Secure Design in the Limelight

The launch last week of the IEEE Center for Secure Design is an opportunity to remind the industry of the prominent role of secure design in building secure IT products.

Security engineering requires three main technical activities: Secure design, secure coding and security testing. Much of emphasis has been put by the industry on secure coding and security testing and much less on secure design. That is unfortunate.

Design Matters: Chanute’s twelve-winged glider in 1896.

The early flying machines from the late 19th century failed, not because of a defect in any of their components, but because of the overall design of the machine. Likewise, secure design is needed to provide confidence in the overall security of a system. We need to approach security engineering as one discipline tightly integrating secure design, secure coding and security testing.

Tools may be to blame for the lack of focus on secure design. The security tool market has become more mature and there is a broad choice of tools available to engineers for use during coding and testing that do a decent job at detecting coding mistakes. We need to increase their use and reduce the amount of false positives they produce, but overall, they have created the perception for some that software security was just about using a security tool.

It is not. The only tools you need for secure design are a marker, a white board and most importantly experience. Secure design is about understanding how the components interact, establishing trust assumptions and making design decisions that prevent attacks given those trust assumptions. Secure design is very complex; it requires the knowledge of how the product operates along with an attacker mindset. The IEEE Center for Secure Design document provides great field-tested examples of secure design considerations ranging from defining trust to validating data and access.

Threat Modeling is the most important activity to support secure design. It gives you the security foundation on which all the other security engineering activities that needs to be performed rely. You will not be able to sustainably build a secure product without secure design.

We have always made secure design a priority in EMC’s product security engineering practices and we were delighted to contribute our experience to the IEEE Center for Secure Design.

Eric Baize

About the Author: Eric Baize

Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode, an industry-led non-profit organization dedicated to advancing software and supply chain security best practices. At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity. Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US. Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager. Follow Eric Baize on Twitter: @ericbaize