|
7 Keys to Secure Java Software
Treat security as a requirement to ensure it is a fundamental piece of software development and system management
by Daniel F. Savarese
July 2003 Issue
Despite regular announcements of security vulnerabilities in software products, many programmers still tend to view security as a discipline that is separate from software engineering. For decades, the situation has been best summed up by a half-serious comment a professor who teaches software engineering shared with me recently: "Secure software? Now there's a contradiction in terms." With industry pacemakers like Microsoft launching software security initiatives and secure programming boot camps, the situation may gradually improve. Even though Java incorporated some security features from the start, it is still relatively easy to write unintentionally insecure Java programs. What can we do to keep our Java applications from appearing in today's steady stream of security vulnerability reports?
Security became relevant to software development when computers and the programs running on them began to share resources such as printers, networks, processor cycles, and memory. The source of almost all security concerns can be reduced to the sharing of a resource. In an environment where no resources are shared and only one entity has access to a computing environment, there is almost no need for security. Occasionally you may have to protect an entity from itself so that, for example, a file system may not be deleted accidentally. But for the most part, a single-entity scenario does not require security.
Even in the very earliest days of computing, there has been no such thing as a computing environment with only one entity. You may think a single-entity environment would involve a single program running on a single computer managed by a single person, but that environment contains at least three entities: the computer, the program, and the programmer/administrator/user. Most aspects of computer security revolve around preventing an entity from performing an action outside of its permitted sphere of influence and inside that of another. Spheres of influence correspond typically to access to resources. Therefore, given that all useful computing environments involve more than a single entity, security is a fundamental aspect of software development and system management (see the sidebar, "Keys to Securing Your Software").
Specify Security Requirements
Just as writing bug-free code is not an easy task, neither is writing secure software. To reduce the number of defects in the final release of a software product, we try to avoid introducing defects in the first place. One of the first steps toward achieving this goal is to identify software requirements at the outset of a project and target them in the design of the software. Another step is to detect defects as early as possible in the development process through testing. Recognizing that requirements change even as software is being implemented, our designs should be flexible enough to accommodate change.
Back to top
|