Engineering trustworthy systems: a principled approach to cybersecurity

Reviewer: Eduardo B. Fernandez

In this article-an extract of his book on 223 security principles [1]-Saydjari discusses the ten "most fundamental" principles. Both the book and article are addressed to software engineers who want to build secure systems. Cybersecurity technology is advancing too slowly to keep pace with threats, and system designers need principles in order to do a better job. My own experience analyzing recent attacks (Equifax, Uber, Sony, Capital One, and so on) shows that these attacks succeeded not because they were impossible to stop, but because management made the deliberate decision to not spend money and effort on protecting customer data. In fact, the attacks were very simple, but the systems were quite naked. The proposed principles are all well known [2,3,4,5], which confirms that the problem is not a lack of cybersecurity knowledge but a failure to apply this knowledge. Even companies that develop security-critical systems such as Microsoft or Adobe don't use the most advanced secure systems development methodologies, relying instead on secure coding and code analysis. While having a list of principles as a guide when building systems is better than nothing, I doubt that developers will be able to apply 223 principles without the support of a systematic methodology. I have found that the use of security architectural patterns is an effective way to implicitly apply principles, and after surveying a variety of approaches to secure software design [6], I believe that model-based methodologies are the only hope to produce systems with a high level of security and that comply with privacy and other regulations. However, we first need government regulations that punish institutions that do not protect the data in their trust, as the European regulations do. Until that happens, cyberattacks will continue to succeed.