Identification of security objectives is the first step you can take to help ensure the security of your application, and it is also one of the most important steps. The objectives, once created, can be used to direct all the subsequent security activities that you perform. Security objectives do not remain static, but are influenced by later design and implementation activities.
Security objectives should be identified as early in the development process as possible, ideally in the requirements and analysis phase. The objectives, once created, can be used to direct all the subsequent security activities that you perform. Security objectives do not remain static, but are influenced by later design and implementation activities.
Identifying security objectives is an iterative process that is initially driven by an examination of the application’s requirements and usage scenarios. By the end of the requirements and analysis phase, you should have a first set of objectives that are not yet tied to design or implementation details. During the design phase, additional objectives will surface that are specific to the application architecture and design. During the implementation phase, you may discover a few additional objectives based upon specific technology or implementation choices that have an impact on overall application security.
Each evolution of the security objectives will affect other security activities. You should review the threat model, architecture and design review guidelines, and general code review guidelines when your security objectives change.
Use the following techniques to help you discover security objectives:
-
Roles Matrix. When an application supports multiple roles it is important to understand what each role should be allowed to do. This can be accomplished with a roles matrix that contains privileges in rows and roles in columns. Once the roles matrix has been created, you can generate security objectives to ensure the integrity of the application’s roles mechanism. Many systems have multiple roles and privileges can be assigned flexibly to any role. In this case your objectives need to be more general.
-
Derive From Functional Requirements. You can generate security objectives by examining every functional requirement in your application through the lens of confidentiality, integrity, and availability (CIA). This provides a very effective mechanism for generating security objectives based on known application characteristics.