Software Security Policy (on)

Others 2019-12-12 15:17:13 views: null

Software Security Policy

@author: alkaid

生命以负熵为食 —— 《生命是什么》薛定谔

background

  • I think as an information security practitioner, both in penetration testing, code audit or other security service also will be exposed to a variety of loopholes. Simple classification of these vulnerabilities may be able to get dozens of categories loopholes, of course, almost all types of vulnerabilities in common Weakniss Enumeration has a corresponding description.

  • Face type so rich vulnerability, we have to how to deal with it?

  • To know human nature is lazy, article by article analysis of verification is almost impossible. And penetration testing, red and blue against other services, in essence, is to achieve the purpose of point to an area, then the surface where the issue is worthy of us to think about.

  • Nonsense pull over, get to the point.

    Security Policy Framework

  • This article said security policy, that is the way the system used to handle security risks that may exist.

  • I am here simply sort out a bit, several aspects when considering security software needs to be considered, (in the title frame venture with the word, I hope that this framework can really help to achieve better software security), FIG follows:

  1. Authentication policies, access control policy, session management strategies of these three areas is basically the cornerstone of security throughout the software, if there is a problem on these three aspects of the lack of appropriate control or to achieve the general direction, then great impact on the entire software and may be disruptive need to push to rebuild.
  2. Against intermediaries: For the man in the middle attack most people's views may belong to the late deployment software, using https / HSTS no problem (the problem may not be so simple), but I put it into the frame.
  3. O: It may be a bit corny, but I think in terms of a clear understanding of the software is the input, what is the output, it may be better analyzed.
  4. Sensitive data: In the background gradually formed a virtual community in the network, its openness features are bound to draw attention to the relevant departments, as an important compliance items should be taken into account in the early stages on the inclusion. If the problem occurs while the corresponding software to repair them extremely headache, endless completely repair the situation that may arise in the process of production of the corresponding laws and regulations violated the loss caused may be extremely large .
  5. Software technology stack: the vernacular is little argument with what software technology.
  6. Configuration Management: Some unexpected vulnerability could have come from the wrong configuration management, such as transaction logs leaked

  7. Exception Handling: intrinsically safe against access to information, as much as possible to get some information can not obtain conventional exception is a more important source.

    Authentication

    concept

  • Identity authentication in the virtual world with the real world, you first need to identify the people, established on the basis of stored data can be identified to carry out the business, production, processing, use,. But at the moment, since you are real, it does not appear similar to prove that you are you a question, but rather a concept of virtual identity materialized, then the authentication is able to prove the identity of virtual reality belongs to you.
  • So in the virtual world it is a must to solve the problem - how to get you the real and the virtual world of virtual bind you.
  • Then the most direct way is to provide secret - information that only the account owner holds. E.g. password information entered at the time of account registration, secret security information
  • In other words, in the virtual world as long as they provide secret information related to the account, you will be able to claim ownership of the account. Because for omniscient program, it is only received this secret, you and he makes no difference.
  • for example:
    1. alkaid alkaid login account, enter the password password, program verification by allowing businesses to implement the relevant account alkaid
    2. person2 not know know through what channels, authentication information alkaid / password, the verification procedure by allowing the account to alkaid perform related operations.

Risks and processing

  • Now authentication should be is very clear, in fact, the secret is to verify the virtual account information, then validate the information as long as you know it will return a success and the consequences of failure, to some extent this is also a class of information leakage, but the amount of information leakage than little, through continuous accumulation of information, we can finally cracked the secret information with the authentication key risk points.
  • Directly reflects such risks is violence enumeration to crack account.
  • Of course, part of this risk can not be resolved, we can adopt to reduce the risk, the risk in a controlled manner:
    1. Features solve the accumulated information.
      • Account lockout mechanism
    2. As the perfect solution 1 is relatively difficult (mostly unusable risk of introducing not necessarily be accepted), the goal of improving the way information can also be used, in a limited time dimension, can not crack the account
      • Providing secret information complexity, such as the complexity of the password
      • Using a verification code technology to prevent the machine to break through the limits of human reality.
    3. Reduce the amount of information accumulated in a single
      • Error fuzzy failure
  • In fact, there are other risks can not be solved, such as secret information from being stolen. It is generally also require replacement of secret information function.
    • The use of biological information technology unacceptable that confidential information can not be updated, if needed replacement may need to re-design algorithms and related algorithms sampled information may require that all virtual users simultaneously replacement of equipment and secret information.

Session Management

concept

  • Since the HTTP protocol belongs to no state (each packet is independent, based only sent a packet before data can not determine which data packets) protocol, while an authentication has been explained most of the business operations are based on the needs of virtual identity, then after the completion of authentication, data prior to subsequent data packets can not back pack, making it impossible to prove that they can indeed hold a virtual declaration of identity.
  • Of course, if every secret identity with the request for information it can indeed be authenticated, but the frequent use of such confidential information may increase the risk of confidential information leakage.
  • Real life due to the limitations of time and space, basically there is no such risk, we can hardly be referenced.
  • But such problems turn - how to let the server know you this is real people operating in your own virtual identity (issue back to the authentication)
    • A section of the same identity, that is to master the secret information.
    • That is, a server with me to discuss only two of us know the temporary secret, the secret place of the original virtual identity.
    • Temporary secret secret identity as a virtual alternatives in each time you visit all be provided. - Temporary secret that we are in general sesssionID (session ID).

  • Session management, namely around sessionID is how processed.

  • Then around a bit, it is not that a temporary virtual identity system like the session opened to me, but at the same time has the information of the original virtual identity?
    • Yes indeed, the session To some extent, the account is actually no difference, it is possible to provide the appropriate information storage, but the session is temporarily in.

Risks and processing

  • Session with an account similar to the risks it faces are also the same authentication.
  • But because it is similar (if exactly the same, will go back to the beginning of the problem - does not prove that they can hold a virtual declaration of identity), one of the biggest feature of the session was temporary. Since the properties of the preset time, we use the basic complexity of the embodiment 2.
  • How to ensure as much as possible the complexity of it?
    • Randomly generated symbol combination. (To avoid the word combination, account information, etc., from the perspective of the information entropy, the information associated with as much as possible to avoid the known association of the more, the less information contained in this data, the more easily guessed)
    • Guarantee a certain length (each bit length increases, the difficulty of guessing are doubled)

Access control

concept

  • Given the likely learning and we had a MAC, DAC, RBAC confusion, this festival thing not discussing these specific strategies, talk about these specific strategies could search on google, wiki are much more convenient and accurate, to discuss access control what solution question, what risks face.

  • Related to access control, there are two concepts of nature, subject and object.

    main body

  • Generally refers to the proposed object access request. On the basis of realization of authentication and session management, based on the body relatively clear, there are two categories constitute
    • The main representative of the virtual identity

    • No virtual identity, (on behalf of all without authorization)

      object

  • Generally refers to the resource being accessed. In fact, what specific resources associated with the system is very difficult to clear, and here I mention only two types, functions and data. They should be in all kinds of the most common types of system resources.

    analysis

  • Since it is a virtual time, if you exclude the impact of space and time , by its very nature should be the same, in reality, similar to the nature of the scene including fire safety, security, security, etc.
  • I live in a community where, for example, alkaid A community living in a 11th floor room 1111.
    • I need to get back to my room to go through, access control cells, an access control, an elevator ladder control, the key to room 1111, and a password.
  • We are talking about virtual reality scene with the scene mapping, to help facilitate the analysis also think I might find something not mentioned.
    • Access control cells, the equivalent of identity authentication system, I confirm that households belonging to the cell by the access control
    • After entering the cell, in the context of session management, when I only hold a ladder of access and control, it is equivalent to only allow me to access some features.
    • The room key corresponds with my data access.
    • Public resources and the green areas of the runway belonging to authorized users, while others belong to the outer cell resources that anyone can access

    • Cell throughout the monitoring can support the audit of behavior

      to sum up

  • In access control, we need at least a few:
    1. Function-level access control
    2. Access control for user data or data level of other resources
    3. Sort of public resources and personal resources
    4. Monitoring and auditing

Risks and processing

  • Risks around our above mentioned points
  1. Related Resources access control (ie access control design).
    1. Depending on the system needs to set appropriate access to different resources. After all, in general, my room and I should only authorized personnel can enter the I
    2. Need to assess and confirm the validity of access designed to meet the principle of minimizing
    3. For resource default access should be refused
  2. Authorization to bypass / unauthorized access
    1. Whether ongoing resources to sort out and process monitoring system changes
  3. Side channel / information estimation
    1. Description example: there will be room window, through the window might be able to see some of your habits or analysis guess some information. From the description of view, the risk compared to several other less
  4. Mentioned before, we ignore the effects of time and space. There may be a case of direct access to my personal room in the virtual world, so under normal circumstances we need to verify whether a visitor after certification held by holding a virtual identity. (Usually this operation will be implemented as a global interceptors in the software system, the equivalent of all of the resources will be incorporated into a range of access control to avoid when implementing new features, we forgot to consider this type of situation, resulting in the risk of such [ even through the audit found, it can not be retroactive].)

to sum up

  • This paper analyzes being only three basic strategies, follow-up will be updated other content.

Guess you like

Origin www.cnblogs.com/alka1d/p/12029105.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com