Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Principles of secure system design
1. Principles of Secure System Design
John Scrimsher
CISO / Head of IT @ Damballa
jps@damballa.com
2. This is a unique presentation of non-unique ideas
›Information gathered from multiple sources, including speakers own experiences
›Todd Merritt: https://dzone.com/articles/9-software-security-design
›Gary McGraw: http://searchsecurity.techtarget.com/opinion/Thirteen-principles-to-ensure-
enterprise-system-security
›Google: Principles of Secure System Design
4. Initial Considerations
› Start with the weakest link
› Do not trust by default
› Assume secrets are not safe
› Assume network is dirty
› Ask for help / borrow others ideas
5. 9 Primary Principles of Secure System Design
1. Principle of Least Authority
2. Fail Securely
3. Economy of mechanism (KISS Principle)
4. Mediate Completely
5. Open Design (vs. security by obscurity)
6. Separation of Duties / Privileges
7. Least Common Mechanism
8. Psychological Acceptability
9. Defense in Depth
6. Principle of Least Authority
› Need to know basis
› Only grant the permissions required to complete the task requested
7. Fail Securely
› Fail Open: Service continues to work when mechanism fails
› Fail Closed: Service ceases work when mechanism fails
› Fail Securely: Fail in the manner which provides security of life and intellectual property
Open Closed
8. Economy of Mechanism
› KISS Principle - Keep it as simple and small as possible
› Complexity is the enemy of security
› Design and Implementation errors may result in unauthorized access that would not be noticed
until normal use.
› Complexity may also break access where needed
Ankita Thaker, Maze door lock
9. Mediate Completely
› All access requests should be validated for authorization
› Prevent backdoor or “go-around” access
10. Psychological Acceptability
› If users perceive that security is hindering their job, they are more likely to go around the process
› Perceived value in their job will increase utilization
11. Open Design
› Do not rely upon obscurity
› Eventually someone will stumble upon it
› Don’t get stuck in the trap of “its behind our firewall, so that’s good enough”
Rendering by Jonathan L.: http://www.blendernation.com/2012/07/14/cabin-in-the-woods/
12. Separation of Duties / Privileges
› Prevents Fraud and Error
› Quality Control (Integrity of data)
› Examples (includes people with access to
these roles / environments):
− Development and Production
Environments
− Database Admin (DBA) vs. System
Admin
13. Least Common Mechanism
› Separate sessions for separate users
› Similar to Separation of Duties
› Do not share resources where not required
− Internal Authentication for internal resources, External Authentication for External
resources
− This is a why we need Complete Mitigation
14. Defense In Depth
› Layered Approach to Security
› Requires multiple attack types to penetrate
15. 9 Primary Principles of Secure System Design
1. Principle of Least Authority
2. Fail Securely
3. Economy of mechanism (KISS Principle)
4. Mediate Completely
5. Open Design (vs. security by obscurity)
6. Separation of Duties / Privileges
7. Least Common Mechanism
8. Psychological Acceptability
9. Defense in Depth
17. Threat Discovery Center
processes nearly 15% of the
world’s Internet traffic daily
Protect more than ½ billion
devices daily
Founded by data scientists
& researchers in 2006
DAMBALLA: Specialists in Advanced Threat Detection
Product innovation:
4 patents; 12 pending
Global deployments and
customers on five continents
Customers in every
vertical market
18. AUTOMATE DETECTION AND RESPONSE
Advanced Threat Detection
Automate
Discovery and validation
without human intervention
Detect
Unknown threats that hide from
traditional controls & assess
risk / impact of infection
Respond
Automatically, with
indisputable evidence to
prevent loss
Editor's Notes
First, just a couple of slide about Damballa. We have been in the advanced threat detection business for nearly a decade.
THIS SLIDE BUILDS. CLICK TO ADVANCE THE ANIMATION.
Damballa was founded by data scientists and researchers in 2006
We have a long history of product innovation; current 4 patents and 12 patents pending
Our systems protect more than ½ billion connected devices daily
We have customers in every vertical market, including the top Global and FORTUNE 500 in financial services, energy, media and retail
Our systems are globally deployed on customer locations on five continents