Security System Design: Building Defensible Systems
Security System Design: Building Defensible Systems
There are a number of fundamental security system design principals that may be incorporated into applications and systems to make them secure. The principals as described by Emerging Technology (2013) include minimizing the attack surface, least privilege, separation of duties, defense in depth, fail secure, the economy of mechanisms, complete mediation, open design, psychological acceptability, weakest link and single point of failure.
The secure system should minimize the attack surface by reducing the number of entry points into the system or application getting designed, and this will reduce the number of places a malicious user can exploit the system as Emerging Technology (2013) points out. Many systems are developed accounts that have superuser powers or authorization. The best practice is to design a system with the least privilege or having enough access to complete the mission or solution the system was designed for.
During the security system design the separation of duties should be layed out. That way each duty is performed by different parts of the system or application and those parts will have the least privileges needed to complete the service to be provided as Emerging Technology (2013) discusses. The system should be designed with layers of security. Having the defense in depth or layers makes a more significant challenge for bad actors breaching systems. Another critical aspect of security system design is to design and plan for what information is exposed when an error occurs in the system. This type of system design is referred to as fail secure as described by Emerging Technology (2013). Keeping the system design simple is another fundamental security system design and the access to all resources of the system are always validated. The concept of open design should be applied to security system design and the security in the system should protect the system but not restrict the users of the system as Emerging Technology (2013) points out. The last set of principles for system security design is to consider designing a system so there is no single point of failure providing a resilient system.
Security Mechanisms at Each OSI Layer
One way to provide examples of how security design can be achieved is by discussing security mechanisms at each layer of the Open Systems Interconnection (OSI) stack as described by Jacobs (2016). The OSI layer includes physical layer (layer 1), data link layer (2), network layer (3), transport layer (4), session layer (5), presentation layer (6), and the application layer (7). At the physical layer of security, the example of bulk link encryption is used to secure data. Devices encrypt the transmission before leaving one location and decrypt the data when arriving at the destination location as Jacobs (2016) points out. At the layer 2 or the data layer, an example is the use of Wi-Fi Protected Access 2 (WPA2) encryption when using the Institute of Electrical and Electronics Engineers (IEEE) 802.11 wireless network protocol. The Wi-Fi Protected Access 2 (WPA2) algorithm. The WPA2 algorithm goes through a four message handshake or authentication process. Layer 3 or the network layer security system configuration example is IPsec. IPsec is a framework with numerous configuration options. IPsec is flexible because all the transport and application protocols do not require any modification to travel over IPsec as Jacobs (2016) points out. Layer 4 or the Transport Layer has the ability to provide security. Examples of security for the transport layer are Transport Layer Security (TLS), Datagram Transport Layer Security (DTLS), and Secure Sockets Layer (SSL). The TLS and SSL are used over Transmission Control Protocol (TCP) and DTLS is used over User Datagram Protocol (UDP). Layer 5 or the session layer, as described by Jacobs (2016) is where Email is run. Pretty Good Privacy (PGP) and Secure Multi-part Internet Mail Exchange provide confidentiality, authentication, message integrity and non-repudiation of origin for emails messages.
Conclusion
An organization needs to follow basic system security design principals such as minimizing the attack surface, least privilege, separation of duties, defense in depth and others that were discussed as a way to lower the risk bad actor breaching the security of an system. The OSI stack examples provided an outline of types of security that can be provided within each layer of the OSI stack. The system security design application begins at the design or the system of the application. Systems always have possible threats new devices and operating system updates, and so it is important to realize that securing systems or applications becomes a non-ending cycle not just something that is completed at the initial system design. The idea of continuous awareness of new security risks is required by an organization that designs and develops software systems. Anticipating security issues before they are escalated problems, organizations can prevent attacks from bad actors from becoming breaches.
References
Emerging Technology. (2013). 11 design principles for secure applications. Telos.
Jacobs, S. (2016). Engineering information security: The application of systems engineering concepts to achieve information assurance (2nd ed.). John Wiley & Sons/IEEE Press.
Posts in this series
- Information Security for Protecting Organizational Assets
- Understanding the Various Branches of Information Security
- Systems Engineering SIMILAR Methodology Example
- Systems Engineering and Information Security in the SDLC
- Risk Management in Security Systems Engineering Explained
- Personnel and Physical Security in Information Assurance
- Trust, CIA Triad, and Safeguards in Information Security
- Building an Information Assurance Plan with ISO 27002
- Security System Design: Building Defensible Systems