.

Some examples of standards which cover or touch on Secure By Design principles:

  • ETSI TS 103 645 5 which is included in part in the UK Government "Proposals for regulating consumer smart product cyber security" 6
  • ISO/IEC 27000-series covers many aspects of secure design.

Server/client architectures

In server/client architectures, the program at the other side may not be an authorised client and the client's server may not be an authorised server. Even when they are, a man-in-the-middle attack could compromise communications.

Often the easiest way to break the security of a client/server system is not to go head on to the security mechanisms, but instead to go around them. A man in the middle attack is a simple example of this, because you can use it to collect details to impersonate a user. Which is why it is important to consider encryption, hashing, and other security mechanisms in your design to ensure that information collected from a potential attacker won't allow access.

Another key feature to client-server security design is good coding practices. For example, following a known software design structure, such as client and broker, can help in designing a well-built structure with a solid foundation. Furthermore, if the software is to be modified in the future, it is even more important that it follows a logical foundation of separation between the client and server. This is because if a programmer comes in and cannot clearly understand the dynamics of the program, they may end up adding or changing something that can add a security flaw. Even with the best design, this is always a possibility, but the better the standardization of the design, the less chance there is of this occurring.

See also

References

  1. Santos, Joanna C. S.; Tarrit, Katy; Mirakhorli, Mehdi (2017). A Catalog of Security Architecture Weaknesses. 2017 IEEE International Conference on Software Architecture Workshops (ICSAW). pp. 220–223. doi:10.1109/ICSAW.2017.25. ISBN 978-1-5090-4793-2. S2CID 19534342. 978-1-5090-4793-2

  2. Dan Bergh Johnsson; Daniel Deogun; Daniel Sawano (2019). Secure By Design. Manning Publications. ISBN 9781617294358. 9781617294358

  3. Hafiz, Munawar; Adamczyk, Paul; Johnson, Ralph E. (October 2012). "Growing a pattern language (For security)". Proceedings of the ACM international symposium on New ideas, new paradigms, and reflections on programming and software. pp. 139–158. doi:10.1145/2384592.2384607. ISBN 9781450315623. S2CID 17206801. 9781450315623

  4. Dougherty, Chad; Sayre, Kirk; Seacord, Robert C.; Svoboda, David; Togashi, Kazuya (October 2009). Secure Design Patterns (Technical report). Software Engineering Institute. doi:10.1184/R1/6583640.v1. Technical Report CMU/SEI-2009-TR-010). /wiki/Software_Engineering_Institute

  5. "CYBER; Cyber Security for Consumer Internet of Things" (PDF). ETSI TS 103 645. https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf

  6. "Policy paper: Proposals for regulating consumer smart product cyber security - call for views". https://www.gov.uk/government/publications/proposals-for-regulating-consumer-smart-product-cyber-security-call-for-views/proposals-for-regulating-consumer-smart-product-cyber-security-call-for-views