Secure Systems Letters

Aspects of Secure Systems

Wrote on Feb 24, 2019 by Hussain Almohri

Secure systems comprise of multiple components that are specifically designed with security in mind. Some of the components entirely serve a security goal, while others contain a heavy chunk of their code base, which takes care of security. That said, developers dedicate most of their time and effort in implementing functionality, as opposed to security properties.

One can imagine security as an aspect of the system that cross cuts many other requirements. For example, authorization, as a subsystem, is present in every page of many web apps that somehow deal with discretionary access. Other security aspects may not be present within a web app. One such aspect is what I call denial of service control logic. A denial of service control logic concerns about eliminating threats from denial of service attackers. Some of the solutions are implemented at the web server layer. Limiting the number of simultaneous requests, inspecting network traffic, causality analysis for anomaly detection are some of the techniques that are generally applied to multiple apps served by a web server.

Having security aspects applied at various layers, web apps do not have full control over security in rigid environments. This is because a web app developer have limited abilities in implementing security aspects. A multi-layer top-down security analysis requires implementation abilities that are beyond the web app developer. This makes deploying security-intensive web apps on micro virtual machines on the cloud, a very important design approach.