Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Make it Fixable (Security Divas 2017)


Published on

Make it fixable, designing for change

Our users trust us. They trust that we will protect them and lead them down the right path. Doing that right the first time is practically impossible. From experience we have learned that almost any surface we expose could have weaknesses. We have to have a plan on how to deal with issues as they arise, an architecture that allows us to correct and protect in products that are already in use. When security is lifted up to the discretion of the user, however, we often fail to inform their decision properly. The usability of security and the architecture for fixability are closely connected, and both need continued refinement and focus. This talk will describe architectural and organizational features that make it easier to make corrective measures. It will also show examples of how difficult it is to design the user experience of security.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Make it Fixable (Security Divas 2017)

  1. 1. Make it Fixable Designing for Change Patricia Aas Security Divas 2017
  2. 2. Patricia Aas Programmer mainly in C++ and Java Currently : Vivaldi Technologies Previously : Cisco Systems, Knowit, Opera Software Master in Computer Science from UiO Twitter : @pati_gallardo
  3. 3. Security is Hard
  4. 4. Just Remember : - You live in the real world - Take one step at a time - Make a Plan
  5. 5. ● Unable to Roll Out Fixes ● No Control over Dependencies ● The Team is Gone ● It’s in Our Code Risk Management - Make it Fixable
  6. 6. Unable to Roll out Fixes ● Relying on User Updates ● Unable to Build ● Unable to Deploy ● Regression Fear ● No Issue Tracking ● No Release Tags ● No Source ● Issue in infrastructure
  7. 7. Fix : Ship It! Code ● Get the Code ● Use Version Control ● Keep Build Environment ● Write Integration Tests Holy Grail : Auto Update Configuration Management ● Have Security Contact ● Track issues ● Make a Deployment Plan ● Control Infrastructure
  8. 8. No Control over Dependencies ● Too Many Dependencies ● Frameworks are Abandoned ● Libraries Disappear ● Insecure Platform APIs ● Insecure Tooling ● End-of-Life OS (Windows) ● Licenses expire/change ● Known Issues not Fixed ● OS Not Updated (Android)
  9. 9. Fix: Control It! Be conservative ● Is it needed? ● Do you understand it? Goal : Dependency Control Be cautious ● Audit your upstream ● Avoid forking ● Have an upgrade plan ● Have someone responsible
  10. 10. The Team Is Gone ● Team were consultants ● They were downsized ● The job was outsourced ● “Bus factor” ● “Binary blob” ● Abandonware
  11. 11. Fix : Own It! Take it on yourselves ● Build competence in-house ● Fork, take control ● “Barely Sufficient” Docs ● Ship It and Control It Goal : Regain Control Outsource ● Maintenance Contract ● Add Security Clause ● Own deployment channel
  12. 12. It’s in Our Code ● Injection ● Exploited crash etc ● Debug code in production ● Server compromised ● Outdated platform ● Intercepted traffic ● Mined local data ● Fake App
  13. 13. Fix : Live It! Prevent ● Sanitize your input ● Send crash reports ● Code review + tests ● Review server security ● Encrypt all traffic ● Review local storage ● Work around old platform ● Sign app and check Goal : Prevent & Cure Cure ● Ship it!
  14. 14. Designing the User Experience of Security
  15. 15. Example : The Padlock “You can trust this page” Or? Users don’t understand the meaning of the padlock “Why do you have a red purse?” The Save icon, the Call icon and the Padlock icon - too old? “The page has a green padlock” Does the user really notice the context?
  16. 16. The Users Won’t Read Error blindness Most users will mentally erase permanent error notifiers - they won’t read “Just click next” Most users will accept the defaults - they won’t read “Make it go away” The user will try to make the error dialog go away - they won’t read
  17. 17. Fix : Less is More Don’t leave it to the user Just do the right thing, you don’t have to ask Have good defaults Make sure that clicking next will leave the user in a good place Be very explicit when needed If the user is in a “dangerous” situation - design carefully and if you have to explain : use language the user can understand
  18. 18. They Trust You With Personal information They trust you to protect them from both hackers and governments With Data They trust you to protect their pictures, documents, email ... With Money They trust you to protect their payment information and passwords
  19. 19. Fix : Be Trustworthy Only store what you have to Try to use end-to-end encryption, so that even you don’t have access. Otherwise, encrypt as much as you can Back up everything Your users can’t afford to lose their baby pictures Use third party payment Avoid having responsibility for their money
  20. 20. Ship It, Control It, Own It, Live It
  21. 21. Security is Hard Protect Your User
  22. 22. Make it Fixable Design for Change Patricia Aas, Vivaldi Technologies Photos from