9780201721522

Summary

Most organizations have a firewall, antivirus software, and intrusion detection systems, all of which are intended to keep attackers out. So why is computer security a bigger problem today than ever before? The answer is simple--bad software lies at the heart of all computer security problems. Traditional solutions simply treat the symptoms, not the problem, and usually do so in a reactive way. This book teaches you how to take a proactive approach to computer security. Building Secure Softwarecuts to the heart of computer security to help you get security right the first time. If you are serious about computer security, you need to read this book, which includes essential lessons for both security professionals who have come to realize that software is the problem, and software developers who intend to make their code behave. Written for anyone involved in software development and use-from managers to coders-this book is your first step toward building more secure software. Building Secure Softwareprovides expert perspectives and techniques to help you ensure the security of essential software. If you consider threats and vulnerabilities early in the devel-opment cycle you can build security into your system. With this book you will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped. Inside you'll find the ten guiding principles for software security, as well as detailed coverage of: Software risk management for security Selecting technologies to make your code more secure Security implications of open source and proprietary software How to audit software The dreaded buffer overflow Access control and password authentication Random number generation Applying cryptography Trust management and input Client-side security Dealing with firewalls Only by building secure software can you defend yourself against security breaches and gain the confidence that comes with knowing you won't have to play the "penetrate and patch" game anymore. Get it right the first time. Let these expert authors show you how to properly design your system; save time, money, and credibility; and preserve your customers'trust.

Foreword	p. xix
Preface	p. xxiii
Organization	p. xxiv
Code Examples	p. xxv
Contacting Us	p. xxvi
Acknowledgments	p. xxvii
Introduction to Software Security	p. 1
It's All about the Software	p. 2
Dealing with Widespread Security Failures	p. 6
Bugtraq	p. 7
CERT Advisories	p. 8
RISKS Digest	p. 8
Technical Trends Affecting Software Security	p. 9
The 'ilities	p. 13
What Is Security?	p. 14
Isn't That Just Reliability?	p. 15
Penetrate and Patch Is Bad	p. 15
On Art and Engineering	p. 17
Security Goals	p. 18
Prevention	p. 19
Traceability and Auditing	p. 19
Monitoring	p. 20
Privacy and Confidentiality	p. 20
Multilevel Security	p. 21
Anonymity	p. 21
Authentication	p. 22
Integrity	p. 23
Know Your Enemy: Common Software Security Pitfalls	p. 24
Software Project Goals	p. 26
Conclusion	p. 27
Managing Software Security Risk	p. 29
An Overview of Software Risk Management for Security	p. 30
The Role of Security Personnel	p. 32
Software Security Personnel in the Life Cycle	p. 34
Deriving Requirements	p. 34
Risk Assessment	p. 35
Design for Security	p. 37
Implementation	p. 38
Security Testing	p. 38
A Dose of Reality	p. 39
Getting People to Think about Security	p. 40
Software Risk Management in Practice	p. 40
When Development Goes Astray	p. 41
When Security Analysis Goes Astray	p. 41
The Common Criteria	p. 43
Conclusion	p. 46
Selecting Technologies	p. 49
Choosing a Language	p. 49
Choosing a Distributed Object Platform	p. 54
CORBA	p. 54
DCOM	p. 56
EJB and RMI	p. 58
Choosing an Operating System	p. 59
Authentication Technologies	p. 61
Host-Based Authentication	p. 61
Physical Tokens	p. 63
Biometric Authentication	p. 64
Cryptographic Authentication	p. 66
Defense in Depth and Authentication	p. 66
Conclusion	p. 67
On Open Source and Closed Source	p. 69
Security by Obscurity	p. 70
Reverse Engineering	p. 73
Code Obfuscation	p. 74
Security for Shrink-Wrapped Software	p. 75
Security by Obscurity Is No Panacea	p. 75
The Flip Side: Open-Source Software	p. 75
Is the "Many-Eyeballs Phenomenon" Real?	p. 76
Why Vulnerability Detection Is Hard	p. 79
Other Worries	p. 81
On Publishing Cryptographic Algorithms	p. 82
Two More Open-Source Fallacies	p. 82
The Microsoft Fallacy	p. 82
The Java Fallacy	p. 83
An Example: GNU Mailman Security	p. 84
More Evidence: Trojan Horses	p. 85
To Open Source or Not to Open Source	p. 86
Another Security Lesson from Buffer Overflows	p. 87
Beating the Drum	p. 88
Conclusion	p. 89
Guiding Principles for Software Security	p. 91
Secure the Weakest Link	p. 93
Practice Defense in Depth	p. 96
Fail Securely	p. 97
Follow the Principle of Least Privilege	p. 100
Compartmentalize	p. 102
Keep It Simple	p. 104
Promote Privacy	p. 107
Remember That Hiding Secrets Is Hard	p. 109
Be Reluctant to Trust	p. 111
Use Your Community Resources	p. 112
Conclusion	p. 113
Auditing Software	p. 115
Architectural Security Analysis	p. 118
Attack Trees	p. 120
Reporting Analysis Findings	p. 125
Implementation Security Analysis	p. 126
Auditing Source Code	p. 127
Source-level Security Auditing Tools	p. 128
Using RATS in an Analysis	p. 130
The Effectiveness of Security Scanning of Software	p. 132
Conclusion	p. 133
Buffer Overflows	p. 135
What Is a Buffer Overflow?	p. 138
Why Are Buffer Overflows a Security Problem?	p. 139
Defending against Buffer Overflow	p. 141
Major Gotchas	p. 142
Internal Buffer Overflows	p. 147
More Input Overflows	p. 148
Other Risks	p. 149
Tools That Can Help	p. 150
Smashing Heaps and Stacks	p. 151
Heap Overflows	p. 155
Stack Overflows	p. 159
Decoding the Stack	p. 160
To Infinity ... and Beyond!	p. 165
Attack Code	p. 177
A UNIX Exploit	p. 178
What About Windows?	p. 185
Conclusion	p. 185
Access Control	p. 187
The UNIX Access Control Model	p. 187
How UNIX Permissions Work	p. 189
Modifying File Attributes	p. 190
Modifying Ownership	p. 193
The umask	p. 194
The Programmatic Interface	p. 195
Setuid Programming	p. 197
Access Control in Windows NT	p. 202
Compartmentalization	p. 204
Fine-Grained Privileges	p. 207
Conclusion	p. 208
Race Conditions	p. 209
What Is a Race Condition?	p. 210
Time-of-Check, Time-of-Use	p. 214
Broken passwd	p. 216
Avoiding TOCTOU Problems	p. 219
Secure File Access	p. 222
Temporary Files	p. 225
File Locking	p. 226
Other Race Conditions	p. 227
Conclusion	p. 229
Randomness and Determinism	p. 231
Pseudo-random Number Generators	p. 232
Examples of PRNGs	p. 234
The Blum-Blum-Shub PRNG	p. 236
The Tiny PRNG	p. 237
Attacks Against PRNGs	p. 238
How to Cheat in On-line Gambling	p. 238
Statistical Tests on PRNGs	p. 241
Entropy Gathering and Estimation	p. 241
Hardware Solutions	p. 242
Software Solutions	p. 245
Poor Entropy Collection: How to Read "Secret" Netscape Messages	p. 254
Handling Entropy	p. 255
Practical Sources of Randomness	p. 258
Tiny	p. 259
Random Numbers for Windows	p. 260
Random Numbers for Linux	p. 260
Random Numbers in Java	p. 263
Conclusion	p. 265
Applying Cryptography	p. 267
General Recommendations	p. 268
Developers Are Not Cryptographers	p. 268
Data Integrity	p. 270
Export Laws	p. 271
Common Cryptographic Libraries	p. 272
Cryptlib	p. 272
OpenSSL	p. 274
Crypto++	p. 275
BSAFE	p. 277
Cryptix	p. 278
Programming with Cryptography	p. 279
Encryption	p. 280
Hashing	p. 286
Public Key Encryption	p. 287
Threading	p. 293
Cookie Encryption	p. 293
More Uses for Cryptographic Hashes	p. 295
SSL and TLS (Transport Layer Security)	p. 297
Stunnel	p. 299
One-Time Pads	p. 301
Conclusion	p. 305
Trust Management and Input Validation	p. 307
A Few Words on Trust	p. 308
Examples of Misplaced Trust	p. 311
Trust Is Transitive	p. 311
Protection from Hostile Callers	p. 314
Invoking Other Programs Safely	p. 319
Problems from the Web	p. 322
Client-side Security	p. 325
Perl Problems	p. 327
Format String Attacks	p. 329
Automatically Detecting Input Problems	p. 331
Conclusion	p. 334
Password Authentication	p. 335
Password Storage	p. 336
Adding Users to a Password Database	p. 339
Password Authentication	p. 350
Password Selection	p. 356
More Advice	p. 358
Throwing Dice	p. 358
Passphrases	p. 362
Application-Selected Passwords	p. 363
One-Time Passwords	p. 365
Conclusion	p. 379
Database Security	p. 381
The Basics	p. 382
Access Control	p. 383
Using Views for Access Control	p. 385
Field Protection	p. 387
Security against Statistical Attacks	p. 391
Conclusion	p. 396
Client-side Security	p. 397
Copy Protection Schemes	p. 400
License Files	p. 409
Thwarting the Casual Pirate	p. 411
Other License Features	p. 412
Other Copy Protection Schemes	p. 413
Authenticating Untrusted Clients	p. 414
Tamperproofing	p. 415
Antidebugger Measures	p. 416
Checksums	p. 418
Responding to Misuse	p. 419
Decoys	p. 421
Code Obfuscation	p. 421
Basic Obfuscation Techniques	p. 422
Encrypting Program Parts	p. 423
Conclusion	p. 426
Through the Firewall	p. 427
Basic Strategies	p. 427
Client Proxies	p. 430
Server Proxies	p. 432
SOCKS	p. 433
Peer to Peer	p. 435
Conclusions	p. 437
Cryptography Basics	p. 439
The Ultimate Goals of Cryptography	p. 440
Attacks on Cryptography	p. 442
Types of Cryptography	p. 444
Symmetric Cryptography	p. 444
Types of Symmetric Algorithms	p. 445
Security of Symmetric Algorithms	p. 447
Public Key Cryptography	p. 451
Cryptographic Hashing Algorithms	p. 457
Other Attacks on Cryptographic Hashes	p. 460
What's a Good Hash Algorithm to Use?	p. 461
Digital Signatures	p. 462
Conclusions	p. 464
References	p. 465
Index	p. 471
Table of Contents provided by Syndetics. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Excerpts

"A book is a machine to think with." --I.A. RichardsPRINCIPLES OF LITERARY CRITICISM This book exists to help people involved in the software development process learn the principles necessary for building secure software. The book is intended foranyoneinvolved in software development, from managers to coders, although it contains the low-level detail that is most applicable to programmers. Specific code examples and technical details are presented in the second part of the book. The first part is more general and is intended to set an appropriate context for building secure software by introducing security goals, security technologies, and the concept of software risk management. There are plenty of technical books that deal with computer security, but until now, none have applied significant effort to the topic of developing secure programs. If you want to learn how to set up a firewall, lock down a single host, or build a virtual private network, there are other resources to which to turn outside this book. Because most security books are intended to address the pressing concerns of network-level security practitioners, they tend to focus on how to promote secrecy and how to protect networked resources in a world in which software is chronically broken. Unfortunately, many security practitioners have gotten used to a world in which having security problems in software is common, and even acceptable. Some people even assume that it is too hard to get developers to build secure software, so they don't raise the issue. Instead, they focus their efforts on "best-practice" network security solutions, erecting firewalls, and trying to detect intrusions and patch known security problems in a timely manner. We are optimistic that the problem of bad software security can be addressed. The truth is, writing programs that have no security flaws in themisdifficult. However, we assert that writing a "secure-enough" program is much easier than writing a completely bug-free program. Should people give up on removing bugs from software just because it's essentially impossible to eliminate them all? Of course not. By the same token, people shouldn't just automatically throw in the software security towel before they even understand the problem. A little bit of education can go a long way. One of the biggest reasons why so many products have security problems is that many technologists involved in the development process have never learned very much about how to produce secure code. One problem is that until now there have been very few places to turn for good information. A goal of this book is to close the educational gap and to arm software practitioners with the basic techniques necessary to write secure programs. This said, you should not expect to eradicate all security problems in your software simply by reading this book. Claiming that this book provides a silver bullet for security would ignore the realities of how difficult it is to secure computer software. We don't ignore reality--we embrace it, by treating software security as a risk management problem. In the real world, your software will likely never be totally secure. First of all, there is no such thing as 100% security. Most software has security risks that can be exploited. It's a matter of how much money and effort are required to break the system in question. Even if your software is bug free and your servers are protected by firewalls, someone who wants to target you may get an insider to attack you. Or they may perform a "black bag" (break-in) operation. Because security is complicated and is a system-wide property, we not only provide general principles for secure software design, but we also focus on the most common risks, and how to mitigate them. Organization This book is divided into two parts. The first part focuses on the things you should know about software securi

Amazon no longer offers textbook rentals. We do!

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

Building Secure Software : How to Avoid Security Problems the Right Way

020172152X

Supplemental Materials

Summary

Table of Contents

Supplemental Materials

Excerpts

Rewards Program