Here is an archived document that Forum Systems published in 2002-2003 while architecting Forum Sentry, our flagship gateway product. We would like you to read this white paper to understand the importance of a security-first approach while building systems that exchange data between users and applications.
THE NEED FOR HARDWARE-BASED XML SECURITY
A few significant drivers for our architectural choices are obvious in the article. Here are snippets from the paper that predicted the risks as seen through Heartbleed. We encourage you to read the article to help future proof your IT infrastructure against catastrophic vulnerabilities.
The key-finding threat occurs in the following way: Typically, in a commercial Web server, the key is encrypted and stored within the server where it must be decrypted before it can be used. If a web server is compromised as a result of an attack, then an attacker can read the memory and can retrieve the private key.
The majority of security alerts are attributed to buffer overflow attacks against networking servers. This is one of the most devastating exploits. Even the widely used OpenSSL security library suffered a buffer overflow exploit.
“It is an embarrassment for the IT industry that we need a section with this title. Buffer overflow problems have been known for 40 years. Perfectly good solutions to avoid them have been available for the same amount of time. Some of the earliest higher-level programming languages, such as Algol 60, completely solved the problem by introducing mandatory array bounds checking. Even so, buffer overflows cause about half of the security problems of the Internet. And still people refuse to banish them by using better tools. We consider this criminal negligence. It is comparable to a car manufacturer making a gas tank out of waxed paper…” — Neils Ferguson and Bruce Schneier
A company evaluating hardware-based XML security device vendors should ensure that by introducing a device in their network, they are not introducing more security risks. Unfortunately, this topic is swept under the rug by most vendors. A company that is evaluating a security solution for XML must insist on learning from vendors how their implementation is protected from buffer overflow exploits.