October 24, 2007

How Design Impacts Security

Security

In my threat modeling and secure coding classes, as well as directly with my clients, I always stress the importance of introducing security as early as possibile in the software development lifecycle. In addition to raising awareness amongst the developers, doing so can help identify potential problems early in the development process as opposed to later when they will require more effort and more cost to fix properly. I recently experienced a real-world example of this that I wanted to share.

I’m working in a building downtown that uses proximity badges to secure offices on each floor. The elevator has a card reader as well, but it requires you to actually insert a different badge. This process is both cumbersome and unreliable. First because you are sliding a card into a fairly small slot and second because people need to jostle around the elevator so they can get directly in front of the slot in order to successfully use the card reader. In the morning rush, it’s not uncommon for your floor to have gone past before you get a chance to swipe your card.

So what do you think this results in?

You got it. In the morning rush one person gets on, slides their badge in and asks everybody which floor they’re going to.

So due to a poor design decision (low-efficiency access control device in a high-traffic area), that control is now effectively bypassed on a regular basis. Another layer of security does exist, but now you’re one step closer. Perhaps this is an acceptable risk to the original designers of this system given the security level of the building and the additional security, but unfortunately I don’t know to what extent they did consider this.

I’ll be making another post in the near future about how some of the design decisions on today’s sites are there to make users “feel” better about the security, rather than implementing effective measures themselves. Sounds familiar.

posted by Damon @ 9:44 am |

4 Comments so far
Leave a comment

What resources do you normally turn to when explaining the importance of threat modeling and secure coding? I could use some good documentation to better explain it…

By hendoon 10.24.07 12:14 pm

I frequently turn to Microsoft themselves. I’d have to say they’re the best example of an organization that completely turned the security of their products around through secure design and coding awareness. They’ve got many docs out there showing their new Secure Development Lifecycle and just think how much more secure IIS6 is than IIS4. Not to mention halting devs for 3 months to do security reviews.

Michael Howard (Author of Writing Secure Code) and his book and blog are both great resources.

By Damonon 10.24.07 3:31 pm

“are there to make users “feel” better about the security, rather than implementing effective measures themselves”

This quote reminded me of the airport :)

By Johnon 10.30.07 3:48 pm

[...] Link: How Design Impacts Security → [...]

By Spot — interaktion.info » Blog Archive » How Design Impacts Securityon 01.02.08 12:31 pm

RSS feed for comments on this post. TrackBack URI


Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>