We live in a very different world today than we did 10-20 years ago. We’ve never been more connected. So, it’s surprising that software security practices remain in the realm of “We’ve always done it this way before”. Can they really expect to solve today’s security problems with an old way of thinking?
Traditional thinking typically starts with the premise that honest parties control the computer devices and any cryptographic operations are performed free from interference from would-be attackers. Given this, it’s probably understandable that traditional security uses an outside-in approach. If everything on the inside is trusted, attacks will come from the outside. Resulting in security practices such as:
- Perimeter security: Focusing on preventing or detecting threats entering networks of an organization, using tools such as Firewalls.
- Signature-based security: Virus scanners look for known bad data based on previous identical attacks.
Although these approaches provide some protection, it is questionable how relevant they are as we become ever more connected. Most systems behind a firewall are using 3rd party and/or using open source software, which users have no idea what the software is actually doing. And when it comes to known attacks, it’s not clear how this approach will survive or scale in a world where we are seeing nearly 1 million new pieces of malware every day.
Connected world thinking
We have a different way of thinking about software security. Our starting premise is the computer is not safe and the attacker can see what we see. As such, an inside-out approach is needed. It’s about hiding the security secrets in plain sight.
Today’s applications run in a very different environment. There’s applications running on smartphones, virtual machines, scripts running on browsers and IoT devices linking to the cloud. Not all these applications are the same, nor are their security requirements. Some share similar components and communicate to similar end-points. What’s more, each platform the application runs on – mobile, web, cloud – has its own security problems. Taking an application centric approach allows us to combine the security enhancements of application code on each platform with a reliable tethering of interdependencies between the systems.
How do we do this?
Using an attack tree model enables us to prioritize the importance of the digital assets and determine the applicable level of security to place on each part of the system. Using whitebox cryptography it’s possible to protect the keys; even during running code, keys are never revealed in the execution.
This can be followed with a layered application of code transformations to ensure that an attacker does not have a starting point. As well as, tamper resistance techniques like integrity verification to ensure that if binaries or code are modified that the system reacts with an appropriate response which could be a mitigation. Additionally, by having the monitoring/telemetry and mitigation update and response anchored in the back-end of the system it all forms part of a compelling architecture.