"Avoiding the Top 10 Software Security Design Flaws - Ieee Center for Secure Design"

ADVERTISEMENT
ADVERTISEMENT

Download "Avoiding the Top 10 Software Security Design Flaws - Ieee Center for Secure Design"

113 times
Rate (4.7 / 5) 7 votes
AVOIDING THE
TOP 10
SOFTWARE
SECURITY
DESIGN FLAWS
Iván Arce, Kathleen Clark-Fisher, Neil Daswani, Jim DelGrosso, Danny Dhillon,
Christoph Kern, Tadayoshi Kohno, Carl Landwehr, Gary McGraw, Brook Schoenfield,
Margo Seltzer, Diomidis Spinellis, Izar Tarandach, and Jacob West
read on
AVOIDING THE
TOP 10
SOFTWARE
SECURITY
DESIGN FLAWS
Iván Arce, Kathleen Clark-Fisher, Neil Daswani, Jim DelGrosso, Danny Dhillon,
Christoph Kern, Tadayoshi Kohno, Carl Landwehr, Gary McGraw, Brook Schoenfield,
Margo Seltzer, Diomidis Spinellis, Izar Tarandach, and Jacob West
read on
CONTENTS
Introduction ..................................................................................................................................................... 5
Mission Statement .......................................................................................................................................... 6
Preamble ........................................................................................................................................................... 7
Earn or Give, but Never Assume, Trust ................................................................................................... 9
Use an Authentication Mechanism that Cannot be Bypassed or Tampered With .................... 11
Authorize after You Authenticate ........................................................................................................... 13
Strictly Separate Data and Control Instructions, and Never Process Control Instructions
Received from Untrusted Sources ........................................................................................................... 14
Define an Approach that Ensures all Data are Explicitly Validated ............................................. 16
Use Cryptography Correctly ..................................................................................................................... 19
Identify Sensitive Data and How They Should Be Handled .............................................................. 21
Always Consider the Users ........................................................................................................................22
Understand How Integrating External Components Changes Your Attack Surface................25
Be Flexible When Considering Future Changes to Objects and Actors ........................................28
Get Involved .................................................................................................................................................... 31
2
2014
IEEE Computer Society Center for Secure Design Participants
Iván Arce, Sadosky Foundation
Neil Daswani, Twitter
Jim DelGrosso, Cigital
Danny Dhillon, RSA
Christoph Kern, Google
Tadayoshi Kohno, University of Washington
Carl Landwehr, George Washington University
Gary McGraw, Cigital
Brook Schoenfield, McAfee, Part of Intel Security Group
Margo Seltzer, Harvard University
Diomidis Spinellis, Athens University of Economics and Business
Izar Tarandach, EMC
Jacob West, HP
Staff
Kathleen Clark-Fisher, Manager, New Initiative Development
Jennie Zhu-Mai, Designer
3
2014
Public Access Encouraged
Because the authors, contributors, and publisher are eager to engage the broader community in
open discussion, analysis, and debate regarding a vital issue of common interest, this document
is distributed under a Creative Commons BY-SA license. The full legal language of the BY-SA
license is available here: http://creativecommons.org/licenses/by-sa/3.0/legalcode.
Under this license, you are free to both share (copy and redistribute the material in any medium
or format) and adapt (remix, transform, and build upon the material for any purpose) the
content of this document, as long as you comply with the following terms:
Attribution — You must give appropriate credit, provide a link to the license, and indicate if
changes were made. You may use any reasonable citation format, but the attribution may not
suggest that the authors or publisher has a relationship with you or endorses you or your use.
“ShareAlike” — If you remix, transform, or build upon the material, you must distribute your
contributions under the same BY-SA license as the original. That means you may not add any
restrictions beyond those stated in the license, or apply legal terms or technological measures
that legally restrict others from doing anything the license permits.
Please note that no warranties are given regarding the content of this document.  Derogatory
use of the content of this license to portray the authors, contributors, or publisher in a
negative light may cancel the license under Section 4(a). This license may not give you all of the
permissions necessary for a specific intended use.
About the IEEE Computer Society
The IEEE Computer Society is the world’s leading computing membership organization and
the trusted information and career-development source for a global workforce of technology
leaders. The Computer Society provides a wide range of forums for top minds to come together,
including technical conferences, publications, and a comprehensive digital library, unique
training webinars, professional training, and the TechLeader Training Partner Program to help
organizations increase their staff’s technical knowledge and expertise. To find out more about
the community for technology leaders, visit http://www.computer.org.
Published by the IEEE Computer Society.
4
2014
INTRODUCTION
Most software that has been built and released typically
comes with a set of defects—implementation bugs and de-
sign flaws. To date, there has been a larger focus on find-
ing implementation bugs rather than on identifying flaws.
In 2014, the IEEE Computer Society, the leading association
for computing professionals, launched a cybersecurity ini-
tiative with the aim of expanding and escalating its ongo-
ing involvement in the field of cybersecurity. The first step
for the initiative was to launch the IEEE Computer Society
Center for Secure Design. The Center intends to shift some
of the focus in security from finding bugs to identifying
common design flaws in the hope that software architects
can learn from others’ mistakes. To achieve this goal, the
Center brought people together from different organiza-
tions at a workshop in early 2014.
At the workshop, participants discussed the types of flaws
they either identified in their own internal design reviews,
or that were available from external data. They arrived
at a list they felt were the top security design flaws. Many
of the flaws that made the list have been well known for
decades, but continue to persist. In this document is the
result of that discussion—and how to avoid the top 10
security flaws.
5
2014