User Tools

Site Tools


secure_coding_guidelines

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
secure_coding_guidelines [2017/11/06 23:23]
Nathan Heldt-Sheller
secure_coding_guidelines [2017/11/06 23:23] (current)
Nathan Heldt-Sheller
Line 4: Line 4:
  
 ===== Strategic Approach ===== ===== Strategic Approach =====
-**Design with "​[[https://​en.wikipedia.org/​wiki/​Principle_of_least_privilege|Least Privileges]]"​ in mind.** ​ Code should have access to the minimum subset of data needed to perform its function.  For example, rather than passing a structure reference to a function that reads one member, instead provide a copy of just that member.+**Design with "​[[https://​en.wikipedia.org/​wiki/​Principle_of_least_privilege|Least Privileges]]"​ in mind.** ​ Code should have access to the minimum subset of data needed to perform its function.
  
 **Pay attention to the [[https://​en.wikipedia.org/​wiki/​Trusted_computing_base|Trusted Computing Base]] you are creating.** The Trusted Computing Base is the set of all components that must be "​trusted"​ in order to ensure the confidentiality and/or integrity of the system. ​ Roughly speaking, in IoTivity it is the hardware, software and firmware that either a) accesses critical data or b) performs a critical function. ​ **Our goal should always be to minimize the TCB.** Apply Least Privileges to reduce the size of the TCB wherever possible. **Pay attention to the [[https://​en.wikipedia.org/​wiki/​Trusted_computing_base|Trusted Computing Base]] you are creating.** The Trusted Computing Base is the set of all components that must be "​trusted"​ in order to ensure the confidentiality and/or integrity of the system. ​ Roughly speaking, in IoTivity it is the hardware, software and firmware that either a) accesses critical data or b) performs a critical function. ​ **Our goal should always be to minimize the TCB.** Apply Least Privileges to reduce the size of the TCB wherever possible.
secure_coding_guidelines.txt ยท Last modified: 2017/11/06 23:23 by Nathan Heldt-Sheller