polimd/Computer Security/lesson_06.md

Computer Security - lesson 6

Federico Maggi

7 April 2016

Software Security

There is nothing really secure, there is something secure enough. Software security is a problem of design, but designing a software in a secure way is very hard. An unmet specification about security is a security issue.

Disclosure

Until the end of 1990' software vulnerabilities were not disclosed, instead they were traded between security experts or they were sold. At one point people began using full disclosure to press software vendors to fix vulnerabilities, that consists in making public information about the vulnerabilities so that the vendors were forced to fix it before someone takes advantage of it.

Anti Disclosure

After the full disclosure movement vendors realizes that offering visibility to people disclosing bugs was a way of making them work for you instead of against you, But then a new movement rose: the Anti full disclosure that states that after the peoples gained visibility they have no more reasons of giving vulnerabilities for free. And this made the security expert role a paid job.

The last developement in the sector was the introduction of bug bounties

Principles of secure design

• KISS
• Discard privileges as soon as possible
• Open design
• Concurrency and race conditions: race conditions is an entire category of issues.

Key Issues of secure design

• fail-safe and default deny: programs should fail-close and not fail-open
• use of shared-resources or untrusted libraries
• filter the input and outputs
• don't write crypto code, use tested libraries.

Conclusion

Volnerabilities may be dense so taking out one vulnerability does not make the software more secure.