How Sure Are You About Security?
Even though it´s surprising, an important number of architects don't worry enough about security aspects
Talking with some of them, they considered that Security is a topic so complex -they are right in this appreciation- that developers don't have to care about it, just delegating its concerns to infrastructure pieces like firewalls and directory servers
I admit that keeping developers focused in business logic is always desirable, however I consider that security infrastructure, by itself, is an important part of the security strategy. Surely not the only one
My grand mother always said me "we can't trust in anyone anymore" and I didn't understand why she thought like that. Until I started making my first enterprise web applications and suffered my first attacks from unknown people. Those attacks were categorized in what is known as STRIDE
- Spoofing identity. An example of identity spoofing is illegally accessing and then using another user's authentication information, such as username and password
- Tampering with data. Data tampering involves the malicious modification of data. Examples include unauthorized changes made to persistent data, such as that held in a database, and the alteration of data as it flows between two computers over an open network, such as the Internet
- Repudiation. Repudiation threats are associated with users who deny performing an action without other parties having any way to prove otherwise—for example, a user performs an illegal operation in a system that lacks the ability to trace the prohibited operations. Nonrepudiation refers to the ability of a system to counter repudiation threats. For example, a user who purchases an item might have to sign for the item upon receipt. The vendor can then use the signed receipt as evidence that the user did receive the package
- Information disclosure. Information disclosure threats involve the exposure of information to individuals who are not supposed to have access to it—for example, the ability of users to read a file that they were not granted access to, or the ability of an intruder to read data in transit between two computers
- Denial of service. Denial of service (DoS) attacks deny service to valid users—for example, by making a Web server temporarily unavailable or unusable. You must protect against certain types of DoS threats simply to improve system availability and reliability
- Elevation of privilege. In this type of threat, an unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system. Elevation of privilege threats include those situations in which an attacker has effectively penetrated all system defenses and become part of the trusted system itself, a dangerous situation indeed
Because one of the missions of application architecture is dealing with complexity, particularly the complexity of dealing with such kinds of atacks, there exist a technique called Threat Modeling, consisting in acting like the enemy, thus anticipating his/her attacks in order to avoid them by opposing countermeassures
How to start learning about security topics? In his fourth presentation, Joe Hummel requests just one hour and half of your time to make you learn about security without assuming you have any kind of basic knowledge. As usual, he starts from the beginning, telling you about the security tenets and defining the most important terms, like Principal, Identity and Role. Benefits and disadvantages of using embedded security schemas like Windows', versus coding our own schema. Considerations when storing passwords or any other kind of secret (private information). .NET support for securing applications, different choices with pros and cons analysis
Architecting Desktop Applications with 2.0 (Part 04 of 15)
Once you finish, I suggest you continue your exploration with what Patterns & Practices has to say about Threat Modeling practices
Threat Modeling Web Applications
Enjoy it!