Thinking: After SDL, the research direction and Way Out of attack technology

FlashSky (know chuangyu) Space

SDL is introduced into software engineering as an engineering method. I personally think it is a milestone in the development of software engineering. Software Engineering finally regards security as an important indicator and has feasible methods. After the introduction, security improvements have also achieved great success.

From a global perspective of system engineering, some major changes brought about by the introduction of SDL into software engineering are as follows:

1. Security factors are introduced in all stages of requirement analysis, system design, coding, testing, and release, which is more effective than improving the security of 1 or 2 nodes, in addition, security factors are taken into account during system design, and security risks are more controllable.

2. The security risk control introduced by SDL not only improves the design and code quality, but also promptly fixes vulnerabilities and uses technical channels to control attacks.

3. Although the introduction of SDL cannot completely prevent vulnerabilities and prevent exploitation methods, it is critical to respond faster and more thoroughly to the vulnerability principle and utilization methods. In the non-SDL era, no one feels that the general exploitation technology and the new vulnerability model are kept confidential. A method or technique that can be used for 10 years, but it is different in the SDL era, experts should also dare not easily develop their own proprietary skills and methods, because in the SDL era, modular design makes it possible to block new exploitation techniques at the method level, it cannot be prevented. It will be the norm of future attack and defense confrontation.

In the future, if the attacker wants to win the battle against the defense of MS, new progress and research must be made in these technical fields.

1. New Vulnerability principles (Forms), new application scenarios, and cannot be easily repaired. Many research efforts such as YUANGE should be useful.

2. New Vulnerability Mining Technology: When MS uses thousands of servers for FUZZ testing, if you still expect a small PC to target the same product, FUZZ, which runs the same principle, can run something useful within the time range you accept, unless it is the functional area not tested by MS.

3. Quick analysis of product features, as mentioned above: it is possible that many vulnerabilities still exist in functional areas not tested by MS, but for an External Researcher, in the short term, how can we get to know more about the functional areas of our products than the dedicated MS testers? automated tools may be required to quickly analyze some of the less commonly used functional areas, strengthen testing and research in these fields.

4. New techniques and theories are used, and if they are to be popular, they may have to be difficult to fix. Otherwise, they can only be used in a very small scope, or they will be a flash of cake, after a year and a half, it was repaired and forgotten forever.

5. The most important thing is that these attack technologies have two sides. One side may confront the protection technology, but the other side can become the protection technology itself, such as testing. The way out in the future may be a little wider at this point than in purely confrontation.

6. In addition, it is migrated to areas that are emerging but have not yet paid much attention to the security of the PC system.