Documente Academic
Documente Profesional
Documente Cultură
Software Security
S
oftware security is the idea of engineering software things. On the other hand, applica-
tion security is about protecting soft-
so that it continues to function correctly under ware and the systems that software
runs in a post facto way, after devel-
malicious attack. Most technologists acknowledge opment is complete. Issues critical to
this subfield include sandboxing code
this undertaking’s importance, but they need some (as the Java virtual machine does),
protecting against malicious code,
help in understanding how to tackle it. This new department obfuscating code, locking down exe-
cutables, monitoring programs as
GARY aims to provide that help by explor- leverage good software engineering they run (especially their input), en-
MCG RAW ing software security best practices. practice and involve thinking about forcing the software use policy with
Cigital The software security field is a rel- security early in the software life technology, and dealing with exten-
atively new one. The first books and cycle, knowing and understanding sible systems.
academic classes on the topic appeared common threats (including lan- Application security follows nat-
in 2001, demonstrating how recently guage-based flaws and pitfalls), de- urally from a network-centric ap-
developers, architects, and computer signing for security, and subjecting all proach to security, by embracing
scientists have started systematically software artifacts to thorough objec- standard approaches such as pene-
studying how to build secure software. tive risk analyses and testing. Let’s trate and patch4 and input filtering
The field’s recent appearance is one look at how software security fits into (trying to block malicious input) and
reason why best practices are neither the overall concept of operational se- by providing value in a reactive way.
widely adopted nor obvious. curity and examine some best prac- Put succinctly, application security is
A central and critical aspect of the tices for building security in. based primarily on finding and fix-
computer security problem is a soft- ing known security problems after
ware problem. Software defects with ...versus application they’ve been exploited in fielded sys-
security ramifications—including security tems. Software security—the pro-
implementation bugs such as buffer Application security means many dif- cess of designing, building, and test-
overflows and design flaws such as ferent things to many different peo- ing software for security—identifies
inconsistent error handling— ple. In IEEE Security & Privacy maga- and expunges problems in the soft-
promise to be with us for years. All zine, it has come to mean the ware itself. In this way, software secu-
too often, malicious intruders can protection of software after it’s already rity practitioners attempt to build
hack into systems by exploiting soft- built. Although the notion of protect- software that can withstand attack
ware defects.1 Internet-enabled soft- ing software is an important one, it’s proactively. Let me give you a spe-
ware applications present the most just plain easier to protect something cific example: although there is some
common security risk encountered that is defect-free than something rid- real value in stopping buffer overflow
today, with software’s ever-expand- dled with vulnerabilities. attacks by observing HTTP traffic as
ing complexity and extensibility Pondering the question, “What is it arrives over port 80, a superior ap-
adding further fuel to the fire. By any the most effective way to protect soft- proach is to fix the broken code and
measure, security holes in software ware?” can help untangle software avoid the buffer overflow com-
are common, and the problem is security and application security. On pletely.
growing: CERT Coordination one hand, software security is about
Center identified 4,129 reported building secure software: designing ...as practiced by
vulnerabilities in 2003 (a 70 percent software to be secure, making sure operations people
increase over 2002, and an almost that software is secure, and educating One reason that application security
fourfold increase since 2001).2,3 software developers, architects, and technologies such as firewalls have
Software security best practices users about how to build secure evolved the way they have is because
80 PUBLISHED BY THE IEEE COMPUTER SOCIETY ■ 1540-7993/04/$20.00 © 2004 IEEE ■ IEEE SECURITY & PRIVACY
Building Security In
operations people dreamed them up. evolving software is difficult (even if tend to focus on functionality. Obvi-
In most corporations and large orga- the software is not patched every five ously, there are security functions in
nizations, security is the domain of the minutes). If software were in some the world, and most modern soft-
infrastructure people who set up and sense self-protecting (by being de- ware includes security features, but
maintain firewalls, intrusion detection signed defensively and more prop- adding features such as SSL (for
systems, and antivirus engines (all of erly tested from a security perspec- cryptographically protecting com-
which are reactive technologies). tive) or at least less riddled with munications) does not present a
However, these people are opera- vulnerabilities, running a secure net- complete solution to the security
tors, not builders. Given the fact that work could become easier and more problem. Software security is a sys-
they don’t build the software they cost effective. tem-wide issue that takes into ac-
have to operate, it’s no surprise that In the short run, we clearly— count both security mechanisms
their approach is to move standard desperately—must make progress on (such as access control) and design
security techniques “down” to the both fronts. But in the long run, we for security (such as robust design
desktop and application levels. The must figure out ways to build easier- that makes software attacks difficult).
gist of the idea is to protect vulnera- to-defend code. Software security is Sometimes these overlap, but often
ble things (in this case, software) about helping builders do a better they don’t.
from attack, but the problem is that job so that operators end up with an Put another way, security is an
vulnerabilities in the software let ma- easier job. emergent property of a software sys-
licious hackers skirt standard security tem. A security problem is more
technologies with impunity. If this ...in the software likely to arise because of a problem in
were not the case, then the security development a standard-issue part of the system
vulnerability problem would not be life cycle (say, the interface to the database
expanding the way that it is. Clearly, On the road to making such a funda- module) than in some given security
this emphasizes the need to get mental change, we must first agree feature. This is an important reason
builders to do a better job on the that software security is not security why software security must be part
software in the first place. software. This is a subtle point often of a full lifecycle approach. Just as
Protecting a network full of lost on development people who you can’t test quality into a piece of
track both threat models and attack Much work remains to be done 5. L. Walsh, “Trustworthy Yet?” Infor-
patterns. in each of the best practice areas, but mation Security Magazine, Feb. 2003;
Note that risks crop up during all some basic practical solutions should http://infosecuritymag.techtarget.
stages of the software life cycle, so a be adapted from areas of more ma- com/2003/feb/cover.shtml.
constant risk analysis thread, with re- ture research. 6. M. Howard and S. Lipner, “Inside
curring risk tracking and monitoring the Windows Security Push,”
activities, is highly recommended. IEEE Security & Privacy, vol. 1, no.
...as a
multidisciplinary
T his department’s goal is to cover
many of the best practices
sketched out here in much greater
1, 2003, pp. 57–61.