What Does "Secure by Design" Mean?

"Secure by design" is a methodology for creating computer applications or systems in which all aspects of the software are inherently developed in a way that makes it difficult or impossible for a malicious user to damage, attack or compromise the system. In many cases, software that is secure by design is planned from conception to close even the smallest security holes in elemental functions and to use trusted, classic techniques during the coding phase to ensure that no flaws are carried into a finished product. Some of the main areas that are the focus of secure-by-design engineering are user or client input, secure communications and basic validation to ensure that certain types of attacks are rendered impossible. Although no computer application is immune to all malicious attacks, a secure-by-design system has a distinct advantage over systems that use external security libraries or rely on the security of a surrounding environment, such as an operating system, because the design of the software is made to prevent and contain exploitative attacks.

One of the most vulnerable areas of any computer application, because of its unpredictable nature, is user input. Input that is not validated, is used without error checking or is accepted blindly from any source can use the inner workings of a system against itself to expose sensitive data or cause a system to crash. When an application is secure by design, user input usually is validated in some way, checked for malicious sequences or even converted into a safe format so it can be processed without worrying about unpredictable behavior that could result from default processing of some character combinations.

The issue of user input becomes more complex in a secure-by-design system when the software is a server accepting input from a client across a network. Some attackers can intercept valid messages from a client to a server or forge a client altogether, so methods other than proprietary encryption usually are employed, because an attacker intercepting the messages could easily break the encryption. More effective methods of security within the design of a program include restricting the information a client sends and restricting the ability of a server or module in what it can or cannot do on its own.

By combining software modularity with the principle of least privilege, a system that is secure by design can prevent attackers from completely compromising a system by delegating tasks between modules that do not necessarily have the ability to perform a single destructive action on their own. In this way, safeguards and fail safes can be put into place that can allow a system to recover securely from an intrusion. This concept is hard to incorporate into an application that does not use principles that are secure by design, because it requires the entire architecture of the program to be geared toward the goal of security.