The Audit Driven Approach to Security Design
Secure Software is more important than ever, yet there is very little guidance available on how to go about producing secure software.
“Audit Driven Security” is a software engineering methodology, inspired by Test Driven Development, that you can learn to use to produce secure software.
Audit Driven Security
What drives a design?
having vs knowing (in Test Driven Development, we want correctness, but the way we know we have that is via testing. Having correctness is not as useful as knowing we have that. So, optimize the process for knowing that we have the thing we want to have. In TDD, that is testing - the development process is oriented around testing. In security design, we want to have security, and the way we know we have it is by auditing, theirfore, in Audit Driven Security, we orient the design process around the needs of auditing)
Analogy: Navigation Driven Shipping
Examples, things that make something easier to audit.
Properties that can be verified in the protocol, vs, verified in the implementation.
Avoiding security in the state model.
Properties which are easier to verify.
Dominic Tarr works as a developer and protocol designer on secure-scuttlebutt and as a security auditor for least authority. He lives on a sailboat in New Zealand.