nCipher Security Blog

Apps that go bump in the night

John Grimm | Vice President of Strategy and Business Development More About This Author >

Businesses are facing a ‘double whammy’ threat – attackers are not only going after applications themselves, but the platforms on which those applications run. The OWASP Top 10 list is an ongoing reminder of many different types of application flaws, and every latest/greatest security tool purports to be that last missing link to shoring up the security of your server and mobile platforms.

The majority of application security research focuses on the early stages of the app development lifecycle – making sure that developers create secure code with no natural flaws, followed by code analysis, to ensure that the design process has remained secure. In the wake of the increase in malware-based attacks, we should be looking beyond code creation, to guarantee secure code execution. How can we help ensure that the app is not at risk of corruption, or vulnerable to ‘eavesdropping’ or modification by rogue applications?

Purpose-built secure hardware is a tried and tested anchor of trust in the vast sea of untrusted software, though has not traditionally been used to provide application security. Innovative new capabilities to compile and execute code within an isolated, certified secure hardware environment – a Hardware Security Module (HSM) traditionally just known for key management and secure crypto processing – are changing the game.

Although hardware-based security may sound incongruous as a solution to software and cloud-based vulnerabilities, it’s important to remember that all virtualised workloads are deployed on a hardware platform, in a physical location, at one point in time. It’s all very well that the content of the HSMs is safe and sound, but the applications that ‘talk’ to the HSMs via APIs are clearly under increasing threat.

Bitcoin is a perfect example – the protocol for signing bitcoin transactions involves multiple stages. Even if the signatures are performed in an HSM, the temporary and transitory ‘secrets’ that make up the signature can be exposed to attackers as they are processed on host servers, before being passed on to the HSM.

If businesses are to maintain high assurance business processes, whilst simultaneously moving away from a reliance on physically trusted environments, they must be ready to re-think the traditional role of the HSM, and consider moving critical processes that could benefit from an additional and strong layer of protection inside its trusted perimeter.

To find out more, watch the Thales webinar "Applications that go bump in the night", presented with Derek Brink, Vice President Information Technology, Aberdeen Group.