Software Security: Principles, Policies, and Protection (SS3P, by Mathias Payer)

Welcome to Software Security: Principles, Policies, and Protection (SS3P), a free book about software security. SS3P focuses on basic software security principles, secure software development from design over implementation to testing, software security policies (with a focus on memory and type unsafe language like C/C++), defense strategies with a focus on verification, testing, and mitigation, attack vectors, and reverse engineering. The different chapters are augmented with several case studies.

This book is, was, and always will be free and openly accessible in PDF form. If you reference the book, please link to the SS3P PDF directly so that your readers will always get the most recent version.

Intended audience

The intended audience of this book are advanced undergraduate and graduate students interested in software security (e.g., as part of a software security, system security, or information security class) as well as developers working with low level languages such as C/C++.

Topic overview

Software and System Security Principles : from basic security properties to assess the security of a system like Confidentiality, Integrity, and Availability to Isolation, Least Privilege, Compartmentalization, and Threat Modeling with a stint into the discussion on differences between bugs and vulnerabilities.

: from basic security properties to assess the security of a system like Confidentiality, Integrity, and Availability to Isolation, Least Privilege, Compartmentalization, and Threat Modeling with a stint into the discussion on differences between bugs and vulnerabilities. Secure Software Life Cycle : integration of security into design, implementation, and testing of a software project and how to continuously keep track of a software's security properties throughout the life time of the project.

: integration of security into design, implementation, and testing of a software project and how to continuously keep track of a software's security properties throughout the life time of the project. Memory and Type Safety : the two core policies that cause the majority of exploitable vulnerabilities on current systems. Understand the definitions and implications regarding performance and security.

: the two core policies that cause the majority of exploitable vulnerabilities on current systems. Understand the definitions and implications regarding performance and security. Defense Strategies : verify if the complexity of the code is manageable, test as much as you can, and leverage mitigations to constrain the attacker on the remaining attack surface.

: verify if the complexity of the code is manageable, test as much as you can, and leverage mitigations to constrain the attacker on the remaining attack surface. Attack Vectors : understand the goals of an attacker and how these goals may be achieved starting from a program crash.

: understand the goals of an attacker and how these goals may be achieved starting from a program crash. Case Studies : end to end discussion of web security (including the browser security model) and mobile security.

: end to end discussion of web security (including the browser security model) and mobile security. Appendix: discussion on shellcode development and reverse engineering.

Bibtex

@Book{Payer18SS3P, author = {Mathias Payer}, title = {{Software Security: Principles, Policies, and Protection}}, publisher = {HexHive Books}, month = {April}, year = {2019}, edition = {0.35}, url = {http://nebelwelt.net/SS3P/}, }

Changelog

2019-04-01: Typos (v0.35)

2019-02-25: Extended fuzzing discussion (v0.34)

2019-01-09: Small corrections and fixed several typos (v0.33)

2018-06-01: Short discussion of agile software development and language-based security (v0.32)

2018-05-23: First edition and public release (v0.31)

Contact

Disclaimer, errata, comments, and extensions

This is an early draft of an open book that is heavily under development. The book started as a set of lecture notes from my software security class (contact me if you want access to the slides or material) and have developed into a somewhat longer script. Most sections need heavy work, especially the appendix is still in draft form. My plan is to extend the book during each iteration of the class with any new material. The first couple of iterations will be more heavy-weight and hopefully reach a maintainable steady state afterwards. Note that the appendix is currently in draft form and on top of my list to complete.I do welcome comments, questions, and suggestions of all forms. Let me know what topic is missing or what other information should be included. For the existing information, let me know what needs to be rewritten or where I should include more details. For typos, please simply drop me a mail. If you have more extensive feedback, I'd prefer an annotated PDF or, if it's unstructured, an email.

So long, and hack the planet!