Secure Design: A Better Bug Repellent Keynote


Christoph Kern is a software engineer in Google’s Information Security Engineering organization, whose goal is to keep Google’s products secure and users safe. Within this larger organization, he works with a team of security engineers to prevent security defects in Google’s applications and services through framework, API, and platform design. Kern will present a keynote talk at the 2017 IEEE Secure Development conference.

Traditionally, software security assurance has focused largely on discovering bugs after the fact — through (fuzz) testing, static analysis, or code review — with a bit of developer education added in. The Google team’s experience shows that in practice, this doesn’t work all that well, especially for certain classes of vulnerabilities such as those related to complex, whole-system flows of untrusted data.

A step toward addressing this unsatisfactory state of affairs is to change focus from chasing down instances of implementation-level defects and vulnerabilities, and instead treat the mere potential that a particular type of defect could exist as a design flaw at the application architecture and frameworks level.

Over the past several years Google has developed design patterns that, when applied to application architecture, API, and framework design, do indeed result in a drastic reduction if not elimination of the potential for certain types of defects to occur in application code.

This talk will briefly summarize Google’s perception of the limitations of traditional approaches to software security. It will give examples of Google-developed secure design patterns, and discuss how to apply them at scale to frameworks and APIs that form the basis of Google flagship products such as GMail, Docs, Search, G+, and many others.

Register for IEEE SecDev here.