The launch last week of the IEEE Center for Secure Design is an opportunity to remind the industry of the prominent role of secure design in building secure IT products.
Security engineering requires three main technical activities: Secure design, secure coding and security testing. Much of emphasis has been put by the industry on secure coding and security testing and much less on secure design. That is unfortunate.
The early flying machines from the late 19th century failed, not because of a defect in any of their components, but because of the overall design of the machine. Likewise, secure design is needed to provide confidence in the overall security of a system. We need to approach security engineering as one discipline tightly integrating secure design, secure coding and security testing.
Tools may be to blame for the lack of focus on secure design. The security tool market has become more mature and there is a broad choice of tools available to engineers for use during coding and testing that do a decent job at detecting coding mistakes. We need to increase their use and reduce the amount of false positives they produce, but overall, they have created the perception for some that software security was just about using a security tool.
It is not. The only tools you need for secure design are a marker, a white board and most importantly experience. Secure design is about understanding how the components interact, establishing trust assumptions and making design decisions that prevent attacks given those trust assumptions. Secure design is very complex; it requires the knowledge of how the product operates along with an attacker mindset. The IEEE Center for Secure Design document provides great field-tested examples of secure design considerations ranging from defining trust to validating data and access.
Threat Modeling is the most important activity to support secure design. It gives you the security foundation on which all the other security engineering activities that needs to be performed rely. You will not be able to sustainably build a secure product without secure design.
We have always made secure design a priority in EMC’s product security engineering practices and we were delighted to contribute our experience to the IEEE Center for Secure Design.Tags: IEEE, secure software development, threat modeling