Securing Software for the Information Society

Robert K. Moniot

Abstract

With the increasing pervasiveness of computers in everyday life, the problem of assuring the security of the software that these systems rely on has acquired new urgency. Secure systems are essential to assure the integrity of on-line commercial transactions and electronic voting, and to protect personal data from theft or tampering. Recent years have seen continual growth in the number of viruses and worms propagating via the Internet, denial-of-service attacks, and incidents in which computer systems are compromised by hackers. These events have increased the security-consciousness of enterprises that depend on information technology for their operations, as well as that of individual users who have suffered loss of data or damage to their operating systems due to these attacks. Even more serious concerns have been raised by the possibility that terrorists could cause widespread damage or loss of life by disrupting the technical infrastructure on which our society depends. In this context, the security of software is a matter of great importance.

In order to understand the ramifications of this issue, a careful analysis of the meaning of "security" in the context of information and communication systems is needed. In the physical realm, security does not depend only on technical measures such as locks, surveillance cameras and identification systems. Among other things, security also depends on establishing appropriate procedures so that the technical measures cannot be readily bypassed, and then making sure that these procedures are followed. In the same way, security of software depends on many other factors besides the amount of scrutiny the code has undergone to find bugs. Security can be compromised not only by bugs such as buffer overflows, but also by poor design. The most obvious sorts of design flaws that may affect security include weak protection of the secrecy of passwords and insufficient measures to counter network spoofing.

A less obvious but important threat to security comes from "featurism," which is the tendency to add ever more features to a software product. Featurism carries the risk of introducing exploitabilities due to unanticipated effects of interactions among the features of the software. An example of this sort of problem is the proliferation of macro viruses via e-mail. Early e-mail systems did not support the easy interchange of word-processor documents. Also in those early times, the ability to execute macros in word-processor documents was seen as a useful enhancement, but the possibility of hostile macro code was not taken into account. When the MIME standard was introduced, making it easy to send word-processor documents by e-mail, the security implications of the combination of these two features became apparent. Thus, paradoxically, increasing the number of features of a software application can actually make it less useful in the context of an integrated information society.

Another factor that is important in determining the security of software is the programming culture within the software maker's establishment. Adherence to safe programming techniques and promotion of security-consciousness within an enterprise can greatly increase the security of a software product. An emphasis on featurism can draw development resources away from reliability and security in order to meet production goals. It is important that software professionals cooperate to establish and promote sound software development principles.

Source code is often treated as a trade secret. Ostensibly this policy has the purpose of helping to maintain a competitive advantage, but secrecy can also allow the software maker to conceal sloppy development practices and poor design decisions. Some cases in which previously closed-source software was made available for public inspection have revealed careless implementation or deliberately introduced back-doors, which made the software vulnerable to attack.

Over the past several years, there has been much debate over whether open-source software may be inherently more secure than proprietary, closed-source software. The resolution of this question is important, because the majority of software is closed-source. There are persuasive arguments on both sides. The most common argument in favor of the greater security of open source software is that with "many eyes" examining the code, bugs and security issues are more likely to be spotted and fixed. On the other side, it is argued that opening the source code makes the hackers' job easier by revealing all of the security mechanisms of the software.

This paper will discuss these issues, and try to arrive at some conclusions about what measures should be taken to help make software more secure.

References

Anderson, Ross. Security in Open versus Closed Systems -- The Dance of Boltzman, Coase and Moore. Paper presented at conference on Open Source Software: Economics, Law and Policy, Toulouse, France, 20-21 June 2002.

Graff, Mark G. Secure coding : principles and practices. O'Reilly, 2003.

Levy, Elias. Wide Open Source - Is Open Source really more secure than closed? Security Focus News, Apr 17, 2000.