Code surety: Secure by design
Code surety: Secure by design


[sidebar 1]

Secure design resources

Finding guidelines that apply to developers is easier than finding guides for designers and planners, but they do exist. Here are some examples:

The Cloud Security Alliance has many helpful guides for developing and implementing to the cloud at , including:

Security Guidance for Critical Areas of Focus in Cloud Computing – delineates cloud types and components and a means to map risk around key focal areas of architecture, government and operations

A Cloud Controls Matrix spreadsheet listing control areas, specifications, and architectural components for providers and consumers of cloud services

Toolkits to assess public, private and hybrid cloud environments

The Open Web Application Security Project (OWASP) has a popular code review guide that connects the dots between security, design and business contexts. Other popular resources include:

  • Security cheat sheet for developers
  • Threat modeling guidance
  • Secure coding and testing guidelines

The Software Assurance Forum for Excellence in Code (SAFECode) has recently published the second edition of its Fundamental Practices for Secure Software Development. Other resources, include:

  • Software assurance for supply chain applications
  • An overview of software integrity controls
  • Software security engineer training


[sidebar 2]

Secure design points

No matter where the application resides, basic design frameworks apply. In the case of Symantec, development teams follow these basic design principals:

1. Data re-validation and protection at trust boundaries

Data transfer across trust boundaries, such as between two processes at differing privilege levels or two separate computers, must be protected. Data must be validated for type, range of values, size and semantics at both the client as well as the server. Data protection can be implemented using a tamper evident mechanism such as digital signatures.

2. Mutual authentication of service and user agent

Because many untrusted entities are involved in the interaction between a user agent and a service, the user agent and service must establish mutual authentication, which is best achieved through PKI and multi-factor authentication.

3. Prevent eavesdropping - strong encryption

Sensitive and critical data can be exposed by the untrusted entities between the user agent and the server. FIPS 140-2 compliant encryption algorithms must be used for data in transit. Sensitive data must be encrypted even when at rest. Passwords must be securely hashed to make brute-force decryption more difficult.

4. Short session timeout and one-time passwords

Long lasting sessions can lead to replay attacks and session hijack. Especially for cloud-based applications, one-time passwords and short session timeouts significantly mitigate this type of vulnerability.

5. Least privileges

Multiple components making up the application must be granted the minimum set of permissions and resources to perform the task to reduce risk of an attacker escalating privileges.

6. Compartmentalization

Tasks requiring different sets of permissions and resources must be isolated to mitigate resource exhaustion and denial of service vulnerabilities.