Secure design resources
Finding guidelines that apply to developers is easier than finding guides for designers and planners, but they do exist. Here are some examples:
The Cloud Security Alliance has many helpful guides for developing and implementing to the cloud at , including:
Security Guidance for Critical Areas of Focus in Cloud Computing – delineates cloud types and components and a means to map risk around key focal areas of architecture, government and operations
A Cloud Controls Matrix spreadsheet listing control areas, specifications, and architectural components for providers and consumers of cloud services
Toolkits to assess public, private and hybrid cloud environments
The Open Web Application Security Project (OWASP) has a popular code review guide that connects the dots between security, design and business contexts. Other popular resources include:
- Security cheat sheet for developers
- Threat modeling guidance
- Secure coding and testing guidelines
The Software Assurance Forum for Excellence in Code (SAFECode) has recently published the second edition of its Fundamental Practices for Secure Software Development. Other resources, include:
- Software assurance for supply chain applications
- An overview of software integrity controls
- Software security engineer training
Secure design points
No matter where the application resides, basic design frameworks apply. In the case of Symantec, development teams follow these basic design principals:
1. Data re-validation and protection at trust boundaries
Data transfer across trust boundaries, such as between two processes at differing privilege levels or two separate computers, must be protected. Data must be validated for type, range of values, size and semantics at both the client as well as the server. Data protection can be implemented using a tamper evident mechanism such as digital signatures.
2. Mutual authentication of service and user agent
Because many untrusted entities are involved in the interaction between a user agent and a service, the user agent and service must establish mutual authentication, which is best achieved through PKI and multi-factor authentication.
3. Prevent eavesdropping - strong encryption
Sensitive and critical data can be exposed by the untrusted entities between the user agent and the server. FIPS 140-2 compliant encryption algorithms must be used for data in transit. Sensitive data must be encrypted even when at rest. Passwords must be securely hashed to make brute-force decryption more difficult.
4. Short session timeout and one-time passwords
Long lasting sessions can lead to replay attacks and session hijack. Especially for cloud-based applications, one-time passwords and short session timeouts significantly mitigate this type of vulnerability.
5. Least privileges
Multiple components making up the application must be granted the minimum set of permissions and resources to perform the task to reduce risk of an attacker escalating privileges.
Tasks requiring different sets of permissions and resources must be isolated to mitigate resource exhaustion and denial of service vulnerabilities.