Software Security: Building Security In

Instructions

Given your answers from the SmurfScanner Risk Assessment, draw a new software architecture diagram for the SmurfScanner system that mitigates the risk. Also, list the other things you could do to secure the application.

Answers (Incomplete)

The various processes should only accept commands from the other processes explicitly shown in the diagram. Each piece of software should be signed by SmurfWare, and this signature should be used to verify the caller.

  • SmurfScanner Manager communications should be encrypted.

  • There should be only one solid crypto implementation in the solution.

  • The first time the device is used, the password for the Manager-level functions should be set by the Manager app. The password should be used from that point on. The hard-coded shared secret should be eliminated.

  • The Crypto Helper should be seeded with something more entropic, such as mouse movements, not the system clock.

  • A sample fixed architecture is depicted in Figure C-2.

Figure C-2. The SmurfWare SmurfScanner architecture with some adjustments for security. Not all possible fixes are shown in this picture, but many of the most critical ones are.

Related

Категории