Better Call Saltzer \& Schroeder: A Retrospective Security Analysis of SolarWinds \& Log4j

TL;DR

This paper analyzes the SolarWinds and Log4j security incidents through the lens of Saltzer & Schroeder's principles, highlighting missed opportunities for better security design and proposing developer-focused interventions.

Contribution

It provides a retrospective security analysis of SolarWinds and Log4j, identifying unobserved security principles and exploring tools to improve secure software development practices.

Findings

Missed security principles in SolarWinds and Log4j incidents

Identification of developer tools for better security adherence

Proposed system-wide security interventions

Abstract

Saltzer \& Schroeder's principles aim to bring security to the design of computer systems. We investigate SolarWinds Orion update and Log4j to unpack the intersections where observance of these principles could have mitigated the embedded vulnerabilities. The common principles that were not observed include \emph{fail safe defaults}, \emph{economy of mechanism}, \emph{complete mediation} and \emph{least privilege}. Then we explore the literature on secure software development interventions for developers to identify usable analysis tools and frameworks that can contribute towards improved observance of these principles. We focus on a system wide view of access of codes, checking access paths and aiding application developers with safe libraries along with an appropriate security task list for functionalities.