Patricia Aas discusses strategies for designing secure systems that can be easily updated and maintained over time. She recommends: 1) Ensuring code is version controlled and build/deployment processes are automated so fixes can be easily rolled out. 2) Limiting dependencies and maintaining control over the full stack to prevent issues caused by abandoned third-party components. 3) Documenting systems sufficiently so institutional knowledge is retained if the original team leaves. 4) Focusing on preventative security practices like input sanitization and encryption to reduce risk of vulnerabilities emerging over the long run.

1. Make it Fixable
Designing for Change
Patricia Aas
Security Divas 2017

2. Patricia Aas
Programmer mainly in C++ and Java
Currently : Vivaldi Technologies
Previously : Cisco Systems, Knowit, Opera Software
Master in Computer Science from UiO
Twitter : @pati_gallardo

3. Security is Hard

4. Just Remember :
- You live in the real world
- Take one step at a time
- Make a Plan

5. ● Unable to Roll Out Fixes
● No Control over Dependencies
● The Team is Gone
● It’s in Our Code
Risk Management - Make it Fixable

6. Unable to
Roll out Fixes
● Relying on User Updates
● Unable to Build
● Unable to Deploy
● Regression Fear
● No Issue Tracking
● No Release Tags
● No Source
● Issue in infrastructure

7. Fix : Ship It!
Code
● Get the Code
● Use Version Control
● Keep Build Environment
● Write Integration Tests
Holy Grail : Auto Update
Configuration Management
● Have Security Contact
● Track issues
● Make a Deployment Plan
● Control Infrastructure

8. No Control over
Dependencies
● Too Many Dependencies
● Frameworks are Abandoned
● Libraries Disappear
● Insecure Platform APIs
● Insecure Tooling
● End-of-Life OS (Windows)
● Licenses expire/change
● Known Issues not Fixed
● OS Not Updated (Android)

9. Fix: Control It!
Be conservative
● Is it needed?
● Do you understand it?
Goal : Dependency Control
Be cautious
● Audit your upstream
● Avoid forking
● Have an upgrade plan
● Have someone responsible

10. The Team Is Gone
● Team were consultants
● They were downsized
● The job was outsourced
● “Bus factor”
● “Binary blob”
● Abandonware

11. Fix : Own It!
Take it on yourselves
● Build competence in-house
● Fork, take control
● “Barely Sufficient” Docs
● Ship It and Control It
Goal : Regain Control
Outsource
● Maintenance Contract
● Add Security Clause
● Own deployment channel

12. It’s in Our Code
● Injection
● Exploited crash etc
● Debug code in production
● Server compromised
● Outdated platform
● Intercepted traffic
● Mined local data
● Fake App

13. Fix : Live It!
Prevent
● Sanitize your input
● Send crash reports
● Code review + tests
● Review server security
● Encrypt all traffic
● Review local storage
● Work around old platform
● Sign app and check
Goal : Prevent & Cure
Cure
● Ship it!

14. Designing the User Experience of Security

15. Example : The Padlock
“You can trust this page”
Or? Users don’t understand the
meaning of the padlock
“Why do you have a red purse?”
The Save icon, the Call icon and
the Padlock icon - too old?
“The page has a green padlock”
Does the user really notice the
context?

16. The Users Won’t Read
Error blindness
Most users will mentally erase
permanent error notifiers - they
won’t read
“Just click next”
Most users will accept the defaults
- they won’t read
“Make it go away”
The user will try to make the error
dialog go away - they won’t read

17. Fix : Less is More
Don’t leave it to the user
Just do the right thing, you don’t
have to ask
Have good defaults
Make sure that clicking next will
leave the user in a good place
Be very explicit when needed
If the user is in a “dangerous”
situation - design carefully and if
you have to explain : use language
the user can understand

18. They Trust You
With Personal information
They trust you to protect them from
both hackers and governments
With Data
They trust you to protect their
pictures, documents, email ...
With Money
They trust you to protect their
payment information and passwords

19. Fix : Be Trustworthy
Only store what you have to
Try to use end-to-end encryption,
so that even you don’t have access.
Otherwise, encrypt as much as you
can
Back up everything
Your users can’t afford to lose
their baby pictures
Use third party payment
Avoid having responsibility for
their money

20. Ship It, Control It, Own It, Live It

21. Security is Hard
Protect Your User

22. Make it Fixable
Design for Change
Patricia Aas, Vivaldi Technologies
Photos from pixabay.com