Post on 27-Dec-2015
Thomas Marnell
DESIGNING AND WRITING SECURE CODE
THREE PARTS OF SOFTWARE DEVELOPMENT
Design
Implementation
Testing
DESIGN
DEFINE AND MODEL THREATS
Take a moment and think about your program.
Who are your threats?
What do they want?
How will they try to break your security?
Write down each threat, and then write down how your program will deal with them.
This helps you maintain security through revisions if you keep it up to date.
Program: Contact List
Threat: People with access to my computer trying to steal my contacts.
Prevention: All data stored by the program will be encrypted.
EXAMPLE
MODULARITY
Isolate sensitive information by breaking your design up. Never store more information than you need.
The more independent each piece is, the better.
FAULT TOLERANCE
This is tricky.
Good programs should handle errors gracefully.
Beware opening security holes.
Program authenticates user, then opens a form to access a database.
If a database error occurs, the program clears the form and lets the user start over.
What happens when a database error occurs before the user completes authentication?
EXAMPLE
IMPLEMENTATION
BUFFER OVERFLOW
1 char x[20];
2 printf(“Please enter a fruit: \n“);
3 gets(x);
Problem is line 3.
1 char x[20];
2 printf(“Please enter a fruit: \n“);
3 fgets(x, MAXLENGTH, stdin);
Other Solutions:
“The Better String Library”
Vstr
EXAMPLE
SANITIZING DATA
1 char x[20];
2 printf(“Please enter a number: \n“);
3 gets(x);
4 printf(x);
Problem is line 4
x = “%d”
1 char x[20];2 printf(“Please enter a number: \n“);3 gets(x);4 if(0 == regcomp(“[0123456789]+”, x, 0)5 {6 printf(x);7 } else {8 //error recovery9 }
EXAMPLE
XSS
<?php $convert = htmlspecialchars("<a href='http://www.link.com'>link</a>"); echo $convert; ?>
SQL
Restrict as much as possible. Use a regular expression to confine all input to letters and numbers. (“[^0-9a-zA-Z]”)
Run with lowest privileges. Consider a different connection string for more complex queries.
EXAMPLE
ENCRYPTION
It is easy. Use prebuilt libraries.
(1)
TESTING
TRAPDOORS
Large projects are usually broken up into testable pieces.
Pseudo-code and functions are added, then forgotten about.
Can create hidden entry points.
ASSERT
int double(int value)
{
assert(value!=null);
value = value * 2;
return value;
}
Function is checking input while debugging, but after release it doesn’t.
QUESTIONS?
WORKS CITED
Bhargava, Bharat. “Applying Fault-tolerance principles to Security research” Purdue University. Accessed April 18 2011. < http://raidlab.cs.purdue.edu/papers/fault_tolerant.pdf> Pfleeger, Charles P, and Shari Lawrence Pfleeger. Security in Computing (4th Edition) Upper Saddle River, NJ, USA: Prentice Hall PTR 2006 Seacord, Robert C. “Top 10 Secure Coding Practices” CERT. Accessed April 18 2011. < https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secure+Coding+Practices> Seacord, Robert C, and Jason A. Rafail. “Secure Coding Standards” Carnegie Mellon University. Accessed April 18 2011. <http://www.ioc.ornl.gov/csiirw/07/abstracts/Rafail-Abstract.pdf> “Writing Secure Code” cprogramming.com Accessed April 18 2011 <http://www.cprogramming.com/tutorial/secure.html>