jump to navigation

Avoiding Cryptosystem Failure December 17, 2013

Posted by 8237mcraew in Security.

Ross Anderson’s article Why Cryptosystems Fail is a peek into the contradictory world of system security.  Anderson uses a series of case studies detailing instances of ATM fraud [1] in order to demonstrate the of understanding security requirements in system development.   Improper integration of security mechanisms gave organizations a false sense of security in these instances.  Anderson’s vignettes demonstrate how security seems fail, not due to the weaknesses usually studied formally in universities or companies such as cryptanalysis, but due to human error, negligence, or malignance, lack of quality control, lack of a feedback loop, and incomplete standards.  Many organizations, in the interest of self-preservation, refuse to share information regarding security breaches.  This makes it difficult to organizations to anticipate and address common security concerns.

In order to affect change, a cultural shift must occur within organizations.  A commitment must be made to integrate security within the aspects of the system development life cycle (SDLC).  Security can be integrated into the traditional SDLC by using the following guidelines [2]:

Phase 1: Planning/requirements

During the planning phase it is important for the development team to conduct a data sensitivity assessment.  The team should also determine what data will be handled, as well as how the data will be classified.  It would be appropriate to conduct a Preliminary Risk Assessment at this point.  In addition, it would be prudent to determine the answers to the following question – What happens if the data is disclosed, lost or changed?

Phase 2: Development/acquisition

Security controls need to be included in the specifications.  These controls need to cover features, vulnerabilities, malicious insiders, and set contingency plans.  Coding standards also need to be set to avoid known causes for buffer overflows.  Recommendations include making available to programmers the vulnerabilities and potential exposures associated with programming languages and operating systems before getting into the implementation phase and setting up regular peer review of the code.

Phase 3: Testing/implementation

As part of the testing/implementation phase security test cases based on the requirements, and common vulnerabilities need to be developed.  Points in the source code where the program takes input from users and from another program or un-trusted source need to be identified. Contingency and disaster recovery plans should be written and reviewed.

Phase 4: Operations/maintenance

Administrators need to run backup, restore, and restart instructions and procedures with Cryptography keys.  User administration and access privileges need to be monitored and maintained.  Audit of log files and system interdependencies are required.

Phase 5: Disposal

Disposal plan needs to include storage of cryptographic keys,  legal requirements of records retention and destruction, and means to sanitize media.

Security integration is just as important in the Agile System Development Life Cycle.    Some planning consideration include [3]:

1.  Conducting an initial round of security analysis

2.  Develop related security stories and tasks

3.  Prioritize tasks in order to prevent “security debt”

-Security debt refers to uncompleted tasks that have security relevance [3].

4.   If possible integrate security experts

The bottom line is, security must be integrated from the beginning of the system development life cycle in order to foster a secure environment.

[1]  Anderson, Ross J. “Why Cryptosystems Fail.” Communications of the ACM, November 1994: 32 – 40.

[2]  http://searchsoftwarequality.techtarget.com/tip/Secure-SDLC-Integrating-security-into-your-software-development-life-cycle

[3] http://www.safecode.org/publications/SAFECode_Agile_Dev_Security0712.pdf



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: