Welcome to lesson four.
In lesson three, we discussed how to provide end-to-end security for
the digital manufacturing process via the security development life cycle paradigm.
In this lesson, let us talk about
secure programming practices which is critical to software security.
Digital manufacturing invariably involves software development and it will be very useful
to be knowledgeable about threats against software and how to overcome such threats.
This lesson will focus on the fundamental guidance on
software security and will describe how to develop secure code.
Topics include the types of flaws,
malicious versus non-malicious operations,
and control against software threats and tools.
We live in a digital world where
almost all the information is accessible online from anywhere.
It is the computer software or application program that makes this access feasible.
A buggy software is the mother of all troubles on the Internet.
Therefore, it is necessary to make a program
secure so that data and resources are available
only to legitimate users and the system only performs the tasks it is supposed to do.
To define a secure program,
there are some guidelines and goals to achieve,
but, let us first go through some common terms.
Software security flaws and threats are mainly of two types: non-malicious and malicious.
First, non-malicious.
When we consider non-malicious flaws and threats,
we mean threats which are brought about inadvertently.
These are caused due to some errands in the software logic.
These threats do not cause any serious security issues by themselves,
but instead may cause program malfunctioning,
which sometimes may be exploited by adversaries.
Examples of some non-malicious threats are buffer overflow.
Buffer refers to a fixed block of memory,
which is used to handle user requests.
When the capacity of the buffer block is not defined,
then it may cause buffer overflow when the user request arrives.
Incomplete mediation.
Failure to perform sanity checks on data can lead to random or carefully planned flaws.
Time of check to time of use also called TOCTOU.
This is a type of a serialization flaw.
It is caused due to an error in the sequence of execution of program instructions.
For example, a user's identity check is performed after he enters the system,
which may be too late sometimes.
Therefore, to prevent such flaws,
synchronization between processes of a program should be carefully performed.
Second, malicious.
This type of flaws or threats are intentionally designed to harm a system.
The attacker writes a program,
which when executed on the system can lead to undesired effects.
Such programs are designed in such a way that they can
operate covertly without being detected by a system user.
A computer virus is a type of malicious software program, also called malware,
that when executed replicates by reproducing itself, that is,
copying its own source code or infecting other computer programs by modifying them,
stealing passwords or data,
logging keystrokes, corrupting files,
spamming your email contacts,
and even taking over your machines are just
some of the devastating and irritating things a virus can do.
An example of a famous virus is CryptoLocker, also called ransomware,
which will encrypt all the data after infecting a target computer and
denying access to the data unless
a ransom is paid by the victim to obtain the key to decrypt.
Trojan horse, a Trojan horse is a program that appears harmless but is in fact malicious.
Unlike viruses, Trojan horses do not replicate themselves,
but they can be just as destructive.
A Trojan horse can infect your systems with malware
and viruses by installing or executing
undesirable programs on machines without
user's knowledge since the Trojan horse gives system control to the remote user.
Trap Doors, also referred to as Back Doors,
are a section of code embedded in programs by the developers who quickly
gain access after software production often during the testing or debugging phase.
Because Trap Doors allow anyone with knowledge of
them to circumvent normal security procedures,
dishonest individuals can exploit them for malicious purposes.
Worm.
A worm is a self-replicating virus that does not alter
files but resides in active memory and duplicates itself.
The worms primary effect is resource exhaustion.
Therefore, it degrades system performance.
One example of worm is Code Red.
Code Red appeared in the middle of 2001 to
devastating effect and affected 750,000 web servers.
It is estimated that Code Red's damage exceeded two billion dollars.
Let us now talk about the control against program threats.
First, good practice of software development.
The software development life cycle has a major impact on the security of software.
Therefore, during the development of software,
the developer should focus not only on the value and the quality of the product,
but also on the security aspects of the product which we had
discussed in lesson three under security devlopment lifecycle model.
Second, modularity, encapsulation, and information hiding.
These three terms define an important aspect of software development.
Modularity means while developing a software,
different functionalities are developed in the form of
separate modules instead of writing the complete software as a single file.
Encapsulation and information hiding are the features which ensure that
only certain features of the program are accessible
by the end user while the background details are hidden.
It is necessary to prevent any modification of the program by the user.
Third, proper testing.
Testing helps in detecting all possible security risks in the system.
The goal of security testing is to identify the threats in the system and measure
its potential vulnerabilities and help
developers in fixing these problems through coding.
Fourth, hazard analysis.
Hazard analysis identifies portions of
a system which have the potential for unacceptable hazards.
The purpose is to, 1.
Encourage design changes which will reduce or eliminate hazards.
2. Carry out special analysis and tests which can provide
increased confidence to prevent the existence of vulnerable portions of the system.
This brings to the conclusion of lesson four on
software security and good programming practices.