Secure Software Design Principles: A Systems Approach

The fact that security was often neglected in the design and construction of computer software has led to significant system changes in an attempt to add desired security functionality after the fact. Four methods of implementing security functionality, from augmentation through integration, are examined with respect to implementation strategy and efficacy of the desired security functionality. Using system theory, an examination of the issues associated with complex systems as applied to the addition of security functionality demonstrates the weaknesses of these approaches and the need to design security in from the beginning of a project. The application of system theory, the concepts of equifinality, feedback, control theory and the law of requisite variety assist in the understanding of the outcomes of the differing approaches to adding security to a design. The implications of understanding the foundational effects of adding security functionality will enable developers to properly invoke security in their designs.