Secure Coding mailing list archives
"Bumper sticker" definition of secure software
From: crispin at novell.com (Crispin Cowan)
Date: Mon, 17 Jul 2006 00:31:31 -0700
mikeiscool wrote:
On 7/17/06, Crispin Cowan <crispin at novell.com> wrote:"supposed to" goes to intent.I don't know. I think there is a difference between "this does what it's supposed to do" and "this has no design faults". That's all I was trying to highlight.
The difference between "supposed to", "design flaw", and "implementation flaw" is entirely dependent on your level of abstraction: * Executive: "build a thingie that lets good guys in and keeps bad guys out." * Director: "build an authentication engine that uses 2-factor tokens to authenticate users and only then lets them in." * Manager: "use OpenSSL and this piece of glue to implement that 2-factor thingie." * Coder: "main() { ..." :) Errors can occur at any level of translation. When it does something "surprising", then the guy at the top can claim that it wasn't "supposed" to do that, and if you dig hard enough, you will discover *some* layer of abstraction where the vulnerability violates the upper intent, but not the lower intent. Hence the bug. Some example bugs at each level: * Executive: forgot to specify who is a "good guy" * Director: Forgot to provide complete mediation, so the attacker could bypass the authenticator. * Manager: the glue thingie allowed proper authentication tokens, but also allowed tokens with a string value of 0. * Coder: "gets(token); ..." Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Necessity is the mother of invention ... except for pure math
Current thread:
- "Bumper sticker" definition of secure software, (continued)
- "Bumper sticker" definition of secure software ljknews (Jul 16)
- "Bumper sticker" definition of secure software Stephen de Vries (Jul 16)
- Message not available
- "Bumper sticker" definition of secure software mikeiscool (Jul 16)
- "Bumper sticker" definition of secure software Gunnar Peterson (Jul 16)
- "Bumper sticker" definition of secure software Gadi Evron (Jul 16)
- "Bumper sticker" definition of secure software Dave Aronson (Jul 16)
- "Bumper sticker" definition of secure software Crispin Cowan (Jul 16)
- "Bumper sticker" definition of secure software mikeiscool (Jul 16)
- "Bumper sticker" definition of secure software Crispin Cowan (Jul 17)
- "Bumper sticker" definition of secure software mikeiscool (Jul 17)
- "Bumper sticker" definition of secure software Crispin Cowan (Jul 17)
- "Bumper sticker" definition of secure software Glenn and Mary Everhart (Jul 17)