Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Designing Secure APIs with State Machines

Designing Secure APIs with State Machines

Did you ever need to create an application whose behavior varies with its state, while still presenting a consistent interface to its callers? A good, layered design using state machines can help avoid the tedious 'if' checks for flags, and ensure that if your code runs at all, it will run with all the required values initialized. I will demonstrate this with examples, and talk about some available tools and libraries to build state machines in Python.

I will also discuss how to effectively use the process of threat modeling to build secure web applications. Threat modeling is a computer security technique that helps you better understand the systems you create, identify attacks, and build defenses. I will talk about things that we, as software developers, can do to assess the security of our applications in the real world through this process.

Ashwini Oruganti

May 20, 2017
Tweet

More Decks by Ashwini Oruganti

Other Decks in Programming

Transcript

  1. Designing Secure APIs with
    State Machines
    Ashwini Oruganti
    PyCon 2017

    View full-size slide

  2. twitter.com/_ashfall_
    Security Engineer, Docker
    < pyca/tls, Twisted >

    View full-size slide

  3. Problem
    Solution

    View full-size slide

  4. Forgot Password

    View full-size slide

  5. A single token belongs
    to a single user.

    View full-size slide

  6. Threat Modeling
    a computer security technique to help
    defenders understand their own systems
    and drive the process of building better
    defenses.
    -https://alexgaynor.net/2016/jul/29/intro-to-threat-modeling/

    View full-size slide

  7. Tokens should be generated
    via a cryptographically
    secure random number
    generator.

    View full-size slide

  8. Tokens should expire
    after use /
    a set period of time

    View full-size slide

  9. State happens.

    View full-size slide

  10. Complexity -> Bugs

    View full-size slide

  11. (Computer) Science!

    View full-size slide

  12. Hard to:
    * Test
    * Read
    * Debug
    * Change

    View full-size slide

  13. State Machines!

    View full-size slide

  14. A state machine is a piece of
    software that accepts input and then
    (usually) generates a deterministic
    (probably) output.

    View full-size slide

  15. Settings, values, data == “state”

    View full-size slide

  16. Maintainable

    View full-size slide

  17. Automated Testing

    View full-size slide

  18. STATES = [HAVE_PASSWORD, TOKEN_CREATED]
    INPUTS = [REQUEST_RESET, ENTER_PASSWORD]
    AT LEAST 4 CASES TO TEST.
    Enhanced Unit Testing

    View full-size slide

  19. How do I state machine in
    Python?

    View full-size slide

  20. Automat
    https://github.com/glyph/automat

    View full-size slide

  21. “Automat is designed from the
    perspective of a deep and abiding
    sense of shame”
    - Glyph, Author

    View full-size slide

  22. Q. How do I get the current state
    of a state machine?

    View full-size slide

  23. Q. How do I get the current state
    of a state machine?
    A. You don’t.

    View full-size slide

  24. If you are designing a system, threat
    modeling it as early as possible is ideal.

    View full-size slide

  25. Threat modeling forces you to look at
    all of your assets.

    View full-size slide

  26. Threat modeling forces you to identify
    how all of those assets are used.

    View full-size slide

  27. Threat modeling forces you to identify
    mutable state.

    View full-size slide

  28. If you find yourself writing a lot of if-else checks,
    Remember there’s one or more explicit State
    Machines to explore.
    To summarize:

    View full-size slide

  29. https://clusterhq.com/2013/12/05/
    what-is-a-state-machine/
    https://github.com/glyph/automat
    https://gist.github.com/markrwilliams/
    9caf35e2dc2dfa07f4f64af6a77ec170

    View full-size slide

  30. Thank You!
    twitter.com/_ashfall_
    State Machines Open Space:
    5pm @ b114

    View full-size slide