Secure-by-Design Principles 2024 PDF

Chapter 6 Secure-by-design principles 2024 Secure-by-design principles Agenda Fundamentals and Importance of the Secure Design for Programs and Systems Separation of Duties Isolation Encap...

Chapter 6 Secure-by-design principles 2024 Secure-by-design principles Agenda Fundamentals and Importance of the Secure Design for Programs and Systems Separation of Duties Isolation Encapsulation Modularity Simplicity of Design (Economy of mechanism) Minimization of Implementation (Least common mechanism) Open Design Complete Mediation Layering and Defense-in-Depth Fail Safe Defaults and Fail Secure Least Astonishment Minimize Trust Surface Secure Design and Usability Trust Relationships Fundamental of Security Design Principles  The "Fundamental Security Design Principles" are a set of guidelines that provide a framework for creating secure systems.  These principles are intended to help designers and developers think about security throughout the design process and to build systems that can protect against attacks. Separation of Duties Definition: Separation of Duties (SOD) refers to "the principle that no user should be given enough privileges to misuse the system on their own.” Benefit: SOD makes it harder for an unauthorized user to access, modify, or delete data. It prevents both internal as well as external abuses. Examples: Breaking down tasks into steps that can be assigned to multiple individuals. For example, the person authorizing a paycheck should not also be the one who can prepare them. Isolation Definition: Components of a system are isolated from one another, with interactions only occurring through defined methods. Benefit: Isolation contains faults or security breaches within the compromised component, preventing them from spreading. Examples: Virtual machines that are isolated from each other, even though they run on the same physical host. Encapsulation Definition: Objects encapsulate data and operations on data, providing interfaces and hiding their internal state. Benefit: Encapsulation allows for the internal structure to be changed without affecting other system parts, which can improve security. Examples: Object-oriented programming where an object's data is not accessible directly, but only through its methods. Modularity Definition: Software is divided into separate modules that are developed independently but operate cohesively. Benefit: Improves maintainability and comprehensibility, and allows for secure updates and patching of individual modules. Examples: Plug-in architectures where individual modules or plug-ins can be added or updated independently. Consider a web application platform with distinct modules for user authentication, content management, payment processing, and administrative functions. Each module is developed and secured independently. Simplicity of Design (Economy of mechanism) Definition: This principle suggests that systems should be designed as simple and small as possible. Simplicity aids in ensuring that there are fewer opportunities for security flaws. Benefit: Simplified design makes it easier to test and verify security properties. A simple, clear system is more likely to be free of errors and vulnerabilities. Examples: In software, this might mean preferring fewer lines of code or less complex protocols. In hardware, it might mean having fewer physical points of entry that need to be secured. Minimization of Implementation (Least Common Mechanism) Definition: Minimize the amount functions/mechanisms shared by different users, providing mutual security. Benefit: Reduces the chance of a breach in one user affecting all users. Examples: Individual user sessions in an operating system as instead of a shared session. Open Design Definition: A system's security should not depend on secrecy of its design or implementation. The design should not be proprietary and its security mechanisms should be testable and transparent. Benefit: It allows for widespread review by experts, which can lead to identification and correction of flaws. Examples: Cryptographic algorithms like AES or protocols like TLS that are open standards. although encryption keys must be secret, encryption algorithms should be open to public study/review. Complete Mediation Definition: Every access to a system's resources must be checked for authority. This means that security must be enforced every time an action is attempted. Benefit: It prevents unauthorized access by ensuring that all accesses are authenticated and authorized, leaving no backdoors open. Examples: A file system that checks permissions every time a file is accessed, not just the first time. Layering and Defense-in-Depth Definition: Security is implemented in overlapping layers that provide protection even if one layer is breached. Benefit: It provides depth in defense, as an attacker must penetrate multiple layers to compromise a system. Examples: A network with firewalls, intrusion detection systems, and anti- malware technologies. Fail-Safe Defaults Definition: The default state of a system, in the event of failure, should be secure. Systems should deny access by default, and only grant access when explicit permission is given. Benefit: In case of a system failure, the system remains secure and does not accidently expose resources to unauthorized users. Examples: A firewall that by default blocks all traffic except that which is explicitly allowed. Least Astonishment Definition: A principle that suggests users should not be surprised by the behavior of a system. The system's response to user actions should be consistent and predictable. Benefit: Predictable systems are less likely to be misused (intentionally or accidentally), thus are more secure. Examples: Consistent user interface design that behaves as the user expects, preventing accidental security breaches. Minimize Trust Surface Definition: The concept of a trust surface relates to the idea of 'attack surface' in cybersecurity. It represents the volume of trusted components, systems, data, and interactions within an IT ecosystem. Trust surface includes every component of your systems that you need to trust to ensure security, from software and hardware to humans. Benefit: Helps in more manageable risk assessment, better security architecture, reduced attack vectors, and increased overall security posture. By minimizing the trust surface, you reduce the potential areas that an attacker might exploit. Examples: Every open TCP port represents a vulnerability, so the firewall should restrict the number of TCP ports that outsiders can access. Secure Design and Usability Secure Design Definition: Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices. Benefit: helps maintain customer trust by demonstrating a commitment to protecting the processes that deliver their products. Usability Definition: designing systems that are easy to use and understand so people can use them safely. Benefit: Users are able to achieve their tasks easily and efficiently Secure Design and Usability Balancing is Required Determining the fine line between security and usability is a hard task for everybody involved in IT security, from software developers to network administrators. The lack of balance between these two items is one of the main reasons that can make a security system fail. Example: when 2-factor authentication (2FA) is implemented on a system or service it enhances security by ensuring that at least two pieces of information are needed to verify the correct user. Generally, when designed well an F2A doesn't impede the user experience if they access to the method the additional verification method. But if the number of steps required to use 2FA is inflexible then a user is likely to disable or not use 2FA. Trust Relationships Definition: A trust relationship in IT refers to a secure communication channel established between two domains, systems, or entities that allows them to authenticate and authorize users or resources between them. Benefit: A trust relationship between two domains enables user accounts and global groups to be used in a domain other than the domain where the accounts are defined. Examples: The trust building between employees and companies, secure data exchange in partner-vendor relationships, and the establishment of secure networks for user-device interactions.

Secure-by-Design Principles 2024 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue