The IEEE Computer Society, an association for computing professionals, has launched a cybersecurity initiative with the aim of expanding its ongoing involvement in cybersecurity. As part of that initiative, the IEEE Center for Secure Design (CSD) has been formed, welcoming experts from a diverse group of organizations to discuss software security design flaws that they had identified in their own internal design reviews.
Proper security design has been the Achilles’ heel of security engineering for decades, mostly because it is difficult and requires deep expertise beyond simply identifying vulnerabilities. As part of its coming out celebration, CSD has offered an assessment of the top 10 most significant software security design issues that occur.
“The Center for Secure Design will play a key role in refocusing software security on some of the most challenging open design problems in security,” said Neil Daswani of the security engineering team at Twitter, in a statement. “By putting focus on security design and not just focusing on implementation bugs in code, the CSD does even the most advanced companies in the space a huge service.”
Participants in the foundational workshop included representatives from Twitter; Google; Cigital; HP; the Ministry of Science, Technology and Productive Innovation of Argentina; George Washington University; Intel/McAfee; RSA; University of Washington; Izar Tarandach, EMC; Cigital; Harvard University; and Athens University of Economics and Business.
In terms of security design pitfalls, here’s what they came up with:
- Earn or give, but never assume, trust
- Use an authentication mechanism that cannot be bypassed or tampered with
- Authorize after you authenticate
- Strictly separate data and control instructions, and never process control instructions received from untrusted sources
- Define an approach that ensures all data are explicitly validated
- Use cryptography correctly
- Identify sensitive data and how they should be handled
- Always consider the users
- Understand how integrating external components changes your attack surface
- Be flexible when considering future changes to objects and actors
The group has laid out details on each of these on the website. For instance, in terms of data validation, CSD explained that software systems and components commonly make assumptions about data they operate on. It is important to explicitly ensure that such assumptions hold: Vulnerabilities frequently arise from implicit assumptions about data, which can be exploited if an attacker can subvert and invalidate these assumptions. As such, it is important to design software systems to ensure that comprehensive data validation actually takes place and that all assumptions about data have been validated when they are used.
“Bugs and flaws are two very different types of security defects,” said Gary McGraw, CTO at Cigital. “We believe there has been quite a bit more focus on common bugs than there has been on secure design and the avoidance of flaws, which is worrying since design flaws account for 50% of software security issues. The IEEE Center for Secure Design allows us a chance to refocus, to gather real data, and to share our results with the world at large.”