Control Methods To Malicious Codes – Software – Attacks
In this section as we conclude our part one series, we look at three types of controls: developmental, operating system, and administrative as we look at protecting our systems from malicious code, worms or attackers . We discuss each in turn.
Software development is often considered a solitary effort; a programmer sits with a specification or design and grinds out line after line of code. But in fact, software development is a collaborative effort, involving people with different skill sets who combine their expertise to produce a working product. Development requires people who can
- Specify the system, by capturing the requirements and building a model of how the system should work from the users’ point of view design the system,
- by proposing a solution to the problem described by the requirements and building a model of the solution implement the system,
- by using the design as a blueprint for building a working solution test the system, to ensure that it meets the requirements and implements the solution as called for in the design review the system at various stages,
- to make sure that the end products are consistent with the specification and design models document the system, so that users can be trained and supported
- Manage the system, to estimate what resources will be needed for development and to track when the system will be done maintain the system, tracking problems found, changes needed, and changes made, and evaluating their effects on overall quality and functionality
Modularity, encapsulation and information hiding
Code usually has a long shelf-life, and it is enhanced over time as needs change and faults are found and fixed. For this reason, a key principle of software engineering is to create a design or code in small, self-contained units, called components or modules; when a system is written this way, we say that it is modular. Modularity offers advantages for program development in general and security in particular.
If a component is isolated from the effects of other components, then it is easier to trace a problem to the fault that caused it and to limit the damage the fault causes. It is also easier to maintain the system, since changes to an isolated component do not affect other components. And it is easier to see where vulnerabilities may lie if the component is isolated. We call this isolation encapsulation.
This is another characteristic of modular software. When information is hidden, each component hides its precise implementation or some other design decision from the others. Thus, when a change is needed, the overall design can remain intact while only the necessary changes are made to particular components.
Controls on use of Programs Development controls are usually applied to large development projects in a variety of software production environments. However, not every system is developed in the ways we described above; sometimes projects are too small or too resource constrained to justify the extra resources needed for reviews and configuration control boards, for example.
- Although not the most desirable situation, the lack of proper controls is often a reality of development life. Even when development controls are incorporated in an organization’s standard development process, it is difficult to ensure that each developer or user has followed official guidelines or standards. For these reasons, some of the software security enforcement is implemented by the operating system.
We say that software is trusted software if we know that the code has been rigorously developed and analyzed, giving us reason to trust that the code does what it is expected to do and nothing more. Typically, trusted code can be a foundation on which other, untrusted, code runs. That is, the untrusted system’s quality depends, in part, on the trusted code; the trusted code establishes the baseline for security of the overall system.
In particular, an operating system can be trusted software when there is a basis for trusting that it correctly controls the accesses of components or systems run from it.
To trust any program, we base our trust on rigorous analysis and testing, looking for certain key characteristics
- Functional correctness: The program does what it is supposed to, and it works correctly.
- Enforcement of integrity: Even if presented erroneous commands or commands from unauthorized users, the program maintains the correctness of the data with which it has contact.
- Limited privilege: The program is allowed to access secured data, but the access is minimized and neither the access rights nor the data are passed along to other untrusted programs or back to an untrusted caller.
- Appropriate confidence level: The program has been examined and rated at a degree of trust appropriate for the kind of data and environment in which it is to be used.
Trusted software is often used as a safe way for general users to access sensitive data. Trusted programs are used to perform limited (safe) operations for users without allowing the users to have direct access to sensitive data.
Not all controls can be imposed automatically by the computing system. Sometimes controls are applied instead by the declaration that certain practices will be followed. These controls, encouraged by managers and administrators, are called administrative controls.
We can exercise some degree of administrative control over software development by considering several kinds of standards or guidelines.standards of design, including using specified design tools, languages, or methodologies, using design diversity, and devising strategies for error handling and fault tolerance standards of documentation, language, and coding style, including layout of code on the page, choices of names of variables, and use of recognized program structures standards of programming, including mandatory peer reviews, periodic code audits for correctness, and compliance with standards standards of testing, such as using program verification techniques, archiving test results for future reference, using independent testers, evaluating test thoroughness, and encouraging test diversity standards of configuration management, to control access to and changes of stable or completed program units
Standardization improves the conditions under which all developers work by establishing a common framework so that no one developer is indispensable. It also allows carryover from one project to another; lessons learned on previous projects become available for use by all on the next project. Standards also assist in maintenance, since the maintenance team can find required information in a well-organized program. However, we must take care so that the standards do not unnecessarily constrain the developers.