Secure by Design A novel industry practice CASTOR Software Days - - PowerPoint PPT Presentation

secure by design
SMART_READER_LITE
LIVE PREVIEW

Secure by Design A novel industry practice CASTOR Software Days - - PowerPoint PPT Presentation

Aug 25, 2022 367 likes •540 views

Secure by Design A novel industry practice CASTOR Software Days 2019 October 15, 2019 Daniel Deogun & Dan Bergh Johnsson Disclaimer Warning for lack of evidence This presentation is purely anecdotical. But, we would welcome rigorous

slide-1
SLIDE 1

Secure by Design

A novel industry practice

CASTOR Software Days 2019

October 15, 2019 Daniel Deogun & Dan Bergh Johnsson

slide-2
SLIDE 2

@DanielDeogun @danbjson #SecureByDesign

Disclaimer

This presentation is purely anecdotical. But, we would welcome rigorous studies.

Warning for lack of evidence

slide-3
SLIDE 3

@DanielDeogun @danbjson #SecureByDesign

Daniel Deogun

Coder and Quality Defender

About us

Stockholm Uppsala Malmö Göteborg Umeå

Omegapoint

Umeå Uppsala Stockholm Malmö Göteborg

Dan Bergh Johnsson

Secure Domain Philosopher

slide-4
SLIDE 4

@DanielDeogun @danbjson #SecureByDesign

Take-aways

  • Security is important but in practice often neglected
  • A lot of security vulnerabilities are due to bugs
  • Bugs can be prevented by software design
  • Secure by Design collects designs that prevents bugs

that manifest as security vulnerabilities

slide-5
SLIDE 5

@DanielDeogun @danbjson #SecureByDesign

Some security vulnerabilities

  • SQL Injection is often a confidentiality problem
  • Business integrity problems
  • Patch management

Observation: It is hard to think about security all the time - especially when you have work to do.

slide-6
SLIDE 6

@DanielDeogun @danbjson #SecureByDesign

Secure by Design - as method

slide-7
SLIDE 7

@DanielDeogun @danbjson #SecureByDesign

Examples of interesting designs

  • Domain Primitives
  • Consistent upon Creation
  • Immutability of Objects
  • Entity Snapshot
  • Testing of extremes
  • Taint analysis
  • Faults as normal results
  • Immutable builds
  • Seamless deploy
  • Stateless components
  • Externalization of

configuration

  • 3 R’s of Enterprise Security
slide-8
SLIDE 8

@DanielDeogun @danbjson #SecureByDesign

Domain Primitives

“A value object so precise in its definition that it, by its mere existence, manifests its validity is called a Domain Primitive.”

  • Secure by Design
  • Can only exist if its value is valid
  • Building block that’s native to your domain
  • Valid in the current context
  • Immutable and resemble a value object in DDD
slide-9
SLIDE 9

@DanielDeogun @danbjson #SecureByDesign

Quantity as a Domain Primitive

public final class Quantity { private final int value; public Quantity(final int value) { inclusiveBetween(1, 99, value); this.value = value; } //Domain specific quantity operations... }

slide-10
SLIDE 10

@DanielDeogun @danbjson #SecureByDesign

Untangle Inside

  • Cluttered Entity

https://flic.kr/p/wdBcT https://creativecommons.org/licenses/by/2.0/

class Order { private ArrayList<Object> items; private boolean paid; public void addItem(String isbn, int qty) { if(this.paid == false) { notNull(isbn); inclusiveBetween(10, 10, isbn.length()); isTrue(isbn.matches("[0-9X]*")); isTrue(isbn.matches("[0-9]{9}[0-9X]")); Book book = bookCatalogue.findByISBN(isbn); if (inventory.availableBooks(isbn) >= qty) { items.add(new OrderLine(book, qty)); } } } //Other logic... }

slide-11
SLIDE 11

@DanielDeogun @danbjson #SecureByDesign

De-Cluttered Entity

class Order { private ArrayList<Object> items; private boolean paid; public void addItem(ISBN isbn, Quantity qty) { notNull(isbn); notNull(qty); if(this.paid == false) { Book book = bookCatalogue.findByISBN(isbn); if (inventory.availableBooks(isbn).greaterOrEqualTo(qty)) { items.add(new OrderLine(book, qty)); } } } //Other logic... }

https://flic.kr/p/wdBcT https://creativecommons.org/licenses/by/2.0/

slide-12
SLIDE 12

@DanielDeogun @danbjson #SecureByDesign

The R's of Enterprise Security

Repave Rotate Repair Ref: Justin Smith, Pivotal @justinjsmith

slide-13
SLIDE 13

@DanielDeogun @danbjson #SecureByDesign

Advanced Persistent Threat (APT)

  • APT is a type of attack that often result in significant

data loss or damage.

  • Performed over a long period of time & involves

advanced techniques

  • Several vulnerabilities in combination are often used

to exploit the system

  • Exploiting the fact that things seldom change
  • servers
  • credentials
  • ip-addresses
  • non-patched bugs tend to open up for attacks, e.g.
  • Baltimore City Ransomware
  • NotPetya attack on Ukraine
  • Heartbleed in OpenSSL

Richard Patterson https://flic.kr/p/24GcRZQ

slide-14
SLIDE 14

@DanielDeogun @danbjson #SecureByDesign

Designs Inspired from the Cloud

v 1.0 v 1.1 v 2.0

Expand / Contract APIs

? . . .

Stateless Services Service Discovery

slide-15
SLIDE 15

@DanielDeogun @danbjson #SecureByDesign

The R's of Enterprise Security

Repave Rotate Repair Ref: Justin Smith, Pivotal @justinjsmith

slide-16
SLIDE 16

@DanielDeogun @danbjson #SecureByDesign

Take-aways

  • Security is important but in practice often neglected
  • A lot of security vulnerabilities are due to bugs
  • Bugs can be prevented by software design
  • Secure by Design collects designs that prevents bugs

that manifest as security vulnerabilities

slide-17
SLIDE 17

@DanielDeogun @danbjson #SecureByDesign

Thanks

@DanielDeogun @danbjson #SecureByDesign