How to design secure systems? Security Analysis
Posted by davitb on 19th October 2009
Secure system is a piece, or any combination of hardware, software or just an operation which protects an information block that is sensitive to the user. There are secure systems which are dedicated to perform only security related operations (such as safe storage, a dongle token, DRM system, firewalls, encryption device, etc). There are also systems which are designed to perform operations which work on sensitive information and thus require having security features implemented inside (such as online payment systems, ATMs, email clients/servers, messengers, etc). Independent of purpose of the system and the operations it allows to perform – the security engineers must threat them identically important and design the security of these systems by taking into account the state of art best practices and techniques.
This article is the first part of a series of articles dedicated to principles and best practices of designing secure systems. It will discuss the following topics:
- The wrong approach of designing security systems
- The right approach
- Assets, threats, security controls, vulnerabilities, attack vectors and risks
Tags: attack graph, attack vector, risk, security design, threat, vulnerabilities
Posted in Attacking secure systems, how to design secure systems? | 1 Comment »