Possible solutions

Depending on the nature of the attack you wish to defend against, different degrees of solution may be possible. Often it is not possible to find an ideal solution to a security issue, particularly when dealing with already-written software. A discussion of a few common kinds of possible approach is presented below...

Security by Design

Sometimes a particular kind of security issue can be addressed by identifying and sticking to a set of guidelines; for example in writing secure code you might specify that particular library functions are considered "unsafe" and alternatives should be used. Often a program or protocol which exhibits insecure behaviour can be rewritten to avoid this.

Security by Compromise

Consider a situation in which the speed at which a computer completes a particular task gives away some information about what it is doing (e.g. a password checking routine). One approach to solving this issue is to introduce random delays into the behviour of the system in order to disguise its behaviour. Obviously it is only possible to slow down, not speed up the behaviour and so you have a trade-off here between efficiency and security. Such compromises are common in Security Analysis.

Security by Analysis

Perhaps you have designed a complex system but are unsure as to how well-written it is. One approach is to apply tests which attempt to break into your system; either using formal reasoning, or simply by attempting to deduce "secret" information from the behaviour you can observe. Sometimes special "hacking software" is written for this purpose (although in the wrong hands it can equally be applied to attempting to hack into someone's computer or program!)

<< back: How are Security Attacks made?                                                                               next: The Black Box >>