Home > Store > Networking

larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Building Secure Software: How to Avoid Security Problems the Right Way

Book

  • This product currently is not for sale.
Not for Sale

eBook (Watermarked)

  • Your Price: $38.39
  • List Price: $47.99
  • Includes EPUB, MOBI, and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.

  • Description
  • Extras
  • Sample Content
  • Updates
  • Copyright 2002
  • Dimensions: 7-3/8x9-1/4
  • Pages: 528
  • Edition: 1st
  • Book
  • ISBN-10: 0-201-72152-X
  • ISBN-13: 978-0-201-72152-2

Most organizations have a firewall, antivirus software, and intrusion detection systems, all of which are intended to keep attackers out. So why is computer security a bigger problem today than ever before? The answer is simple--bad software lies at the heart of all computer security problems. Traditional solutions simply treat the symptoms, not the problem, and usually do so in a reactive way. This book teaches you how to take a proactive approach to computer security.

Building Secure Software cuts to the heart of computer security to help you get security right the first time. If you are serious about computer security, you need to read this book, which includes essential lessons for both security professionals who have come to realize that software is the problem, and software developers who intend to make their code behave. Written for anyone involved in software development and use—from managers to coders—this book is your first step toward building more secure software. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If you consider threats and vulnerabilities early in the devel-opment cycle you can build security into your system. With this book you will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped.

Inside you'll find the ten guiding principles for software security, as well as detailed coverage of:

  • Software risk management for security
  • Selecting technologies to make your code more secure
  • Security implications of open source and proprietary software
  • How to audit software
  • The dreaded buffer overflow
  • Access control and password authentication
  • Random number generation
  • Applying cryptography
  • Trust management and input
  • Client-side security
  • Dealing with firewalls

Only by building secure software can you defend yourself against security breaches and gain the confidence that comes with knowing you won't have to play the "penetrate and patch" game anymore. Get it right the first time. Let these expert authors show you how to properly design your system; save time, money, and credibility; and preserve your customers' trust.

Related Articles

Application Security for Visual C++.NET Developers

Mailman Mailing List Hacks

Author's Site

Click below for Web Resources related to this title:
Author's Web Site

Online Sample Chapters

Building Secure Software: Race Conditions

Introduction to Software Security

Downloadable Sample Chapter

Click below for Sample Chapter related to this title:
viegach1.pdf

Table of Contents



Foreword.


Preface.

Organization.

Code Examples.

Contacting Us.



Acknowledgments.


1. Introduction to Software Security.

It's All about the Software.

Dealing with Widespread Security Failures.

Bugtraq.

CERT Advisories.

RISKS Digest.

Technical Trends Affecting Software Security.

The 'ilities.

What Is Security?.

Isn't That Just Reliability?

Penetrate and Patch Is Bad.

On Art and Engineering.

Security Goals.

Prevention.

Traceability and Auditing.

Monitoring.

Privacy and Confidentiality.

Multilevel Security.

Anonymity.

Authentication.

Integrity.

Know Your Enemy: Common Software Security Pitfalls.

Software Project Goals.

Conclusion.



2. Managing Software Security Risk.

An Overview of Software Risk Management for Security.

The Role of Security Personnel.

Software Security Personnel in the Life Cycle.

Deriving Requirements.

Risk Assessment.

Design for Security.

Implementation.

Security Testing.

A Dose of Reality.

Getting People to Think about Security.

Software Risk Management in Practice.

When Development Goes Astray.

When Security Analysis Goes Astray.

The Common Criteria.

Conclusion.



3. Selecting Technologies.

Choosing a Language.

Choosing a Distributed Object Platform.

CORBA.

DCOM.

EJB and RMI.

Choosing an Operating System.

Authentication Technologies.

Host-Based Authentication.

Physical Tokens.

Biometric Authentication.

Cryptographic Authentication.

Defense in Depth and Authentication.

Conclusion.



4. On Open Source and Closed Source.

Security by Obscurity.

Reverse Engineering.

Code Obfuscation.

Security for Shrink-Wrapped Software.

Security by Obscurity Is No Panacea.

The Flip Side: Open-Source Software.

Is the “Many-Eyeballs Phenomenon<170) Real?

Why Vulnerability Detection Is Hard.

Other Worries.

On Publishing Cryptographic Algorithms.

Two More Open-Source Fallacies.

The Microsoft Fallacy.

The Java Fallacy.

An Example: GNU Mailman Security.

More Evidence: Trojan Horses.

To Open Source or Not to Open Source.

Another Security Lesson from Buffer Overflows.

Beating the Drum.

Conclusion.



5. Guiding Principles for Software Security.

Principle 1: Secure the Weakest Link.

Principle 2: Practice Defense in Depth.

Principle 3: Fail Securely.

Principle 4: Follow the Principle of Least Privilege.

Principle 5: Compartmentalize.

Principle 6: Keep It Simple.

Principle 7: Promote Privacy.

Principle 8: Remember That Hiding Secrets Is Hard.

Principle 9: Be Reluctant to Trust.

Principle 10: Use Your Community Resources.

Conclusion.



6. Auditing Software.

Architectural Security Analysis.

Attack Trees.

Reporting Analysis Findings.

Implementation Security Analysis.

Auditing Source Code.

Source-level Security Auditing Tools.

Using RATS in an Analysis.

The Effectiveness of Security Scanning of Software.

Conclusion.



7. Buffer Overflows.

What Is a Buffer Overflow?

Why Are Buffer Overflows a Security Problem?

Defending against Buffer Overflow.

Major Gotchas.

Internal Buffer Overflows.

More Input Overflows.

Other Risks.

Tools That Can Help.

Smashing Heaps and Stacks.

Heap Overflows.

Stack Overflows.

Decoding the Stack.

To Infinity and Beyond!

Attack Code.

A UNIX Exploit.

What About Windows?

Conclusion.



8. Access Control.

The UNIX Access Control Model.

How UNIX Permissions Work.

Modifying File Attributes.

Modifying Ownership.

The umask.

The Programmatic Interface.

Setuid Programming.

Access Control in Windows NT.

Compartmentalization.

Fine-Grained Privileges.

Conclusion.



9. Race Conditions.

What Is a Race Condition?

Time-of-Check, Time-of-Use.

Broken passwd.

Avoiding TOCTOU Problems.

Secure File Access.

Temporary Files.

File Locking.

Other Race Conditions.

Conclusion.



10. Randomness and Determinism.

Pseudo-random Number Generators.

Examples of PRNGs.

The Blum-Blum-Shub PRNG.

The Tiny PRNG.

Attacks Against PRNGs.

How to Cheat in On-line Gambling.

Statistical Tests on PRNGs.

Entropy Gathering and Estimation.

Hardware Solutions.

Software Solutions.

Poor Entropy Collection: How to Read “Secret” Netscape Messages.

Handling Entropy.

Practical Sources of Randomness.

Tiny.

Random Numbers for Windows.

Random Numbers for Linux.

Random Numbers in Java.

Conclusion.



11. Applying Cryptography.

General Recommendations.

Developers Are Not Cryptographers.

Data Integrity.

Export Laws.

Common Cryptographic Libraries.

Cryptlib.

OpenSSL.

Crypto++.

BSAFE.

Cryptix.

Programming with Cryptography.

Encryption.

Hashing.

Public Key Encryption.

Threading.

Cookie Encryption.

More Uses for Cryptographic Hashes.

SSL and TLS (Transport Layer Security.

Stunnel.

One-Time Pads.

Conclusion.



12. Trust Management and Input Validation.

A Few Words on Trust.

Examples of Misplaced Trust.

Trust Is Transitive.

Protection from Hostile Callers.

Invoking Other Programs Safely.

Problems from the Web.

Client-side Security.

Perl Problems.

Format String Attacks.

Automatically Detecting Input Problems.

Conclusion.



13. Password Authentication.

Password Storage.

Adding Users to a Password Database.

Password Authentication.

Password Selection.

More Advice.

Throwing Dice.

Passphrases.

Application-Selected Passwords.

One-Time Passwords.

Conclusion.



14. Database Security.

The Basics.

Access Control.

Using Views for Access Control.

Field Protection.

Security against Statistical Attacks.

Conclusion.



15. Client-side Security.

Copy Protection Schemes.

License Files.

Thwarting the Casual Pirate.

Other License Features.

Other Copy Protection Schemes.

Authenticating Untrusted Clients.

Tamperproofing.

Antidebugger Measures.

Checksums.

Responding to Misuse.

Decoys.

Code Obfuscation.

Basic Obfuscation Techniques.

Encrypting Program Parts.

Conclusion.



16. Through the Firewall.

Basic Strategies.

Client Proxies.

Server Proxies.

SOCKS.

Peer to Peer.

Conclusions.



Appendix A. Cryptography Basics.

The Ultimate Goals of Cryptography.

Attacks on Cryptography.

Types of Cryptography.

Symmetric Cryptography.

Types of Symmetric Algorithms.

Security of Symmetric Algorithms.

Public Key Cryptography.

Cryptographic Hashing Algorithms.

Other Attacks on Cryptographic Hashes.

What's a Good Hash Algorithm to Use?

Digital Signatures.

Conclusions.



References.


Index.

Preface

"A book is a machine to think with."
--I.A. Richards PRINCIPLES OF LITERARY CRITICISM

This book exists to help people involved in the software development process learn the principles necessary for building secure software. The book is intended for anyone involved in software development, from managers to coders, although it contains the low-level detail that is most applicable to programmers. Specific code examples and technical details are presented in the second part of the book. The first part is more general and is intended to set an appropriate context for building secure software by introducing security goals, security technologies, and the concept of software risk management.

There are plenty of technical books that deal with computer security, but until now, none have applied significant effort to the topic of developing secure programs. If you want to learn how to set up a firewall, lock down a single host, or build a virtual private network, there are other resources to which to turn outside this book. Because most security books are intended to address the pressing concerns of network-level security practitioners, they tend to focus on how to promote secrecy and how to protect networked resources in a world in which software is chronically broken.

Unfortunately, many security practitioners have gotten used to a world in which having security problems in software is common, and even acceptable. Some people even assume that it is too hard to get developers to build secure software, so they don't raise the issue. Instead, they focus their efforts on "best-practice" network security solutions, erecting firewalls, and trying to detect intrusions and patch known security problems in a timely manner.

We are optimistic that the problem of bad software security can be addressed. The truth is, writing programs that have no security flaws in them is difficult. However, we assert that writing a "secure-enough" program is much easier than writing a completely bug-free program. Should people give up on removing bugs from software just because it's essentially impossible to eliminate them all? Of course not. By the same token, people shouldn't just automatically throw in the software security towel before they even understand the problem.

A little bit of education can go a long way. One of the biggest reasons why so many products have security problems is that many technologists involved in the development process have never learned very much about how to produce secure code. One problem is that until now there have been very few places to turn for good information. A goal of this book is to close the educational gap and to arm software practitioners with the basic techniques necessary to write secure programs.

This said, you should not expect to eradicate all security problems in your software simply by reading this book. Claiming that this book provides a silver bullet for security would ignore the realities of how difficult it is to secure computer software. We don't ignore reality--we embrace it, by treating software security as a risk management problem.

In the real world, your software will likely never be totally secure. First of all, there is no such thing as 100% security. Most software has security risks that can be exploited. It's a matter of how much money and effort are required to break the system in question. Even if your software is bug free and your servers are protected by firewalls, someone who wants to target you may get an insider to attack you. Or they may perform a "black bag" (break-in) operation. Because security is complicated and is a system-wide property, we not only provide general principles for secure software design, but we also focus on the most common risks, and how to mitigate them.

Organization

This book is divided into two parts. The first part focuses on the things you should know about software security before you even think about producing code. We focus on how to integrate security into your software engineering practice. Emphasis is placed on methodologies and principles that reduce security risk by getting started early in the development life cycle. Designing security into a system from the beginning is much easier and orders of magnitude cheaper than retrofitting a system for security later. Not only do we focus on requirements and design, we also provide significant emphasis on analyzing the security of a system, which we believe to be a critical skill. The first part of this book should be of general interest to anyone involved in software development at any level, from business-level leadership to developers in the trenches.

In the second part, we get our hands dirty with implementation-level issues. Even with a solid architecture, there is plenty of room for security problems to be introduced at development time. We show developers in gory detail how to recognize and to avoid common implementation-level problems such as buffer overflows and race conditions. The second part of the book is intended for those who feel comfortable around code.

We purposely cover material that we believe to be of general applicability. That is, unless a topic is security critical, we try to stay away from anything that is dependent on a particular operating system or programming language. For example, we do not discuss POSIX "capabilities" because they are not widely implemented. However, we devote an entire chapter to buffer overflows because they are a problem of extraordinary magnitude, even though a majority of buffer overflows are specific to C and C++.

Because our focus is on technologies that are applicable at the broadest levels, there are plenty of worthy technologies that we do not cover, including Kerberos, PAM (pluggable authentication modules), and mobile code sandboxing, to name a few. Many of these technologies merit their own books (although not all of them are adequately covered today). This book's companion Web site, http://www.buildingsecuresoftware.com/, provides links to information sources covering interesting security technologies that we left out.

Code Examples

Although we cover material that is largely language independent, most of our examples are written in C, mainly because it is so widely used, but also because it is harder to get things right in C than in other languages. Porting our example code to other programming languages is often a matter of finding the right calls or constructs for the target programming language. However, we do include occasional code examples in Python, Java, and Perl, generally in situations in which those languages are significantly different from C. All of the code in this book is available at

http://www.buildingsecuresoftware.com/.

There is a large UNIX bias to this book even though we tried to stick to operating system-independent principles. We admit that our coverage of specifics for other operating systems, particularly Windows, leaves something to be desired. Although Windows NT is loosely POSIX compliant, in reality Windows programmers tend not to use the POSIX application programming interface (API). For instance, we hear that most Windows programmers do not use the standard C string library, in favor of Unicode string-handling routines. As of this writing, we still don't know which common functions in the Windows API are susceptible to buffer overflow calls, so we can't provide a comprehensive list. If someone creates such a list in the future, we will gladly post it on the book's Web site.

The code we provide in this book has all been tested on a machine running stock Red Hat 6.2. Most of it has been tested on an OpenBSD machine as well. However, we provide the code on an "as-is" basis. We try to make sure that the versions of the code posted on the Web site are as portable as possible; but be forewarned, our available resources for ensuring portability are low. We may not have time to help people who can't get code to compile on a particular architecture, but we will be very receptive to readers who send in patches.

Contacting Us

We welcome electronic mail from anyone with comments, bug fixes, or other suggestions. Please contact us through

http://www.buildingsecuresoftware.com.



020172152XP09242001

Index

Index

Access control
basic description of, 187-208
buffer overflows and, 139, 155
compartmentalization and, 204-207
CORBA and, 55
database security and, 382-396
fine-grained privileges and, 207-208
flags, 155
JDB system for, 58-59
Lists (ACLs), 204
mandatory, 207
modifying ownership, 194-195
modifying file attributes, 190-193
programmatic interface and, 195-197
setuid programming and, 197-202
TOCTOU problems and, 222-225
UNIX and for, 187-202
using views for, 385-387
Windows NT and, 202-204
access() function, 215
ACLs (Access Control Lists), 204
Activation records, 153
ActiveX controls (Microsoft), 11, 272
AES, 276, 449-450
assessing the security of, 301
competition for, 449
cryptography libraries and, 272, 274, 277
database security and, 382
passwords authentication and, 375
Aggregate functions, 392-393
Aiken, Alexander, 184
Aleph One, 135, 180
Algorithms. See also specific algorithms
community resources and, 112-113
false advertising regarding, 112
open-source software and, 69-72, 74-75, 78
publishing, 82
proprietary, 450
Amazon.com, 18, 297, 455-456
American Express, 63. See also Credit cards
American Standard Code for Information Interchange (ASCII). See ASCII (American Standard Code for Information Interchange)
amkCrypt, 274
Analysis. See also Auditing
appropriate timing of, 117
architectural security, 118-126
auditing and, 118-126
as a creative activity, 33
findings, reporting, 125-126
implementation, 117-118, 126-133
security engineers and, 36-37
testing and, relationship of, 42
which goes astray, 41-43
Anna Kournikova worm, 1
Anonymity, as a security goal, 21-22
Anti-debugger measures, 416-418
AOL (America Online)
Instant Messenger for Netscape, 11
marketing techniques, 20
traffic monitoring, 20
APIs (application program interfaces), 52, 101-102, 106
auditing and, 127
in cryptography libraries, 274-280
firewalls and, 433
race conditions and, 214
random number generation and, 260
Applet(s). See also Java
attacks, types of, 91
enforcing protection when running, 53
untrusted, 52
Application proxies, 428
Applied Cryptography (Schneier), 256, 267, 439
Arbaugh, Bill, 16
argc() function, 167, 169
argv() function, 144, 169, 312
Arrays, 318
Art of Computer Programming, The (Knuth), 234
ASCII (American Standard Code for Information Interchange), 147, 171, 182-183, 293-294, 302
database security and, 388
digital signatures and, 464
text, encrypting, 388
ASF Software, 238, 241
"Asleep at the Wheel" (Lake), 3-4
ATH variable, 320
ATMs (automatic teller machines), 66
Attackers, use of the term, 25-27. See also Malicious hackers
Attack trees, 120-125
Attributes, modifying, 190-193
Audio players, 110
Auditing. See also Analysis; Monitoring
architectural security analysis and, 117, 118-126
attack trees and, 120-125
basic description of, 19-20, 115-133
implementation security analysis and, 126-133
logs, 20
open-source software and, 84-85
reports, 125-126
security scanners and, 132-133
security engineers and, 38
as a security goal, 19
tools, source-level, 128-130
using RATS for, 130-132
Authentication
biometric, 64-66
call-level, 57
connect, 57
CORBA and, 55
credit card, 97-98
cryptographic, 66
DCOM and, 56-58
default, 57
defense in depth and, 66-67
design for security and, 37
failure modes and, 97-98
host-based, 61-63
IP spoofing and, 62
levels, 56-58
packet integrity-level, 57
packet-level, 57-58
packet privacy-level, 58
password, 335-380
proxy-level, 432
remote execution and, 414-415
security goals and, 22-23, 440-441
technologies, 61-67
trust management and, 308
of untrusted clients, 415
using physical tokens, 63-65
AutoDesk, 421
AVG() function, 392, 393, 394
Axis Powers, 71. See also World War II

 

Backdoors, 105, 309-310
Back Orifice 2000, 178
Bacon, Francis, 187
base32 encoding, 402, 408-409
base64 encoding, 226, 349, 387, 401
Base pointers, 163, 169, 172
Battle plans, creating, 121
bcopy() function, 149, 153
Beizer, Boris, 15
Bellovin, Steven M., 1, 86, 427
Berra, Yogi, 267
Best-match policy, 189
Binaries, 192, 206
buffer overflow and, 140, 178-179
client-side security and, 401, 408, 425
extracting secrets from, 109-110
setting suid bits on, 140
trust management and, 307, 309
bind() function, 333
Biometric authentication, 64-66
Birthday attacks, 461
Bishop, Matt, 320
Bit(s), 295, 296-297
Blaze, Matt, 253, 297, 462
Blowfish, 272, 274
ciphers, 283
client-side security and, 408-409
using, in CBC mode, 282
Blumb-Blumb-Shub PRNG, 236-237, 241, 244
Boneh, Dan, 269
Boolean flags, 139
Bounds checking, 141, 148
Brainstorming sessions, 125
Brazil, 381
Brewer, Eric, 136
Browser(s)
attacks, 254-255
CAs and, 299
as consumer-ware, 17
cookies and, 21, 324
firewalls and, 433
license files and, 411
operating systems and, fuzzy boundaries between, 11-13
surfing data collected through, 21
untrusted applets and, 52
Brute-force attacks, 338, 461
BSAFE library, 277-278
BSS (block storage segment), 151
Buffer(s). See also Buffer overflows
attack code and, 177-185
input, 148-149
internal, 147-148
tamperproofing and, 420
UNIX and, 178-185
use of the term, 138
Windows and, 185
Buffer overflow(s), 24, 25, 87-88. See also Buffers
auditing and, 128, 131
basic description of, 135-186
defending against, 141-142
entropy handling and, 256-257
gotchas related to, 141-147
open-source software and, 79-81
securing the weakest link and, 93-94
selecting technologies and, 51, 52
smashing stacks and, 151-155
stack overflows and, 159-177
testing and, 39
tools which address, 150-151
trust management and, 309
Bugs. See also Debugging; Errors
announcing, 88-89
responding to misuse with, 419-420
Bugtraq mailing list, 6, 7

 

C (high-level language), 8, 50-51, 53, 274, 303
access control and, 201-202
auditing and, 129, 130
buffer overflows and, 94, 138-139, 141, 148-151, 154-156, 159-161, 164-165, 171-174, 177-179, 181
client-side security and, 421
firewalls and, 433
format string attacks and, 329-330
input validation and, 329
libraries, 141
open-source software and, 73-74, 84, 88
passwords authentication and, 339-350
popularity of, 84
race conditions and, 216, 222-223
random number generation and, 261-262
risks of using, 88
trust management and, 317-319
C++ (high-level language), 10, 50, 54
auditing and, 129
buffer overflow and, 137, 148, 154
cryptography libraries and, 275-276
risks of using, 88
Cache poisoning attacks, 63
Caches, 63, 417-418
Caesar, Julius, 231
Callbacks, 412
Cameras, 96, 244
Canada, 44, 46
Canadian Trusted Computer Products Evaluation Criteria, 44
Capabilities, 207-208
Capture/replay attacks, 26, 459
Carnegie Mellon University, 8
Carnivore system (FBI), 21
CAs (certificate authorities), 297-301, 455
Case-sensitivity, 363
CAST ciphers, 283
CBC (cipher block chaining) mode, 270, 282-284, 408, 446, 447
CDs (compact discs), 305, 398, 400-415
CERT/CC (CERT Coordination Center) advisories, 2, 8
regarding buffer overflows, 87, 135, 136-137
regarding character sets, 324
CFB (cipher feedback), 270, 283-284, 447
CGI (Common Gateway Interface), 320-325, 327-329, 333-334
CGI.pm module, 334
Challenge/response systems, 413-315
Character(s)
client-side security and, 402
length of passwords, 358
sets, 324-325, 402
trust management and, 321-322
chdir() function, 222, 224, 225, 333
CHECK option, 386-387
Checksums, 57, 418-420
basic description of, 457
hash functions and, 441, 457, 458
symmetric algorithms and, 447
Cheswick, William, 1, 427
Chipsets, 244-245
chmod() function, 190, 191-192, 195, 333
Choke points, 105
Chosen ciphertext attacks, 443
Chosen plaintext attacks, 443, 454
chown() function, 190, 193-196, 200, 333
chroot() function, 200, 204-207, 333
Cigital, 238, 239-240
Cipher(s), 236, 391
3DES, 283, 284
available, list of, 283-284
basic description of, 440
block, 270, 445-446, 448, 449
key length settings for, 284-285
PRNGs and, 233
reusing, 269-270
stream, 233, 269-270, 445-446
symmetric, 444-451
text attacks, 442-443
Civilized Engineer, The (Florman), 115
Class(es)
loading, 12, 91-92
nested, 53
Classifications, of information, 21
Client(s). See also Client/server models
passwords authentication and, 374
proxies, 430-432
-side security, 325-327, 397-426
untrusted, authenticating, 415
Client/server models, 22, 74. See also Clients; Servers
EJB and, 58-59
failure modes and, 99-100
firewalls and, 430
selecting technologies and, 54, 58-59
Clocks, 243, 411
Code
attack, 177-185
atomic, 212
auditing, 127-128
coverage, using, as a metric, 39
good-enough, 127
mobile, 10, 18, 91-92, 102, 107
obfuscation, 74-75, 399, 421-426
reuse of, disadvantages of, 12
reverse engineering, 73-74
untrusted, 127
user-level (user space), 59
Cold Fusion server, 86
Cold War, 397
"Command/response" protocols, 429
Comments
database security and, 388
for stack inspection code, 171-172
Common Criteria, 35, 43-46
Common Evaluation Methodology, 44-46
Community resources, 92, 112-113
Compartmentalization, principle of, 92, 102-104, 204-207
Compiling, 53, 150, 425
comp.lang.java.security newsgroup, 18
ComScire, 243, 257
concat_arguments function, 164-168, 172-176
concat.c, 166, 171, 174, 175-177
concat.s, 174-175
Confidentiality, as a security goal, 20, 440
Congress (United States), 463
connect() function, 333
Constants, 195
Consumer-ware, 17
Containers, 54
Cookies, 18, 62, 293-294, 324
Copy protection schemes, 400-415
CORBA (Common Object Request Broker Architecture), 54-56, 59
Corporate Espionage (Winkler), 25
Counter mode, 446-447
Counterpane Labs, 362
COUNT() function, 392, 393, 394
Crack (program), 356, 363, 367
Cracker, use of the term, 4
Crash(es)
dialog boxes, 72
file locking and, 227
as a sign of an exploitable vulnerability, 72
CREATE VIEW command, 386
Credit card(s)
failure modes and, 97-98
fraud, 40, 97-98
information, storage of, 392-395
password-based schemes and, 66
as physical tokens, 63-64
promoting privacy and, 107-108
Critical section, 213
CRLs (Certificate Revocation Lists), 299
CrypGenRandom() function, 260
Cryptanalysis, 441
crypt() function, 337-338, 343, 349, 351
Cryptix library, 278-279
Cryptlib library, 272-275, 279-280
Crypto++ library, 275-276
Cryptography. See also Public key cryptography
applying, 267-305
attacks on, 442-444
basic description of, 439-464
deriving requirements and, 34
during World War II, 71, 303-304
eavesdropping and, 25
export laws, 271
goals of, 440-442
libraries, 272-279
programming with, 279-295
random number generation and, 232-265
securing the weakest link and, 93-96
Spafford on, 2
types of, 444
writing your own, refraining from, 268-270
Cryptography Research, 444
C Traps and Pitfalls (Koenig), 78
ctx variable, 281
"Current time" technique, 235
Customer support, passwords procured through, 22-23, 94, 111, 355
Cut-and-paste attacks, 270

 

Daemen, John, 449
Dante, 434
Database(s)
access control for, 381-396
auditing and, 119, 125, 129-132
connection pooling, 54
field protection in, 387-391
password, adding users to, 339-350
promoting privacy and, 107-108
statistical attacks and, 391-395
trust management and, 308, 325-327
Database Security (Castano), 381
Data integrity, 87, 270
DCOM and, 56, 57-58
as a security goal, 21, 441
Data segment, of memory, 152
DCOM (Distributed Component Object Model), 54, 56-58
Debugging, 74, 416-419, 425. See also Bugs; Errors
antidebugger measures and, 416-418
buffer overflows and, 167, 171, 176, 179-180
tamperproofing and, 416-418
Decompilers, 73-74
Decoys, 421
Decryption, 280-286, 440, 451
Defense in depth, principle of, 92, 96-97
Delphi, 239, 272
Demographic data, 20, 392
Denial-of-service attacks, 10, 14-15, 50, 356
Department of Commerce (United States), 449
Department of Defense (United States), 43-44
Department of Defense Trusted Computer System Evaluation Criteria ("Orange Book"), 43-44
Dependability, overall importance of, 13
Depth, defense in, principle of, 92, 96-97
DES (Data Encryption Standard), 71, 74, 282-283, 448-450
passwords authentication and, 337-338
public keys and, 451
Design. See also Development
auditing and, 115, 120
implementation and, complex interrelation of, 18
for security, notion of, 13-14, 37-38
Design of Everyday Things, The (Norman), 106
DESX ciphers, 283
Determinism, 231-265
Development. See also Design
cryptography export laws and, 271
first-to-market pressures and, 17, 24, 29
penetrate-and-patch approach and, 15-16
spiral model of, 30-32
teams, rapid, 41
waterfall model of, 31-32
which goes astray, 41
Device drivers
basic description of, 60
calls to, 60-61
compartmentalization and, 103
Dialog boxes, effectiveness of, 106, 107
Dice rolling technique, for selecting passwords, 358-362, 363
Diceware, 363
Dictionary attacks, 338
DIEHARD, 257
Differential power analysis (DPA), 24, 443
Diffie-Hellman algorithm
cryptography libraries and, 273, 274, 276, 277
used with DSA, 454
Digital cameras. See Cameras
Digital signatures, 410, 413, 459
basic description of, 462-464
DSA (Digital Signature Algorithm) for, 269, 273, 274, 276, 410, 454
PKI and, 463
Directories
backward traversal of, 328
file locking and, 226-227
Disassemblers, 73
Disclosure, full, principle of, 5, 7, 81-82
Disgruntled employees, 110
Disraeli, Benjamin, 397
Distributed object platforms, choosing, 54-59
DLLs (Dynamically Linked Libraries), 185, 317
dlopen() function, 317
DMAC, 276
DNA, 66
DNS (Domain Name Service) names, 61-63
Doctor Faustus (Marlowe), 49
Documentation
auditing and, 120
cryptography libraries and, 273, 275, 276, 277, 278
failure to read, on the part of users, 106
Domain names, 61-63
Dongles, 414
DOS (Disk Operating System), 60
DoubleClick, 20
Double encryption, 449
DPA (differential power analysis), 21, 443
DSA (Digital Signature Algorithm), 269, 273, 274, 276, 410, 454. See also Digital signatures
DVD (digital video disc) viewers, 110
Dynamic allocation, 140

 

Eavesdropping
basic description of, 25
deriving requirements and, 34
key secrecy and, 109
ECB (electronic code book) mode, 270, 283-284, 447
ECC (elliptic curve cryptography), 273, 277, 279, 454
Echelon, 21
eEye, 72
Efficiency
C programming and, 148-149
cryptography libraries and, 273, 275, 276, 278
entropy handling and, 256
as the justification for a language choice, 50
as a key goal, 27, 29
EGADS (Entropy-Gathering and Distribution System), 225, 226, 256, 259-260, 264
EGID (effective GID), 188, 198
race conditions and, 220
trust management and, 317
EJB (Enterprise Java Beans), 54, 58-59
El Gamal algorithm, 273, 276, 454, 464
Electronic Privacy Information Center, 20
E-mail
announcing security bugs via, 88-89
distribution lists, 88-89
passwords, 70-72, 74
trust management and, 311-314
Employees. See also Personnel, security
disgruntled, 110
trust in, 110
Emulex Corporation, 21
Encryption. See also Cryptography; Keys
AES, 272, 274, 276-277, 301, 375, 382, 449-450
auditing and, 119
code obfuscation and, 74-75, 399, 421-426
DES (Data Encryption Standard) and, 71, 74, 282-283, 337-338, 448-451
disabling, 106
double, 449
of program parts, 423-426
security by obscurity and, 45, 69-75, 268, 336
Spafford on, 2
End-of-file (EOF) character, 141
Engineering
methods, 18
reverse, 73-74
Engineering of Software, The (Hamlet), 15
Engineers, security
role of, 32-39
use of the term hacker by, 3-5
Enigma machine, 71
Entropy
EGADS (Entropy-Gathering and Distribution System) and, 225, 226, 256, 259-260, 264
estimating, 241-255
gateways, 259-260
gathering, 225-226, 232, 235, 238, 241-255, 259-260, 264
handling, 255-258
secret Netscape messages and, 254-255
Environment variables, 316-318
Ethernet, 412
EUID (effective UID), 188, 190, 196-201
race conditions and, 215-216, 220
trust management and, 311, 317
Europe, 18, 44-46
eval() function, 333
EVP_bc_cfb() function, 283
EVP_bf_cbc() function, 282, 283
EVP_bf_ecb() function, 283
EVP_bf_ofb() function, 283
EVP_cast_cbc() function, 283
EVP_cast_cfb() function, 283
EVP_cast_ecb() function, 283
EVP_cast_ofb() function, 283
EVP_CIPHER_CTX_ctrl() function, 284-285
EVP_CIPHER_CTX_set_ key_length() function, 284
EVP_DecryptFinal() function, 292
EVP_DecryptInit() function, 286
EVP_DecryptUpdate() function, 286
EVP_des_cbc() function, 283
EVP_des_cfb() function, 283
EVP_des_ecb() function, 283
EVP_des_ede_cbc() function, 284
EVP_des_ede_cfb() function, 284
EVP_des_ede() function, 283
EVP_des_ede_ofb() function, 284
EVP_des_ofb() function, 283
EVP_desx_cbc() function, 283
EVP_DigestFinal() function, 287
EVP_DigestUpdate() function, 287
EVP_enc_null() function, 283
EVP_EncryptFinal() function, 285-286, 291
EVP_EncryptInit() function, 282
EVP_EncryptUpdate() function, 285-286, 291
EVP_idea_cbc() function, 284
EVP_idea_cfb() function, 284
EVP_idea_ecb() function, 284
EVP_idea_ofb() function, 284
EVP interface, 279-280
performing hashing with, 286-287
public key encryption with, 287-292
EVP_rc2_40_cbc() function, 284
EVP_rc2_64_cbc() function, 284
EVP_rc2_cbc() function, 284
EVP_rc2_cfb() function, 284
EVP_rc2_ecb() function, 284
EVP_rc2_ofb() function, 284
EVP_rc4_40() function, 284
EVP_rc4() function, 284
EVP_rc5_32_12_16_cbc() function, 284
EVP_rc5_32_12_16_cfb() function, 284
Exception handling, 50. See also Errors
Exclusive OR (XOR), 71, 181, 418, 424-425
applying cryptography and, 268, 270, 283, 302
data integrity and, 270
DES and, 283
one-time pads and, 302
random number generation and, 233, 255, 256
exec() function, 328-329, 332
execl() function, 145, 180-181
execve() function, 201, 312, 314
execv() function, 159, 321
Expiration dates, for licenses, 413
Export laws, 271
Extensible systems, 9, 10, 12-13

 

Facial features. See Biometric authentication
Factorization, 401-302
Failure
Florman on, 115
modes, 97-100, 196
planning for, 97-100
to read documentation, on the part of users, 106
Fallback schemes, 98-99
Fault trees, 121
FBI (Federal Bureau of Investigation), 18, 110
fchmod() function, 195, 196
fchown() function, 196
fcntl() function, 333
Federal Criteria (United States), 44
Feedback, soliciting, 120
Felten, Ed, 107
fgetc() function, 148, 152
fgets() function, 141-142, 149, 153
Field(s)
hidden input, 322-325
protection, 387-391
File(s). See also Filenames
attributes, modifying, 190-193
deleting, 140, 224-225
descriptors, 315
locking, 226-227
temporary, 225-226
Filename(s)
buffer overflows and, 144
patterns, input validation and, 332
prefixes, 226
restrictions on, 144
timestamps and, 197
FILE object, 220
Fine-grained privileges, 207-208
fingerd, 135
Fingerprints
biometric authentication and, 64-66
cryptographic, 457
FIPS standards, 241, 247, 260
Firewall(s), 2, 4, 56
auditing and, 119, 125
basic description of, 427-437
Common Criteria and, 44-45
defense in depth and, 97
open-source software and, 85
packet-filtering, 428-430, 434
peer-to-peer connectivity and, 435-437
promoting privacy and, 108-109
proxies and, 428-433, 436-437
securing the weakest link and, 94
SOCKS and, 433-435
strategies for, 427-430
toolkits, 85
Firewalls and Internet Security (Cheswick and Bellovin), 1, 427
FIST, 79
Fithen, Bill, 16
Flawfinder, 129
FlexLM, 413
foo, 192
foobar, 330
fopen() function, 226
fork() function, 201
Format string attacks, 329-330
FORTRAN, 50
Foster, Jeffrey, 136
France, 46. See also Europe
FrontPage (Microsoft), 105
Frost, Robert, 427
fscanf() function, 142, 146, 152
fstat() function, 220
FTP (File Transfer Protocol), 430, 458, 460
FUD (fear, uncertainty, and doubt), 62-63, 88, 112
Full disclosure, principle of, 5, 7, 81-82
Functionality
auditing and, 115-116, 117
CORBA and, 55
of cryptography libraries, 273
database security and, 387
as a key goal, 26, 29
mobile code and, 11
of Trojan horses, 39
passwords authentication and, 375-376
PRNGs and, 235
Functions
access() function, 215
argc() function, 168-169
argv() function, 144, 169, 312
AVG() function, 392, 393, 394
bcopy() function, 149, 153
bind() function, 333
chdir() function, 222, 224, 225, 333
chmod() function, 190, 191-192, 195, 333
chown() function, 190, 193-196, 200, 333
chroot() function, 200, 204-207, 333
concat_arguments function, 164-168, 172-177
connect() function, 333
COUNT() function, 392, 393, 394
CrypGenRandom() function, 260
crypt() function, 337-338, 343, 349, 351
dlopen() function, 317
eval() function, 333
EVP_bc_cfb() function, 283
EVP_bf_cbc() function, 282, 283
EVP_bf_ecb() function, 283
EVP_bf_ofb() function, 283
EVP_cast_cbc() function, 283
EVP_cast_cfb() function, 283
EVP_cast_ecb() function, 283
EVP_cast_ofb() function, 283
EVP_CIPHER_CTX_ ctrl() function, 284-285
EVP_CIPHER_CTX_ set_key_length() function, 284
EVP_DecryptFinal() function, 292
EVP_DecryptInit() function, 286
EVP_DecryptUpdate() function, 286
EVP_des_cbc() function, 283
EVP_des_cfb() function, 283
EVP_des_ecb() function, 283
EVP_des_ede_cbc() function, 284
EVP_des_ede_cfb() function, 284
EVP_des_ede() function, 283
EVP_des_ede_ofb() function, 284
EVP_des_ofb() function, 283
EVP_desx_cbc() function, 283
EVP_DigestFinal() function, 287
EVP_DigestUpdate() function, 287
EVP_enc_null() function, 283
EVP_EncryptFinal() function, 285-286, 291
EVP_EncryptInit() function, 282
EVP_EncryptUpdate() function, 285-286, 291
EVP_idea_cbc() function, 284
EVP_idea_cfb() function, 284
EVP_idea_ecb() function, 284
EVP_idea_ofb() function, 284
EVP_rc2_40_cbc() function, 284
EVP_rc2_64_cbc() function, 284
EVP_rc2_cbc() function, 284
EVP_rc2_cfb() function, 284
EVP_rc2_ecb() function, 284
EVP_rc2_ofb() function, 284
EVP_rc4_40() function, 284
EVP_rc4() function, 284
EVP_rc5_32_12_16_ cbc() function, 284
EVP_rc5_32_12_16_ cfb() function, 284
exec() function, 328-329, 332
execl() function, 144, 180-181
execve() function, 201, 312, 314
execv() function, 159, 321
fchmod() function, 195, 196
fchown() function, 196
fcntl() function, 333
fgetc() function, 148, 153
fgets() function, 142, 149, 153
fopen() function, 226
fork() function, 201
fscanf() function, 143, 144, 152
fstat() function, 220
generate_raw_response() function, 375
getc() function, 148, 153
getchar() function, 148, 153
getenv() function, 132, 149, 319
geteuid() function, 198, 223
getopt() function, 148, 153
getopt_long() function, 153
getpass() function, 148, 153
getrlimit() function, 316
gets() function, 136, 142, 148, 152
getuid() function, 198
glob() function, 332
ioctl() function, 333
kill() function, 206, 333
ksg() function, 391
link() function, 222, 333
lstat() function, 220
main() function, 152, 159-160, 162-163, 172, 176
malloc() function, 138, 140, 147, 154, 369, 375, 402
MAX() function, 392
memcpy() function, 149, 153
MIN() function, 392
mkdir() function, 222, 333
mknod() function, 222
munlock() function, 344
open() function, 220, 226-227, 327, 329, 328, 332, 333
popen() function, 206, 300, 318-319
printf() function, 157, 177, 330
print() function, 328
println() function, 211, 213
putenv() function, 319
Raccept() function, 434
rand() function, 234, 241, 303, 363
random() function, 231, 234-235
randomize() function, 239, 240
Rbind() function, 434
rc5_32_12_16_ofb() function, 284
Rconnect() function, 434
read() function, 148, 153
realpath() function, 148, 152
Rgetpeername() function, 434
Rgetsockname() function, 434
rmdir() function, 222, 333
Rread() function, 434
Rrecvfrom() function, 434
Rrecv () function, 434
Rsend() function, 434
Rsendmsg() function, 434
Rsendto() function, 434
Rwrite() function, 434
scanf() function, 136, 142, 146, 152
setpriority() function, 206, 333
setrlimit() function, 316
snprintf() function, 81, 145, 149, 153
socket() function, 333
socketpair() function, 333
sprintf() function, 81, 129, 136, 142, 144-145, 152
sscanf() function, 142, 146, 152
stat() function, 220
stderr function, 315
stdin function, 315
stdio function, 132
stdout function, 315
strcadd() function, 149, 153
strcat() function, 132, 137, 142, 144, 152
strccpy() function, 149, 153
strcpy() function, 77, 80, 128, 136, 141-143, 149, 152, 166, 168
streadd() function, 143, 146, 152
strecpy() function, 142-144, 146, 152
strlen() function, 143
strncat() function, 144
strncpy() function, 81, 143, 148, 153, 184
strtrns() function, 143, 147, 152
SUM() function, 392
symlink() function, 222, 333
syscall() function, 333
syslog() function, 148, 152
sysopen() function, 334
system() function, 206, 319-321, 332
test() function, 160, 161, 163
truncate() function, 333
unlink() function, 222, 224-226, 333
unmask() function, 333
unmount() function, 222
unsetenv() function, 319
utime() function, 197, 222
vfscanf() function, 143, 146, 152
vscanf() function, 143, 152
vsprintf() function, 142, 144, 152
vsscanf() function, 143, 152
FUZZ (program), 50

 

Gambling programs, 238-241
Game software, 397-398, 413-315
Garbage
collection, 253
input validation and, 330
trust management and, 314
Geiger counters, electronic, 243
generate_raw_response() function, 375
Genetics, 66
Germany, 46, 71. See also Europe
getc() function, 148, 153
getchar() function, 148, 153
getenv() function, 132, 149, 319
geteuid() function, 198, 223
getopt() function, 148, 153
getopt_long() function, 153
getpass() function, 147, 153
getrlimit() function, 316
gets() function, 136, 141-142, 148, 152
getuid() function, 198
GIDs (group IDs), 187-190, 196, 198
input validation and, 333
race conditions and, 222, 224
trust management and, 311, 317
Gilliam, Terry, 381
Global Identifier, 21
glob() function, 332
GNU
debuggers, 179
Mailman, 84-85
GNU C compilers, 150
Goals
project, 25-27, 40-41
security, 18-24, 40-41
Goldberg, Ian, 254
Government(s). See also Legislation
export laws, 271
intelligence secrets, 21
security clearance systems, 100-101
tracking systems, which degrade privacy, 20
U.S. Congress, 463
U.S. Department of Commerce, 449
U.S. Department of Defense, 43-44
U.S. Federal Bureau of Investigation, 18, 110
U.S. National Security Agency, 43, 448, 449
U.S. Securities and Exchange Commission, 19
GRANT command, 383-385
GUIs (graphical user interfaces), 55, 127, 240
Gutmann, Peter, 225, 246, 272, 400, 414

 

Hacker(s). See also Malicious hackers
open-source software and, 81-82
and the principle of full disclosure, 7, 27, 81-82
use of the term, 3-5
Hamlet, Dick, 15
Handsard (Disraeli), 397
Hanssen, Richard P., 110-111
Hardware
client-side security and, 414
solutions for entropy gathering, 242-245
Hash(es). See also Hashing algorithms
additional uses for, 295-297
basic description of, 441
cryptography libraries and, 272, 276, 278
database security and, 387-391
functions, 256-258, 457-462
passwords authentication and, 336-337, 350, 367
Hashing algorithms. See also Hashes; specific algorithms
basic description of, 286-287, 457-462
recommended types of, 461-462
Header files, 279-280
Heap(s)
allocation, 154
overflows, 139-140, 150, 155-159
Herd, following the, 111-112
Hiding secrets, difficulties involved with, 109-111
Hijacking attacks, 57, 63
basic description of, 26
passwords authentication and, 366
promoting privacy as a defense against, 107
HMAC (Hash Message Authentication Code), 270, 273, 274, 277, 278, 294-295. See also Hashes; Hashing algorithms
Hollebeek, Tim, 71
hostname command, 412
HP/UX, 217
HTML (HyperText Markup Language),

Errata

Click below for Errata related to this title.

Submit Errata

FREE

ONE MONTH ACCESS!

WITH PURCHASE


Get unlimited 30-day access to thousands of Books & Training Videos about technology, professional development and digital media If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months.