Secure Software Development

In 2021, cryptographic failures were listed as the second most important security risk in web applications out of a total of ten security risks identified by the OWASP (Owasp, 2021). Current encryption algorithms provide reasonable security. However, vulnerabilities still exist and arise due to different reasons. They can be grouped into main four reasons.

The first one is due to the use of plain text to communicate sensitive data (Lazar et al., 2014; Wagnon, 2022). This provides a straightforward method for network sniffers to obtain data.

The second one is due to a group of problems that give access to an attacker, i.e., a man-in-the-middle, to communicated data. This includes authentication errors and inadequate checks of digital certificate signatures (Lazar et al., 2014). Authentication errors may happen because of software bugs like the “Go to” bug in Apple operating systems that led to approving invalid signatures (Lazar et al., 2014; Cve, 2013). This means that authentication errors might happen due to programming faults and have serious consequences. Also, inadequate or inexistent signature checks might happen due to software bugs. An example of this is an android application that didn’t verify x.509 certificates from SSL servers (Cve, 2014). The two examples will eventually allow the attacker to spoof servers with crafted certificates to gain access to the web applications.

The third one is brute force attacks that succeed due to all sorts of weaknesses in the encryption process, which include, low encryption strength, weak encryption keys, insufficient randomness during key generation, the use of outdated encryption algorithms, and incorrect use of encryption libraries. These allow attackers to break cryptography by guessing (Lazar et al., 2014; Yousef, 2017).

The last reason is due to side-channel attacks which summarize indirect ways of breaking cryptography like timing attacks. This timing attack is performed by calculating the time spent during cryptogamic processes (Kocher, 1996).

It is worth mentioning that a study that explored the sources of cryptographic failures found that 83% of the vulnerabilities are caused by incorrect use of cryptographic libraries and not due to problems in the libraries themselves (Lazar et al., 2014).

To represent the reasons for cryptographic failures, a UML communication diagram was chosen due to its ability to show interactions between objects through messages. This allows the depiction of the communication that happens in the client-server architecture including the certificate authority. This was designed using Visual Paradigm Community Edition (Version 16.3).

 

References

Cve (2013) CVE - CVE-2014-0092. Available from: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0092 [Accessed].

Cve (2014) CVE - CVE-2014-1967. Available from: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1967 [Accessed].

Kocher, P. C. (1996) ‘Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems’.  Advances in Cryptology — CRYPTO ’96, 16th Annual International Cryptology Conference, 18-22 August 1996 Santa Barbara, California, USA. Springer.

Lazar, D., Chen, H., Wang, X. & Zeldovich, N. (2014) ‘Why does cryptographic software fail’.  Proceedings of 5th Asia-Pacific Workshop on Systems, 2014 Beijing, China. ACM, 7.

Owasp (2021) OWASP Top Ten. Available from: https://owasp.org/www-project-top-ten/ [Accessed June 25 2022].

Wagnon, J. (2022) 2021 OWASP Top Ten: Cryptographic Failures. Available from: https://www.youtube.com/watch?v=2CMNNAJ6Ixc [Accessed June 25 2022].

Yousef, N. (2017) The many, many ways that cryptographic software can fail. Available from: https://www.freecodecamp.org/news/why-does-cryptographic-software-fail-often-d660d3cdfdc5/ [Accessed June 23 2022].

There are several external sources of threats that endanger the information security of companies. However, attacks by internal individuals of the company are not less important and are often more harmful than external ones (Newcombe, 2012; Upton & Creese, 2014). Several factors lie beyond that, some of which were revealed in an international research project that aimed at detecting internal threats and finding solutions to those threats (Upton & Creese, 2014).

One of the most important factors of the increased danger of internal attacks is the privileged access provided for company employees and the greater range of attack possibilities. Another factor is the use of own devices which may bring the risk of infection with viruses and malware. In addition, the careless use of the web and social media at work can threaten information security through scams and phishing. Furthermore, the possible communication between employees and service companies with which outsourcing contracts are established could lead to a security threat (Upton & Creese, 2014).

Several solutions are available. The first one is the adoption of a strong internal policy detailing what practices to be avoided by employees, the consequences expected in case of an event, and the correction steps that need to be done after an event. This policy should be supported by education. The second one is by enhancing the knowledge about, and the preparedness for possible attacks, and the understanding of the importance of reporting suspicious behaviors through education and training. The third one starts from the time of hiring by performing background checks, asking interview questions tailored to reveal internal values, and assessing the security awareness of candidates. Other solutions are in form of reviewing access control lists, monitoring the network activity of employees, and the use of malware-detection software and internal threat detection systems (Upton & Creese, 2014; Pillai, 2017).

 

Tutor's feedback

Dear Mohammad, I really like how you have built into your discussion the risk of BYOD - this is an effective idea in relation to threats coming from the inside. I also like your consideration of the background checks at the stage of interview, helping to bring people into the organisation only who are credible and trustworthy. I believe that these are both important steps for an organisation to take when working towards achieving security. A very nicely written post, Mohammad, well done. Cathryn

 

References

Newcombe, L. E. E. (2012) SECURITY THREATS ASSOCIATED WITH CLOUD COMPUTING. IT Governance Publishing.
Available from: http://0-www-jstor-org.serlib0.essex.ac.uk/stable/j.ctt5hh6g0.9.

Pillai, A.B.(2017) Software Architecture with Python.Available from: http://0-search.ebscohost.com.serlib0.essex.ac.uk/login.aspx?direct=true&db=nlebk&AN=1513359&site=eds-live.

Upton, D. M. & Creese, S. (2014) The Danger from Within. Available from: https://hbr.org/2014/09/the-danger-from-within [Accessed September 2014].

You should read Chapter 2,6,7,8 of the course text (Pillai, 2017) and Cifuentes & Bierman (2019) and then answer the questions below, adding them as evidence to your e-portfolio.

1. What factors determine whether a programming language is secure or not?
2. Could Python be classed as a secure language? Justify your answer.
3. Python would be a better language to create operating systems than C. Discuss.

Team component

You should discuss your answers within your team, and you can share your team responses with the tutor for formative feedback or discuss it in next week’s seminar.

QUESTION 1

A programming language can be considered secure if it can “provide first-language support to address the causes for the most common, significant vulnerabilities found in real-world software” (Cifuentes and Bierman, 2019).

Some of the vulnerabilities that a secure programming language should prevent are the buffer overflows, SQL injections, cross-site scripting (XSS), OS command injections, and information leaks. Also, an interesting finding in one of the studies that explored the sources of cryptographic failures was that 83% of the vulnerabilities were caused by incorrect use of the cryptographic libraries and not due to problems in the libraries themselves. So an important factor in making a secure programming language would be to have resistance to developers' critical mistakes (Lazar et al., 2014).

The analysis conducted by Cifuentes and Bierman revealed that none of the mainstream languages address all the three main exploited vulnerabilities.

QUESTION 2

Python, like any other mainstream languages, presents a series of vulnerabilities. Pillai, A. B. (2017) explored a series of security issues affecting Python such as overflow errors, serialization issues and reading and evaluating input. Moreover, Pillai provided a set of examples on how the language is vulnerable in web applications and how it can be subject to certain attacks such as XXS, DoS and SSTI. These attacks can be mitigated with the solutions adopted by Pillai in his examples.

Python, like all other programming languages, is not considered natively secure as concluded by Cifuentes & Bierman (2019) and indirectly by Pillai (2017). By carefully applying certain secure coding strategies, secure software systems can be developed by using Python.

QUESTION 3

Both languages can be used to write an operating system but Python can not write a full operation system because it is an interpreted language and has limitations to write instructions for the hardware (History-computer.com, 2022). Also, managing memory is still an issue that can’t be addressed adequately for an operating system using Python  (Cifuentes and Bierman, 2019).

Python is a very high-level language (VHLL). This means that Python uses a higher level of abstraction, conceptually further from the underlying machine, than do classic compiled languages such as C, C++, and Fortran, which are traditionally called “high-level languages” (Martelli, et al., 2017).

 

References

Cifuentes, C. and Bierman, G. (2019). What is a Secure Programming Language? DOI:10.4230/LIPIcs.SNAPL.2019.3.

History-computer.com (2022). C vs Python: Compared. [online] History Computer. Available from:https://history-computer.com/c-vs-python/ [Accessed 2 Jul. 2022].

Lazar, D., Chen, H., Wang, X. & Zeldovich, N. (2014) ‘Why does cryptographic software fail’.  Proceedings of 5th Asia-Pacific Workshop on Systems, 2014 Beijing, China. ACM, 7.

Pillai, A.B. (2017) Software Architecture with Python. Birmingham, UK: Packt Publishing. Available from:https://search.ebscohost.com/login.aspx?direct=true&AuthType=sso&db=nlebk&AN=1513359&site=eds-live[Accessed: 1 July 2022].

Martelli, A., Ravenscroft, A. & Holden, S. (2017) Python in a Nutshell : A Desktop Quick Reference. Sebastopol: O'Reilly Media, Incorporated.

1- What is ReDOS and what part do ‘Evil Regex’ play?

ReDOS is a regex denial of service attack. Basically, it exploits regex engines' vulnerabilities to overload a system rendering it unresponsive (Obielum, 2021).

2. What are the common problems associated with the use of regex? How can these be mitigated?

The problem with regex expressions is that they are susceptible to errors that can’t be detected easily. Some of the mitigations are by simplifying the regex expression as much as possible. Also, tools can be used to check the expressions for errors like EGRET and ACRE (Larson, 2016; Larson, 2018).

3. How and why could regex be used as part of a security solution?

Regex can be used as a part of a security solution by validating user input, creating firewall rules, and malware scanning (Li, 2020; Larson, 2016).

 

References

Larson, E. (2016) Generating Evil Test Strings for Regular Expressions. Seattle University.

Larson, E. (2018) Automatic Checking of Regular Expressions. Seattle University.

Li, V. (2020) Regular Expressions: A Quick Intro for Security Professionals - DZone Security. Available from: https://dzone.com/articles/regular-expressions-a-quick-intro-for-security-pro [Accessed].

Obielum, G. (2021) How to protect against regex denial-of-service (ReDoS) attacks. Available from: https://blog.logrocket.com/protect-against-regex-denial-of-service-redos-attacks/ [Accessed].

Software code complexity decreases the readability and maintainability of the code, hence it reduces the ability of the software to show its errors and bugs which may lead to hidden vulnerabilities (Pillai, 2017). One of the well-known security principles that were laid down by Saltzer and Schroeder is the economy of mechanism, which urges for a simpler design that improves readability and enhances the ability to perform code inspection (Saltzer & Schroeder, n.d).

Management of software complexity is a real concern in the domain of software engineering (Sommerville, 2016; Alenezi & Zarour, 2020). One of the code complexity measures is cyclomatic complexity which measures the number of independent branches in a program. A higher number of branches means higher code complexity.

A study on the Mozilla application framework found a weak correlation between complexity metrics and security vulnerabilities (Shin & Williams, 2008). On the other hand, other studies found a direct relation between complexity and security vulnerabilities (Alenezi & Zarour, 2020). However, this may not ably for every software or every team. So, code complexity reduction, in my opinion, is still desirable and it is work considered a tool to reduce loopholes in a time that involves an ever-increasing number of vulnerabilities (Goldstein, 2021).

References

Alenezi, M. & Zarour, M. (2020) On the Relationship between Software Complexity and Security. International Journal of Software Engineering & Applications 11(1): 51-60.

Goldstein, A. (2021) All About Mend’s 2021 Open Source Security Vulnerabilities Report. Available from: https://www.mend.io/resources/blog/2021-state-of-open-source-security-vulnerabilities-cheat-sheet/ [Accessed 30 August 2022].

Pillai, A. B. (2017) Software Architecture with Python. Available from: href="http://0-search.ebscohost.com.serlib0.essex.ac.uk/login.aspx?direct=true&db=nlebk&AN=1513359&site=eds-live"

Saltzer, J. H. & Schroeder, M. D. (n.d) The protection of information in computer systems. Available from: http://web.mit.edu/Saltzer/www/publications/protection/ [Accessed 15 August 2022].

Shin, Y. & Williams, L. (2008) ‘Is complexity really the enemy of software security?’.  4th ACM workshop on Quality of protection, 27-31 October 2008 Alexandria, Virginia, USA. Association for Computing Machinery, 47–50.

Sommerville, I. (2016) Software Engineering. Tenth edition, Global edition ed. Harlow, Essex, England: Pearson. Available from: https://ebookcentral.proquest.com/lib/universityofessex-ebooks/detail.action?docID=5185655

Ontology is a group of concepts and relations that are related to a specific domain. It helps organizations manage their activities and categorize their services according to the service-oriented architecture (Arnaut et al., 2010; SpryKwnoledge, 2011).

An ontology that is suitable for our team project, which is an application that can be used by a National Cybersecurity Center or an internet police forensics, would contain the following classes:

• Cybersecurity threat.
• Cybersecurity specialist.
• General public user.
• Authority.
• IT update.
• Report that can be subclassed to:

Public report.
Private report.

Some of the relations that can be constructed between those entities are as follows:

• A general public user submits public reports about threats.
• A Cybersecurity specialist:

Submits private reports about threats.
View public and private reports.
Collects and records details about threats.
Informs relevant authorities about threats.
Add /Edit IT updates.
Add / Edit authorities.

 

References

Arnaut, W., Oliveira, K. & Lima, F. (2010) ‘OWL-SOA: A service oriented architecture ontology useful during development time and independent from implementation technology’.  International Conference on Research Challenges in Information Science, RCIS, 19-21 May 2010 Maison du Seminaire, Nice, France. IEEE, 523-532.

Sprykwnoledge (2011) What is an Ontology. Available from: https://www.youtube.com/watch?v=jfUPLuPL3Ho&t=13s&ab_channel=SpryKnowledge [Accessed 18 August 2022].

Based on the cryptanalysis of Junestam & Guigo (2014), there were 11 vulnerabilities detected; two of which were deemed severe, two were deemed medium, and the remaining had low severity. So, the assumption made by the TrueCrypt authors is true. Having said that, I recommend against the use of TrueCrypt for secure storage environment. The weaknesses of TrueCrypt are summarized in the Ontology Diagram below

References

Junestam, A. & Guigo, N. (2014) Open Crypto Audit Project Truecrypt Security Assessment.

As introduced by Austin and Flanagan, the faceted data concept is a mechanism against the exposure of sensitive data in software applications. This is accomplished by dynamically changing the representation according to the type of viewer(Austin & Flanagan, 2012). This could be a practical solution as it may enhance code execution efficiency by decreasing redundancy (Schmitz et al., 2016). However, faceted data, in my opinion, might be over-implementation as the programmer must think about all the possible facets of values in each piece of code. This might be exhausting compared to other ways of solving the problem, like access control mechanisms. Also, it may render the application harder to debug. A simple design for a python application that implements the faceted data concept is presented below.

References

Austin, T. H. & Flanagan, C. (2012) ‘Multiple facets for dynamic information flow’.  The 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages, 25-27 January 2012 Philadelphia, PA, USA. Association for Computing Machinery, 165–178.

Schmitz, T., Rhodes, D., Austin, T. H., Knowles, K. & Flanagan, C. (2016) ‘Faceted Dynamic Information Flow via Control and Data Monads’.  5th International Conference on Principles of Security and Trust, 2-8 April 2016 Eindhover, The Netherlands. Springer-Verlag, 3–23.

Although containers are considered a big innovation that improved the storage efficiency of microservices, there are many newer technologies that have been in use. The first example is unikernels. Unikernels bring the advantages of less weight and enhanced security compared to containers. This is because they contain everything needed from them to boot in one easily portable package (Koptyev, 2019)

The second example is hands-off containers which lessen the burden of container management and infrastructure ownership (Koptyev, 2019).

The third example is serverless functions that focus on the charge per use of functions rather than the use of servers. This option is cost-effective and requires less management (Vennam, 2020; Koptyev, 2019).

None of the architectures is regarded to be the best solution for all needs or expected to totally replace older technologies. However, there is a clear trend toward light-weight, portable, scalable cost-effective, and independent microservices.

 

References

Koptyev, S. (2019) What Comes Next After Microservices, Kubernetes, and Serverless. Available from: https://thenewstack.io/what-comes-next-after-microservices-kubernetes-and-serverless/ [Accessed 18 August 2022].

Vennam, S. (2020) Cloud computing: A complete guide. Available from: https://www.ibm.com/cloud/learn/cloud-computing [Accessed 13 December 2021].

I agree with the notion that Torvalds has been proven wrong and the microservice and microkernels are the future. The shift toward cloud computing and related technologies has been obvious due to the many advantages it can offer (Hashem et al., 2015; Hassani & Silva, 2015). Along that shift, containers have been supportive due to the lightweight nature that offers virtualization at the operating system level to encapsulate resources needed for a group of processes. This type of encapsulation is referred to as the microservice architecture (Marcelo et al., 2015). This architecture has the advantages of higher development speed, reduced code base, improved fault tolerance, enhanced cohesions, decreased coupling, and increased efficiency (Bucchiarone et al., 2018; Biggs et al., 2018; Tapia et al., 2020). Hence, it is being adopted more than the monolithic approach nowadays.

References

Biggs, S., Lee, D. & Heiser, G. (2018) The Jury Is In: Monolithic OS Design Is Flawed: Microkernel-based Designs Improve Security. Proceedings of the 9th Asia-Pacific Workshop on Systems.

Bucchiarone, A., Dragoni, N., Dustdar, S., Larsen, S. T. & Mazzara, M. (2018) From Monolithic to Microservices: An Experience Report from the Banking Domain. IEEE Software 35(3): 50-55.

Hashem, I. a. T., et al. (2015) The rise of “big data” on cloud computing: Review and open research issues. Information Systems 47(98-115.

Hassani, H. & Silva, E. S. (2015) Forecasting with Big Data: A Review. Annals of Data Science 2(1): 5-19.

Marcelo, A., et al. (2015) ‘Performance Evaluation of Microservices Architectures using Containers’. 20-22 August 2015 Ithaca. Cornell University Library, arXiv.org.

Tapia, F., et al. (2020) From Monolithic Systems to Microservices: A Comparative Study of Performance. Applied sciences 10(17): 5797.

Understanding the difference between microservices and monolithic systems can be made easier by comparing it to a real business example. In this example, business decisions can be all signed by the highest order director or by one of the department directors. The second structure is probably what is embraced nowadays, because of its reusability and adaptability to change granted by easier management and communication inside smaller divisions/ departments. On the other hand, the first structure with one director might have the advantage of faster delivery of client requests due to the lower number of communications necessary to accomplish a task compared to multiple communications in the multi-division structure. However, scalability is an issue here; increasing the number of clients is tied to increasing the overall available resources compared to only increasing every unit's resources by a small capacity.

Getting now the bridge to operating systems and databases. Let’s examine the following examples. The first one is handling Big Data. The best solution for that is probably a decentralized approach because it makes scaling up requests so easy. The second example is coding languages; modules and classes are used to break up things into more manageable components.

The main perspective of the analysis here is focused on functionality aspects. However, security is an essential part too. Let's assume that error tracking would be much easier in using microkernels, which is an argument for the general use of the microsystems (Biggs et al., 2018). Nevertheless, security does not only depend on error detection and tracking, but also on access control mechanisms and much more. In that respect, it seems there is still a lot of research that needs to be done to guarantee the security of microservices applications. One clear example of this necessity is the Mobile Edge Computing Technologies (Roman et al., 2018).

The shift toward cloud computing and related technologies has been obvious due to the many advantages it can offer (Hashem et al., 2015; Hassani & Silva, 2015). Along that shift, containerized microservices have been supportive due to the lightweight nature that offers virtualization at the operating system level to encapsulate resources needed for a group of processes (Marcelo et al., 2015).

Having said that, microservices may not be the solution to every problem. System architects need to carefully analyze business processes and how they are expected to go in the future. If the use of microservices is expected to simplify the design and bring the aforementioned advantages, then the choice is well argued and well-chosen (Bucchiarone et al., 2018; Biggs et al., 2018; Tapia et al., 2020; Newman & Fowler, 2020). Otherwise using a monolithic approach may be more suitable (Newman & Fowler, 2020).

References:

Biggs, S., Lee, D. & Heiser, G. (2018) The Jury Is In: Monolithic OS Design Is Flawed: Microkernel-based Designs Improve Security. Proceedings of the 9th Asia-Pacific Workshop on Systems.

Bucchiarone, A., Dragoni, N., Dustdar, S., Larsen, S. T. & Mazzara, M. (2018) From Monolithic to Microservices: An Experience Report from the Banking Domain. IEEE Software 35(3): 50-55.

Hashem, I. a. T., et al. (2015) The rise of “big data” on cloud computing: Review and open research issues. Information Systems 47(98-115.

Hassani, H. & Silva, E. S. (2015) Forecasting with Big Data: A Review. Annals of Data Science 2(1): 5-19.

Marcelo, A., et al. (2015) ‘Performance Evaluation of Microservices Architectures using Containers’. 20-22 August 2015 Ithaca. Cornell University Library, arXiv.org.

Newman, S. & Fowler, M. (2020) When To Use Microservices (And When Not To!). Available from: https://www.youtube.com/watch?v=GBTdnfD6s5Q&t=184s [Accessed 27 August 2022].

Roman, R., Lopez, J. & Mambo, M. (2018) Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges. Future Generation Computer Systems 78(680-698.

Tapia, F., et al. (2020) From Monolithic Systems to Microservices: A Comparative Study of Performance. Applied sciences 10(17): 5797.