Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

Software Applications

More and more work, which was being done earlier by hardware components, is being carried out currently by software or software applications. For e.g. look at the functions carried out by the embedded systems in any

automobile. It has substantially increased and many of the functions of a car or an airplane are now directed or controlled by software or software applications. Hardware can fail because of mechanical faults or component aging or component manufacturing defects or weaknesses of the material etc. However, in case of well thought out and well-designed hardware, such chances are less and also may be possible to be detected relatively easily.

Think of medical devices. More and more medical devices are moving to software based from mostly hardware based platforms. Think of an embedded device which is implanted in the human body. Imagine that there is a defect in the software or firmware on it. You need to patch the device to overcome this defect. You have to communicate wirelessly with the device to patch the device. Imagine you update a wrong patch and the problem gets aggravated rather than resolved. For all practical purposes, we will include firmware here as part of software. Think of somebody else tampering with the implanted device wirelessly1.

Recently there was an incident of Air India Dreamliner flying from Melbourne to Delhi which was required to make an emergency landing at Kuala Lumpur (software malfunction in the cockpit). Earlier in the day, it was reported that the cockpit computers stopped working and the aircraft landed without any navigation aid (which was later denied)2, 3. Luckily the pilots were experienced and could navigate the flight effectively and ensure an emergency safe landing. Think of a situation a few years from now if pilots become so tuned to the helpful cockpit and navigation systems that they may become handicapped without these systems. They may not be able to navigate the flight even for a few minutes without these systems and the passengers' life may be at high risk. It may be possible for a passenger to wirelessly impact the cockpit system or for a maintenance engineer to be part of the terrorist team and adversely program the cockpit systems.

Further, the software can get corrupted, can get hacked, data can be manipulated, data can be overwritten, algorithms may be wrong or wrongly implemented, exceptions may not be handled effectively, and errors may not be handled effectively.

A software application is as good as what it does. It should not do more than what it is expected to do. At the same time, it should not fail to perform what it is expected to do. The following eight characteristics are fundamental from the perspective of an application's security (see Figure 6-1):

1. Completeness of the Inputs

2. Correctness of the Inputs

3. Completeness of Processing

4. Correctness of Processing

5. Completeness of the Updates

6. Correctness of the Updates

7. Maintenance of the Integrity of the Data in Storage

8. Maintenance of the Integrity of the Data in Transmission

Figure 6-1. Aspects of Software Application Security

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science