Complex applications are composed of many infrastructure layers, e.g. database and file services or web services. Services are provided by one or many systems through complex software packages. All systems communicate with each other and with infrastructure systems like directory, naming or backup services. In order to simplify matters we omit the users.

Every operating system, software package, infrastructure service, etc. has vulnerabilities which could be used to attack the application. For example, the U.S. National Vulnerability Database (NVD) lists 9 vulnerabilities for the often used middleware JBOSS, all published in the past 3 month . On top we add some self-made vulnerabilities by our application design.

The set of all vulnerabilities is the known attack surface.

Please keep in mind:

[1] The whole is more than the sum of its parts!

[2] The unknown attack surface is greater than the known attack surface, and millions of hackers are working hard every day to detect new vulnerabilities.

Today’s standard answer to this challenge is patching, patching, … But from my point of view Security by Design shows a way out of the chaos. Application systems should be designed according to

Rule 5: Minimize the total attack surface!

What does this mean for the application/system design?

• Decompose the application into separate functions, if possible provided by separate services
• Minimize the number of interfaces between the application components
• Minimize the number of 3rd party components
• Relocate services onto separate encapsulated systems
• Minimize the number of installed software packages per system
• Minimize the dependencies on infrastructure services
• …

The effort for build and run will be definitely higher, but the known attack surface will be much smaller.

Keep it smart and simple!