The key concepts branching off of integrity are hashing, authorization, accountability, and auditing.
by Christoph Kern, Anita Kesavan, Neil Daswani
Authorization is discussed above in connection with confidentiality, but it also impacts on integrity. It is important for a system to have the ability to determine which identities are authorized to see the data confidentiality as well as change the data integrity. If an unauthorized party is able to change data, a failure of integrity has occurred.
Another key concept dealing with integrity of data is accountability. Accountability is the ability of a system to know who changed what and when. While it is preferred that unauthorized changes are not made to your data, accountability helps if that unfortunate event does occur. It will ensure that the change is at least detected and can be repaired if necessary in a timely fashion. A related principle is non-repudiation, or ensuring someone cannot deny that they did something. This is usually handled by logging events inside an application. Important events can be logged with information including the user who completed the action, the action taken, and what time the action occurred.
Non-repudiation helps facilitate auditing at a later date, if that is required for compliance purposes. This action also ensures that if data is changed for some reason, the records for who changed it and for what purpose can be retrieved if needed. Finally, hashing is a tool that can be used to ensure integrity. Hashing involves passing data through a one-way function so that the hash of the data is easy to compute, but given the output, the input is near impossible to figure out.
Also, if even one bit changes in the input, the output is completely different. Availability is the assurance that the system and its data will be accessible to authorized users when needed. This process ensures that your website is up when users need it, or your REST service is available when your clients want to call it. Denial of service DoS and distributed denial of service DDoS attacks are attacks against availability.
Some major topics related to availability include disaster recovery, failover, and resiliency.
ISBN 13: 9781430214311
Disaster recovery plans assist in the recovery of systems in the event of a major disaster, whether natural or man-made. You should understand what will happen if your servers are destroyed by a flood or other disaster. Web developers may not always create these plans, but they should know what they contain. Failover is achieved by redundancy; in the case of a loss of service, another instance of that service can instantly take over, providing near-constant availability.
Think of a set of Docker containers that can be spun up or destroyed when problems arise. This redundancy also is achieved through load-balancing that can redirect traffic if something goes wrong with a server environment. Avoiding single points of failure is the best first step in resiliency. The CIA triad is the foundation of all security principles. It should be understood by developers because developers will need to build functionality into their systems that support confidentiality, integrity, and availability. Check out this graphic as an easy reference for how different concepts branch off of the three foundations of security.
Foundations of Security: What Every Programmer Needs to Know by Neil Daswani
The next key security concept for developers is least privilege. Least privilege is the principle that users should only have the access needed to do their job and no more, and only for the time it is required for them to have this access. You may be thinking that this is more of a principle of information security and should be a policy for identity governance and administration, rather than something that developers need to understand to do their job.
You may think of least privilege as being about individual users. However, the same principle holds for applications. For instance, is your application connecting to a database using an account that has superuser access, such as dbo in SQL Server?
Foundations of Security: What Every Programmer Needs to Know
This can open you up to exploitation. A more secure approach would be to create an ID just for your application often referred to as a service account and only grant the permission to that ID absolutely needed by your application to do its work. A secondary strategy to support least privilege in databases is giving applications access to views and stored procedures, and not the underlying tables. Database administrators and other database experts can create the views using the underlying tables, but once they are done, your application will only see the view as a read-only source of data instead of the base tables.
Stored procedures can update the data in a controlled manner instead of allowing the application to update any table it wants. Least privilege also means that your application should only have access to the parts of the server file system necessary. A directory traversal attack happens when an adversary tries to navigate to areas of the server that are outside of your website. This can be prevented by your application not having access to sensitive directories and not having root access to the server.
But this is definitely a concept that developers should understand, especially if you are building REST services consumed by a client-side framework, like AngularJS. Complete mediation is the principle that ensures that no potentially sensitive actions can be done without verifying that the user is authorized for the action. This can be illustrated by User Access Control in the Windows operating system.
No matter how many times you enter an admin password to install a program or delete a file in a protected directory, you will have to do it every single time. If you rename a protected file, enter your admin credentials, and then try to rename it again, you will be prompted again for admin credentials. This principle is important in web applications using REST services that are being consumed by a client. That would be a wrong assumption to make. This is where complete mediation comes into play with security authorization.
Each call to a REST endpoint needs to be authorized. Server-side code should always perform authorization before doing any work, as the client such as a page loaded into a browser can be easily manipulated. It is best to architect the code in such a way that all calls can be passed through a single authorization module that cannot be bypassed.
That is the essence of complete mediation. Cryptographic algorithm choice is just the beginning when it comes to good secure software design. Cryptographic agility is even more important when designing secure software. Cryptographic agility is a design principle that states that software should be free to change its cryptographic algorithms whenever it is needed.
NET framework is built with cryptographic agility in mind. It also allows a developer to design with cryptographic agility. Below is a UML diagram of the. Cryptographic agility comes into play in two ways with this design.
First, there is a HashAlgorithm base class that each hashing algorithm class inherits. For the past few years, the Internet has had a "wild, wild west" flavor to it. Credit card numbers are stolen in massive numbers. Commercial web sites have been shut down by Internet worms.
Poor privacy practices come to light and cause great embarrassment to the corporations behind them. All these security-related issues contribute at least to a lack of trust and loss of goodwill.
- Empire of Ivory (The Temeraire Series, Book 4)?
- 1915: The Death of Innocence.
- [PDF] Foundations of Security - What Every Programmer Needs to Know - Semantic Scholar.
Often there is a monetary cost as well, as companies scramble to clean up the mess when they get spotlighted by poor security practices.