Application Development - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Application Development


Developers Growing Challenge



 By: Peter Coffee
2005-05-16
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Application Development story.


  Table of Contents:
  1. Developers Growing Challenge
  2. ' TKTK '

Rate This Article:
Poor Best
Developers Growing Challenge
( Page 1 of 2 )

Case Study: The need for complex, open apps means the 'art of abstraction' must be unlearned.

Enterprise application developers are squarely in the cross hairs of the next generation of IT system attacks. As generic infrastructure security and user awareness issues are increasingly addressed, the most dangerous remaining and newly arising vulnerabilities are those in the applications that define any modern organizations procedures and controls.

When perimeter security is lax, attackers will exploit promiscuous connectivity or weak password discipline; when users are careless and/or clueless, opportunistic attacks such as e-mail worms will have free rein. In the current environment, though, there are three reasons that line-of-business applications are ever-more-attractive targets.

First, increasingly complex business logic and growing integration among application modules that were not specifically designed to work together create a rising number of places where error may lurk or where unexpected interactions may arise.

Click here to read about an Internet-worm early warning system proposal.

Second, the costs of finding and fixing vulnerabilities in a vertical application must be borne by the relatively narrow community of users in a specific commerce or industry segment—unlike more broadly felt problems in perimeter or platform security, whose costs of mitigation are spread across much larger groups of users.

Finally, supply chain pressures dictate that enterprise online presence, in the form of network-facing applications, must be accessible to the largest possible number of potential users and must meet aggressive targets for rapid development and deployment.

Resource Library:

Application developers thus find themselves under pressures that lead to the creation of systems with numerous and subtle flaws that are forbiddingly costly to fix. Even so, organizations feel compelled to expose the results of these development efforts to increasingly well-informed and motivated assailants.

Enterprise sites cannot address this problem by adding layers of firewalls, by imposing additional modes of user authentication or by generating more detailed documentation of routine IT tasks.

None of these measures addresses the fundamental problem of an application thats intentionally exposed to an authorized user or invited customer but that offers unintended access to information or opportunities to do harm.

The developer contribution to enterprise information security has to be made from the inside out. It must take the form of code that grants only the privileges needed to perform a business task.

Thats not a complete solution, however: An enterprise could still be defrauded by the use of a stolen credit card number, for example, or by any of a long list of traditional con games or misrepresentations. The development teams definition of success must therefore be the extent to which risk is shifted from the domain of technical flaws to the domain of business practices, not the degree to which all risk is removed.

If developers can look their business-unit managers in the eye and say, "The only risks that remain are the ones that you decide to take by serving the target customer in the target market," then they have done their job.

Software developers climb ladders of abstraction. These begin at the bare-metal level of those who write device drivers, rise to the interface level of those who write operating systems or network software, and eventually reach the airy heights of those who think in terms of business processes.

Application platforms such as Java or Microsoft Corp.s .Net and emerging standards such as Business Process Execution Language encourage developers to take advantage of software abstractions that conceal what are supposed to be irrelevant details. Attackers, though, can also take advantage of a developers assumption that a piece of code will be used only as intended.

Buffer-overflow attacks, for example, continue to succeed because developers continue to make unconscious assumptions that a software module will receive only input that makes sense in the context of how that module is meant to be used.

"An Empirical Study of the Reliability of Unix Utilities," a classic paper written by Barton Miller et al. and published in 1990, was inspired by a frustrating afternoon of accessing remote systems over an electrically noisy connection. The paper gave early and somewhat whimsical exposure to the problem of developers assuming that input would conform to their expectations. It found that random input to many auxiliary programs, such as the ftp file transfer utility, could often crash a program or even a machine.

A more recent anecdote from Mark Graff et al., in a 2003 book titled "Secure Coding: Principles and Practices," described a buffer-overflow attack directed against a mouse driver. The driver was fed absurdly huge values for X and Y coordinate positions that developers had never even considered because they exceeded the dimensions of any conceivable display.

Next Page: Defending Against Attacks





  Reader Comments: Developers Growing Challenge
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Application Development Articles          >>> More By Peter Coffee
 


xr۸(;whkL"d[b[^OfS*$)l+K?_8xuK&w-`n4?;;o$rjȅkLmd'L7,>Ijy6P|oḞ+?2d3JmF]S~ o찏J޼w+sR;€wشF㰮6Z |62q3f.)h9qIlGtuGpf %HCx5޺!IQz$pm˨mC bQ?hrOhIQID4I>Ai V5~yP"U[U'Ұfd`-v5H`Uʞfn=  a=9t} ^hFÔlw~F"S#& BhlU 4G LźokfwQ`5<ۦ#8ie$$7z6XpaG%煃=_?Ķh{'3p\ǜe~/Coeں7@oG;uC2qz("EFD* ?q7`lC(ZhN-2a=ʲf w 3n[m1CYokjT:PR+TxPsWscm9 2ݭ^o|{(U?]`k-v%u9Χ[yиa8sD7[YHM~gDR/ DdA M}rjw{`rM5Jzq߹ᖃAAUԚZP]5]j1{0_2Qu;-^m^:E,3s!_*CA-t?C;K7}yҹ59i}j ݩO4 0\Ա´:֪V^W`Ck']ĻML?&sttWVKR>ǓqUCxyd$Y)Izֻ8'| ,-˭ ɈB_ȹH]+/R(3B#C ! ,$4ȄQHzP7 9A} 6milj 9Bf 5K]=s za4طz@5&:hk~$GM \cFŌ24U>' (|EUE?2ݠHPT}O9EdoJ"> ceF"Q&% . c|8Jj4pO૦Ĺ>Bwެ,e*4ޙϋ~ӢKwQ}nUOnS35֍h.\Ri%.8W5MGR>HLݣfZ+‹A^bLfAm td8԰QnCmj9-MI?@7&6j|btRh#(oH6#!hI#2 Bг,`@o%`-gP nKE .<Ҧ\IKRd&,S̗\VK@sfd(Ӓ4{~u}bFN1&Qen*PpRx5Rn,`oJMUUT3EoBk8t 03uq=ZA-z'$'ǔ4$a.*dybN`9={at]$3t0x>fXfZ>kNplEu4>fdݙМX,ǖ>&&B~aZ&fD,ioc3ye9^\#ouM\f{aMr"Vv6PzqJ9;m9PP*MMU;Wk9n$!)xWi r:$Wt'h+YZ3nR>}Ur=$BcX`D}_3L?;1bFHAw=E梳x_lYUo),~+ыwz1(akk)|/Ho`5&ۂx A-1/D4)E6@Aq.,yo␘ P -6bاO!3l`(`Ϋr!/+ ƀ#UV-ZI^M@+ L 4 C~8.j(6 SXu<]| ]}r3B: cp6x>2 C5,&=tж(%<42.|O\Z,'03g+qqڳgiw0잶ׅ)Υ߬p=O[-Vу}9J!6C{˞"{_)/!寺0iTҗKJ!OH?I?րH{N2,exY΀5mI]vOCgd͙(yʗȅLC s MnN/'Ѡ/&4%q 7ѴPV(FOG}hSʋ2 @@z"RT j%85r>_ԊJAn0dL:'|m/獽w7D[Fi]8ӼZ`S\x+mF`䣇2,*pLٲ|˘ lxTa۩'j*r16~zi1bNLx fpzlh rxf&4@Ol9Oy'!KxfESrc ]/Xn:/q!yLL?GCcvnN_H)nXӡL-P;Ђ[#ξB9$'=4g gxk45`z+xi/B{s0`FS`$Zf7ĎQ՟=?uT4SטT\>F4$ ]N!= -< l#3uZ5;~YSWjNY:ڎq@^R*~q;.64Ȝ k 1ݢ =&Eo{I"$yDIbe*4̠3^깋-$̺&GܼT ^CxєՆ.EHJCnk8+Vj>O֩zZ{ Vy9'6T$EAG nphQ0b,K馡/ph1R45þLQPZ;qn(ŎVxՒ0jo?/:\g 8bgKBٳL@@ ON&|=kNࠢM"a( db;b[HQQ4H8gh/l%۷ )݁f栗oďTK(D*Hěbr2Y>ѥyOb$O#q L_C\G-3UY+f":=6罿xACvYt-R'\èK1 4G6*@g早oJ1 =<RrP)ְlimd|B0HAϲMp+R-"xOꦜ[x)m35<c`ԂտtYX81DǍT,v051#.8\v=,4"<&'=GʦY|)2h@-,RsNC qt H;Mo+J$I(H&$I8oM]q[:R?ԝ{|׿ BJ&@αaX IG)ؼ`S+6um,U.ur4{^ %`r廿z(Bd7yyB,KE8\~ӬlbEtz"mO{5[N('sѐdʠCZVXG4xΔ&Atad]͇J5ڸ덍+\;宦j~&:W{^ZT{}y_tL;u3S`)F7iGpss-=$gxK(<HPxlӜ[=0ڦ12տ  y"UO~uCz1o3x Ӭ)tIN@ @JצϤ(m9S]`k0F"$$L?⯗$=6罿!^YDdU8/&6,&Z}+MHgVq 9ݲ׭O֍&]td@ŒHz(!Ӣʵ`,ywƵ!a-l` Q@Nf-~]K,&KP6s߶e$H0[NnE z>9Ik+ DC$P$">ⷣ^\sIj< y^ xdee8)]6f\]7HD$J Sx_۷x~u}=ŷf=.ʶa^66ˍbc-}V@{L i,{B iO0\wl :5lat5g2lܹ@QR_/u#XqKȬ sM۞Vt'rẊhALÑ@uyzUcd1M9jpc"97tߥm>vg:c9s'~}ҹ/U⯠œӫjϡ6 g?= fTItRY}y z73,s<^Ȳq4h6E`aVfo`\7nbm$M} ɓ?~؉!?ZC k?D椟¤XM:]%-?Z(pUOc{;{ $’Yßܳ=\z;<A/=Bמt3Ub~bۘ1W xE/wOR]VUc{MT#zH/IA]o7t?G?Pm?ķ[m`$_a4!R0q@imӶƮJjap$ʽFt9߽Ld auIMu& kQ B)fl\GBN8NXo,"xa rCoquQ%]J! Ҳ)ʃ .텮G%6MfˢDE\GaFͪ \rO?P/si^,`Vd ޥtW1 MO&*Sj9J=7=SCBU|?HU) B:-A8ūi1=MhslYMQ3цh50zfB׵Gۡ;vD׽sa+f Zzڝ)37: Ɍ39˶MbOnhcmQ.͑񛭒wmr ]@ktM/5 s;()3$Y]ߴA4`VTa6 T*e/5/CyN ۪#WWUVy0}Se%Rut0=(Urs׸Flzg`ҧ9Ekɽv=/&=wy r-ͷg,l:K’mXv&J:<}Q-mER!!B5a 8J @xt9 c}_դ w5$DG8fh0PGm0K{)Qcw2:i rbNWDڮJ]kJ^O@w}j 4ZψY$/:OyZg~91ʒ2;×+ 66m)m4Js;',߿HfsF4Gs,m/d\v^zLp$_]EFzV>Hz6ڈj^ZJ =0] aWLĈ)n2BSsOWRh=`?K"xxa* a̍BqUfw"nP}wY?e=a ' 24?^\}ĭBA*ٽUXG7F٪ϣJ 0Msa>2G`D{zCd.e\ϫ=ٓRG>'PmDOf ")Rx ԛXa11K]7?=N8}yǂ"",bqD['鍀GP56D:jnZ9lt[^뺋Z 0u%S2>{n`#񫝡ڌЏ^tz%qt8 C'vq]^ s+û19B3\vcOкtŦtCw|1[G\(9$#MhVn>\_v*n_a?އL ZGEEFE#Rh|GDc&~/.nrji`Ik0#td D-}dۈM":b5,GtF|M dTm(_1/.Q':+*(?q5֍D bb{GTƩ;ff.#_A1J BL&ȿI*|)t(.( oI[PXPO!2u)%B7UI4}/x{3`ynF"O[OqW cܕ٫,t0Bjknlh(^Q}>e&cri@Ea@ԐP(Vй:xL_xƖ4/0}(-ŌCj'I]Ui_)9ˮ KA|$aW6#x7uh%cWTa*蕴BsI͐!=}^ҵ}h`ɵ7֜ #4?5iVt?uWv;7x Z[4jVuN>w>/[W^qj)Xv>L5mkKJreiE)Sr=ئ3bڜkVExU< ODE Ccq~^ L9'Q?B)^e3s\CT9ĸҫSi0L̏7ON[ݮZI iW'>=ȱk:o\X6^%|g*4]Z0,2aL bv[\2Ȥfo s`5Úߠ5P~ \SށΚrIkM1.?{ڙY{uy$h)kCLrM9^n񡻦3^]~ٮqf|.k/^b }.ky?/?/'_~OkϠlM_k/bM9\#?0~kƯwY:_:kּ sw5_W(uuG௏kZW~o֕ެhfM77kO$i<5rּ…)њRq_Jeޯ<+%(_ Xi7:k ث5t.2]#e2~62Ak_wNuF]quKx5KD앆cn%:Xys/-#y)64(^X^> b|y֥ÿVPwOʻϜQ4#VĘVqE)c9s8Gc_%YfS'rU/fc"hV cƑ.8/I\\[4G8q(G@In]  n@~T|u*nڧv,2kիK+cKp'k͠~%k"iM^Lv4MwrIcltG&[)/1ͷ̮+k͞Ҧ@ W$.>tߺB},425~ɑP<,ښ%13Σ.ܞSfu?x6.XD};dk6Nώ;Y:5KQݎ;SdK5E@d`[O^K%]Blx#p2GɎO~uZfbwO]vBI3rң>'Yfs(59G |h7]^PlãGXƸ[[* Iz@swSazB\NJʶzW QmJM^a[Aj`Pm+ A4XS'E0̖3{~k#'>fg a:9YJ;)YX&7$I /OىBW0K;4lqED%RXRmf fE]Rj0Ʉn~3 xI1%h3l#mAb ?iʵ-}`G=f4YAYŒBd+ZʙkcPKҽk x տQ#fi|!Ƨ\>m @{bxz-CǮ Cga+fcPNhVc.g>xTL+Vc@ۅGS9::l4݀ТVU"Ď'Jěc79=I }(˦n܌aBbbv.օ5&xBDZ4?|P cYx ^Ŧ$VfS&b0|:#V55g4]!^<|]3ewmڟ?vXC|{O@R'x>ՠb]eĿޯׁY, 3E__; 1e"f{/E :(ڇ_x_2To 4G8C `X;:(1h )@WR1~icF~![ֲs`]iՕE9vNfK2:ѵi?H1길᮲WgIva FΡQ9zF3eXz({зp;Y  wM$W 3S4Juϫ~jx 4?YYYrdݺC2~%]X󽺙/@.~T8l6+j`7}j~ۧJF_!.IZQۡ) vXC$(n"fmDG0(ڎ4qH.^Uk;ѷ\U -!XE*F'{gK Rf.̣)OT`DЫþyO,fWVë=8롢˷-ut;*b]V.oѭ]*E]Zc_x_ k;AQ0}}(Ӣ26*בZ E|~ ZK+AS݆bV% |nIJ`{@Tfӓ1xapyݢS>ɂE4uEbaN__f < SRIK6{2A/g?7 W0Ah6#.jnB..VWUYg:~7Kב-&Y  \8~s5" Љ1P3Y]cP_ iH,A,,&0 j.6\g7e!$xqhe=..7| G8qupefe`.j0g v ޑ,0{E喋'6\>zfXzͽ:‹<҂ƍOic;Ԧ Y mЮ; "+[3| X=z{VLDޠs$:o@?ZlDЃrEQ8tփh!|}t|4FUUb(踂Rp pZKG"d$eR%>KMT 0d79>)WRo; ni֎3CBi)O-Os@x<'7Yd IPX`6>$S3[peϑB6u8ݒhҨ}^MQ lmRi9bPᵝo- 1N2$?Ŵp g_%"ަ ܜ\Vvp5L׆oDt=*ӽ  _=Q:Β+4Ò'_ 0"!_bPZ-TAD/ TS0e4 cDZigT3w #ήtlYY4n;q.̎j;.aJ;R4}u=O=k <{ o-ւ.ٷא sٓNχV"WB:RzՒ7ZQB/ Ѹ_pߴzK;Ô]yuUGg&n:V \{B]5ONڗŊx:2EM 54$t4J|>TxgyyVl"$qo53>D19P-X!f5ahOlئd yY(9?ҍhRM6$qI0o