The Lazy Programmer’s Guide to Secure Computing

small summary writeup:

• how to write secure code in an imperfect world
• code patterns for “principle of least authority” (POLA)a sharp razor (to much authority: you get abuse, to few authority: you don’t get your job done)
• security and POLA in the mail envelope, every security principle serves another purpose as well
• the OO paradigm could serve as a good security paradigm, too
• most languages break the security properties of OO (e.g. by allowing stack access)
• for various languages there are tools which fix these language problems and filter your code, thus enforcing OO security properties (e.g. Caja by Google and Yahoo for javascript, Joe-E for java, Emily for Ocaml)
• how could these patterns be transported into distributed systems, the web? implementations: waterken server / web-key
• with these patterns in action, a web-money protocol can be implemented in about 30LOC Java
• if POLA is used in larger OO software systems, you achive ultra-deep security in depth
• with POLA, the attack-tree risk-combining operation changes from OR to AND, thus the economics of security change
  • when extending code, you mostly add unpriviledged code
  • meanwhile you fix problems in the priviledged code
  • thus, over time code becomes more secure instead of less secure
• we should use memory-safe OO languages and POLA principles