Principle 3:Secure failure When systems fail,they should not revert to insecure behavior. Otherwise,attacker only need to invoke the right failure. Incorrect handling of unexpected errors is major cause of security breaches Example:careful handling of exceptions in JAAS (Java Authentication and Authorization Service)module code! isAdmin true;//enter Admin mode try something that may throw SomeException catch(SomeException ex){ /∥should we log? log.write(ex.toString()); /how should we proceed? isAdmin false; /∥or should we exit? } -CSE825 7CSE825 7 Principle 3: Secure failure When systems fail, they should not revert to insecure behavior. Otherwise, attacker only need to invoke the right failure. Incorrect handling of unexpected errors is major cause of security breaches Example: careful handling of exceptions in JAAS (Java Authentication and Authorization Service) module code! isAdmin = true; // enter Admin mode try { something that may throw SomeException } catch (SomeException ex) { // should we log? log.write(ex.toString()); // how should we proceed? isAdmin = false; // or should we exit? }