Secure programming applies security approaches in the programming/coding phase of software development. Secure programming techniques should be applied by programmer during the coding phase in order to increase the security level of the software.
Since the numbers of the vulnerabilities of software are unlimited, it will be difficult to determine the most important factor in secure programming. From several references such as [1] and [2] there are some aspects that can be mentioned here as the important factors to be applied into secure programming for increasing security level of the software.
1. Avoid Buffer Overrun
When the size of an array input is not verified, it is possible to write outside the allocated buffer. If such an action takes place in memory addresses higher than the buffer, it is called a buffer overrun. By entering a hostile input, the attacker could read addresses of the input character in the memory if buffer overrun happens. Consequently, the validation of input string is an important factor in order to avoid buffer overrun. Actually this flaw is not a big issue in Java since Java has input validation tool, called bytecode verifier.
2. Applying Cryptography
According to [2], strong cryptography is a critical piece of information security that can be applied at many levels, from data storage to network communication. People always think that cryptography is important to protect data from attacking. However, people usually are not realizing that the misapplication of cryptography commonly leads to the security problem.
3. Generate Random Numbers Properly
Random numbers is often required in order to provide a key in cryptography. Although random numbers seem as unimportant factor but it could guide to a problem in secure programming. Generate random numbers by using predictable manner will ease attackers to disturb our software. Thus developers need to consider the secure method for generating random numbers.
4. Applying Anti-Tampering
Reverse engineering has been known as a threat to the security of software. Although there are no easy answers for avoiding reverse engineering from a compiled code but developer can still apply anti-tampering methods in order to create obstacles for people who wants to gain the protecting information in their software.
5. Design Error Handling Properly
The most common problem in error handling occurs when the internal error messages provide too detail information such as stack traces which should not be revealed to the user. This simple information can be used by an attacker to disturb our software.
6. Injection Flaws
There are many programs which work by accessing the other programs or operating system features. If developers write a code that access to the operating system and the code does not have any protection, a malicious code could be implanted in the program and there will be possibility that the malicious code will be able to access the operating system also.
Besides the aspects above there are still many aspects for secure programming.
Java, which will be used as the platform of this research, is known as a programming language with large numbers of security features:
1. Java has no pointers, it means that a Java code is not able to directly access arbitrary memory locations in the address space.
2. As mentioned above, Java has bytecode verifier. This feature is very useful for avoiding buffer overflow attacks because this feature checks the length of the input before the execution. If the length is not proper Java will reject the input.
3. Java has fine-grained control over resource access for both applets and applications. For instance, an applet could be prohibited from writing or reading to disk space.
4. Java has a large number of library functions for cryptographic building blocks and SSL and authentication and authorization.
Currently, there are many existing methods and tools to help programmer for increasing the security level of their code. Some of them are:
A. Cryptography in Microsoft .NET platform [3].
The Cryptography API contains functions that allow applications to encrypt or digitally sign data in a flexible manner, while providing protection for the user's sensitive private key data. All cryptographic operations are performed by independent modules known as cryptographic service providers (CSPs). One CSP, the Microsoft RSA Base Provider, is included with the MS Windows operating system.
Each CSP provides a different implementation of the Cryptography API layer. Some provide stronger cryptographic algorithms, while others contain hardware components such as smartcards [plastic cards containing microchips that hold security data about the user]. In addition, some CSPs may occasionally communicate with users directly, such as when digital signatures are performed using the user's signature private key.
B. The Java Authentication and Authorization Service (JAAS) [4].
The Java Authentication and Authorization Service (JAAS) is a set of Java APIs that can be used for two purposes:
- For authentication of users, to reliably and securely determine who is currently executing Java code, regardless of whether the code is running as an application, an applet, a bean, or a servlet; and
- For authorization of users to ensure they have the access control rights (permissions) required to do the actions performed.
JAAS authentication is performed in a pluggable fashion. This permits Java applications to remain independent from underlying authentication technologies. New or updated technologies can be plugged in without requiring modifications to the application itself. JAAS authorization extends the existing Java security architecture that uses a security policy to specify what access rights are granted to executing code. That architecture, as introduced in the Java 2 platform, was code-centric. That is, the permissions were granted based on code characteristics: where the code was coming from and whether it was digitally signed and if so by whom. With the integration of JAAS into the Java 2 SDK, the java.security.Policy API handles Principal-based queries, and the default policy implementation supports Principal-based grant entries. Thus, access control can now be based not just on what code is running, but also on who is running it.
C. The IBM Secure Shell Library for Java [5].
The Secure Shell (SSH-2 or simply SSH) is a protocol for secure remote log-in and other secure network services over an insecure network. The protocol consists of three major components:
- The Transport Layer Protocol provides server authentication, confidentiality, and integrity.
- The User Authentication Protocol authenticates the client to the server.
- The Connection Protocol multiplexes the encrypted tunnel into several logical channels.
IBM Secure Shell Library for Java is a lightweight implementation of the IETF SSH-2 protocol. The library currently implements only the basic SSH features such as password log-in and command execution. Advanced features such as tunning and X-forwarding are currently not supported.
A session is started with a handshake in order to determine the security mechanisms to be used (the client and server must, of course, agree on this). The process is as follows:
1. Decide on security parameters.
2. Establish a shared secret in order to protect the communication.
3. Authenticate the previous exchange.
4. Authenticate the client and server.
This process is similar to that of the SSL protocol (for good reason). From a high-level point of view, the main difference between the two is that SSL relies on a PKI and, therefore, on X.509 certificates. The SSH protocol was created with extensibility in mind and consequently supports a wide range of authentication methods, including passwords and X.509 certificates.
References
[1] Howard, M., LeBlanc, D., “Writing Secure Code – Practical Strategies and Techniques for Secure Application Coding in A Networked Word”, Microsoft Press, 2003
[2] Viega, J., Messier, M., “Secure Programming Cookbook – for C and C++”, Sebastopol, CA, O’Reilly & Associates, Inc., 2003.
[3] Microsoft Library http://msdn.microsoft.com/library/?url=/library/en-us/dncapi/html/msdn_cryptapi.asp
[4] Java Authentication and Authorization Service Documentation
http://java.sun.com/products/jaas/overview.html
[5] IBM Secure Shell Library for Java Documentation
http://www.alphaworks.ibm.com/tech/sshlite
No comments:
Post a Comment