Make it FixableDesigning for Change

Patricia AasSecurity Divas 2017

Patricia AasProgrammer mainly in C++ and Java

Currently : Vivaldi Technologies

Previously : Cisco Systems, Knowit, Opera Software

Master in Computer Science from UiO

Twitter : @pati_gallardo

Security is Hard

Just Remember :- You live in the real world- Take one step at a time- Make a Plan

● Unable to Roll Out Fixes● No Control over Dependencies● The Team is Gone● It’s in Our Code

Risk Management - Make it Fixable

Unable to Roll out Fixes

● Relying on User Updates● Unable to Build● Unable to Deploy● Regression Fear● No Issue Tracking● No Release Tags● No Source● Issue in infrastructure

Fix : Ship It!Code● Get the Code● Use Version Control● Keep Build Environment● Write Integration Tests

Holy Grail : Auto Update

Configuration Management● Have Security Contact● Track issues● Make a Deployment Plan● Control Infrastructure

No Control overDependencies

● Too Many Dependencies● Frameworks are Abandoned● Libraries Disappear● Insecure Platform APIs● Insecure Tooling● End-of-Life OS (Windows)● Licenses expire/change● Known Issues not Fixed● OS Not Updated (Android)

Fix: Control It!

Be conservative● Is it needed?● Do you understand it?

Goal : Dependency Control

Be cautious● Audit your upstream● Avoid forking● Have an upgrade plan● Have someone responsible

The Team Is Gone● Team were consultants● They were downsized● The job was outsourced● “Bus factor”● “Binary blob”● Abandonware

Fix : Own It!

Take it on yourselves● Build competence in-house● Fork, take control● “Barely Sufficient” Docs● Ship It and Control It

Goal : Regain Control

Outsource● Maintenance Contract● Add Security Clause● Own deployment channel

It’s in Our Code● Injection● Exploited crash etc● Debug code in production● Server compromised● Outdated platform● Intercepted traffic● Mined local data● Fake App

Fix : Live It!Prevent● Sanitize your input● Send crash reports● Code review + tests● Review server security● Encrypt all traffic● Review local storage● Work around old platform● Sign app and check

Goal : Prevent & Cure

Cure● Ship it!

Designing the User Experience of Security

Example : The Padlock“You can trust this page”Or? Users don’t understand the meaning of the padlock

“Why do you have a red purse?”The Save icon, the Call icon and the Padlock icon - too old?

“The page has a green padlock”Does the user really notice the context?

The Users Won’t ReadError blindnessMost users will mentally erase permanent error notifiers - they won’t read

“Just click next”Most users will accept the defaults - they won’t read

“Make it go away”The user will try to make the error dialog go away - they won’t read

Fix : Less is MoreDon’t leave it to the userJust do the right thing, you don’t have to ask

Have good defaultsMake sure that clicking next will leave the user in a good place

Be very explicit when neededIf the user is in a “dangerous” situation - design carefully and if you have to explain : use language the user can understand

They Trust YouWith Personal informationThey trust you to protect them from both hackers and governments

With DataThey trust you to protect their pictures, documents, email ...

With MoneyThey trust you to protect their payment information and passwords

Fix : Be TrustworthyOnly store what you have toTry to use end-to-end encryption, so that even you don’t have access. Otherwise, encrypt as much as you can

Back up everythingYour users can’t afford to lose their baby pictures

Use third party paymentAvoid having responsibility for their money

Ship It, Control It, Own It, Live It

Security is HardProtect Your User

Make it FixableDesign for ChangePatricia Aas, Vivaldi TechnologiesPhotos from pixabay.com