Cyber-Attacks Drive Better System Design Methods

Posted on February 11th, 2014 by admin in Cyber War

The cyber-attacks and security damages, which seem to be increasing in scope and rate of occurrence, have had a positive consequence for the discipline of system design. They have raised “security” as an important design issue, and it has risen beyond an annoying economic friction in system development to a genuine, paradigm shifting aspect of all system design.

I don’t actually know how current software and system design are taught in schools, but it now should be very hard to write software or even hardware and exclude accounting for cyber attacks. But irrespective on formalisms taught in schools, security now is a mental orientation of all software designers. That’s very good thing.

Generally, cyber-attacks are thought of as something to avoid or resist. But by deeply considering the possibilities of attacks, one’s software will thereby avoid all kinds of major failures, both benign and malevolent in kind. This results from using a security orientation to prevent bugs and failures generally.

Look at the design problem for any system this way: the system is designed to accept a certain space of possible inputs to produce certain desired outputs. For example, when you enter your age into an online retirement calculator it had better be a positive integer! So when a person mistakenly places a minus sign in front of the number, the system may well freeze-unless it checks to make sure absurd numbers are blocked and correct ones requested again.

The space of inputs produces combinations which can be imagined in advance and designed for. Many failures occur when some combinations of inputs occur that have not been considered. Up to now, hostile inputs have produced system failures and security breaches, so by increasing awareness of more possibilities in the input space helps developers produce stronger systems.

Unfortunately, the bad guys constantly show us, at no small cost, where we failed to imagine what could happen and design for it. They punish us and our users for not being sufficiently rigorous!

 

Leave a Reply

More News