Book review: Foundations of Security (Part 1 Security Design Principles)

Adrian Citu

Lately, I was interested on “security applications” (view Security certifications for programmers) so I will do the review of the Foundations of Security: What Every Programmer Needs to Know.

Chapter 1:  Security goals

The first chapter make a brief description of the security domains. For the author the IT security can be split on the following domains:

  • Physical security (mechanisms that limit the physical access to the IT material: locked doors, card readers, biometric lockers, etc… )
  • Technological security
    • Application security (the domain that this book covers)
    • OS security
    • Network security
  • Policies and Procedures (each employee may need to be educated to never give out her password, the systems are so that the system administrators have the ability to reset passwords)

The chapter also introduce and explains the seven key concepts in the security field :

  1. Authentication (is the act of verifying someone identity)
  2. Authorization (is the act of checking whether a user has permission to conduct some action)
  3. Confidentiality (is the act of keeping the content of a transient communication or data accessible only to authorized entities)
  4. Message/Data integrity
  5. Accountability (the goal of the accountability is to ensure that you are able to determine who is the attacker in the case that something goes wrong)
  6. Availability (an available system is one that can respond to it’s users in a reasonable timeframe)
  7. Non-repudiation (is the act of ensuring the undeniability of a transaction by any of the parties involved)

Chapter 2: Secure Systems Design

The chapter contains some general advices in order to design secure systems. The fist advice is that it must understand the threats that can impact your project/organization. The author enumerate some of the possible security threads that can occur if the security is not part of the product design: web site defacement, computer infiltration (using buffer overflow, command injection, etc), phishing, pharming (dns cache poisoning), click fraud, denial-of-service.
In order to present various security design problems, the authors presents the code of a simple web server (you can find teh code here); the web server  is written in Java language and a complete code walk through is made in the chapter.

I must admit that was very hard to extract the essence (the main ideas ) of this chapter, for me the style is very unclear and I simply think that a part of this chapter would had a better place into the next chapter (Secure Design Principles).

Chapter 3: Secure Design Principles

In this chapter the authors enumerate and explain various principles in order to create a secure system. The following principles are explained:

  • the principle of least privilege (a computer or a user should have the minimum amount of privileges for accomplish a task)
  • defense in depth (the defense of a system must reside on multiple security layers not a single layer)
  • diversity in defense (use multiple heterogeneous systems that do the same thing, ex: use different operating systems in you infrastructure)
  • secure the weakest link (the system is only strong as the weakest link)
  • fail-safe stance or failing securely (design a system in such way that even if one or more components fail, the system can still ensure some level of security).  In order to explain this principle, the authors will use the web server from the previous chapter.
  • secure by default (when designing a system, by default should be optimized for security wherever possible)
  • simplicity (keep the software as simple as possible to preserve the software security)
  • usability (in order to be usable, a software product should let the users to accomplish the tasks that the software is mean in most securely way). It is true that the usability and the security are sometimes 2 antagonist properties.

Chapter 4: Exercises for Part 1

The chapter contains some exercises linked to the previous chapters. Some of the exercises are just questions about things explained in the previous chapters, others are programming exercises (mount an attack to the web server or implement a  basic HTTP authentication).