Just testing...

May 28, 2007 13:51 GMT  ·  By

Attacking Windows Vista from all possible angles is perhaps the best way to describe the testing process associated with the Secure Development Lifecycle. Microsoft feels secure enough on the infrastructure of the operating system that it is touting Windows Vista as the most secure Windows platform. A major contributor to this status quo is the SDL. According to James A. Whittaker, Microsoft Security Architect, the Redmond Company implemented a three-pronged strategy during security testing. The company assessed the security level of the application's environment, the applications themselves and the adjacent functionality.

The relationship between environment and application is by no means predefined, on the contrary, it is subjected to variation. This is why during SDL testing, Microsoft has directed attacks at the components of the operating system, from the runtime libraries to the registry keys. "We train our testers to map out the environment, identify components subject to modification or variation and test as many configurations of these as possible. These attack scenarios are recognition that our applications work in unpredictable environments where we have to work out the trust relationships very carefully. It takes only one insecure component to put an entire machine or network at risk. We need to ensure that our own applications work securely despite the presence of these environment insecurities," Whittaker revealed.

Testing the application is synonymous with verifying program behavior when confronted with a range of malicious inputs. Microsoft tested Windows Vista against repeated exploits and targeted attacks. The testing scenarios involved a suite of known and documented malformed inputs. Windows Vista suffered intensive bombardment from malicious code, scripts, SQL queries, long strings and other such items. "Large scale automated testing comes into play here in a big way. Our goal is for our applications to be able withstand targeted and sustained attacks - whether it's a regression suite of past and potential exploits or fuzz testing using both random or format-aware logic," Whittaker explained.

Last but not least, Vista's functionality also came under scrutiny. The bottom line is that Microsoft ensured that it has bulletproofed the operating system against attacks designed to exploit its features. "We must look at our application's functionality and ask whether any of it can be 'turned against itself.' Are there ways that the software can be easily misconfigured?" Whittaker said. "Can security features be circumvented? Is there some function whose purpose is benign and even useful that under certain circumstances has undesirable consequences? A feature-by-feature assessment is necessary to ensure we've covered all the bases. "